Extensions Extension Products
Extensions Extension Products
Extensions Extension Products

DNS Root Server

A DNS root server is the first stop in a DNS lookup.

DNS Root Server

Learning Objectives

After reading this article you will be able to:

  • Define a DNS root server
  • Understand how the 13 root server networks are distributed worldwide
  • Outline how a resolver communicates with root servers

What is a DNS root server?

The administration of the Domain Name System (DNS) is structured in a hierarchy using different managed areas or “zones”, with the root zone at the very top of that hierarchy. Root servers are DNS nameservers that operate in the root zone. These servers can directly answer queries for records stored or cached within the root zone, and they can also refer other requests to the appropriate Top Level Domain (TLD) server. The TLD servers are the DNS server group one step below root servers in the DNS hierarchy, and they are an integral part of resolving DNS queries.

DNS Heirarchy

During an uncached DNS query, whenever a user enters a web address into their browser, this action triggers a DNS lookup, and all DNS lookups start at the root zone. Once the lookup hits the root zone, the lookup will then travel down the hierarchy of the DNS system, first hitting the TLDs servers, then the servers for specific domains (and possibly subdomains) until it finally hits the authoritative nameserver for the correct domain, which contains the numerical IP address of the website being sought. This IP address is then returned to the client. Interestingly, despite the number of steps required, this process can happen very quickly.

Root servers are an essential part of the infrastructure of the Internet; web browsers and many other Internet tools would not work without them. There are 13 different IP addresses that serve the DNS root zone, and hundreds of redundant root servers exist around the globe to handle requests to the root zone.

Why are there only 13 DNS root server addresses?

A common misconception is that there are only 13 root servers in the world. In reality there are many more, but still only 13 IP addresses used to query the different root server networks. Limitations in the original architecture of DNS require there to be a maximum of 13 server addresses in the root zone. In the early days of the internet, there was only one server for each of the 13 IP addresses, most of which were located in the United States.

Today each of the 13 IP addresses has several servers, which use Anycast routing to distribute requests based on load and proximity. Right now there are over 600 different DNS root servers distributed across every populated continent on earth.

Who Has Authority Over DNS Root Servers?

Ultimate authority over the root zone belongs to the National Telecommunications and Information Administration (NTIA), which is a part of the US Department of Commerce. The NTIA delegates management of the root zone to the Internet Corporation for Assigned Names and Numbers (ICANN).

ICANN operates servers for one of the 13 IP addresses in the root zone and delegates operation of the other 12 IP addresses to various organizations including NASA, the University of Maryland, and Verisign, which is the only organization that operates two of the root IP addresses. Cloudflare actually helps provide DNS Anycast services to one of the root servers known as the F-Root; Cloudflare supplies additional F-Root instances under contract with ISC (the F-Root operator). Learn more about how Cloudflare supports the F-Root.

How do resolvers find DNS root servers?

Since the DNS root zone is at the top of the DNS hierarchy, recursive resolvers cannot be directed to them in a DNS lookup. Because of this, every DNS resolver has a list of the 13 IP root server addresses built into its software. Whenever a DNS lookup is initiated, the recursor’s first communication is with one of those 13 IP addresses.

What happens if a DNS root server becomes unavailable?

Thanks to the use of Anycast routing and heavy redundancy, the root servers are very reliable. But on rare occasions a root server will have to update its IP address. In this case, recursive resolvers can continue using the other 12 IP addresses in the root zone to perform DNS lookups until their software is updated with the correct addresses of all 13 servers. Since all the root servers are able to forward DNS requests to TLD servers, there is no disruption to the normal operations of the Internet when one root server is down. Learn more about how Cloudflare DNS uses Anycast routing to improve reliability.