You are here

Correction: The number of physical servers used as root servers in DNS is not 13

Submitted by kamal on Tue, 2023-05-09 11:05

About 4-5 years ago a training participant asked me if the number of physical servers that are used as root servers in DNS is 13. I said yes based on what I had heard somewhere close to year 2000. What I had said is incorrect.

As per the current setup, DNS uses 13 root servers that translate to a large number of physical servers scattered around the globe. They do however use 13 IPv4 addresses and 13 IPv6 addresses only. DNS resolver software uses what is called a "root hints file" to bootstrap the resolution process. Bind9 server software for example uses /etc/bind/db.root file for this purpose. Here's the content of the latest version of it as per the time of writing this page obtained from https://www.internic.net/domain/named.root :

;       This file holds the information on root name servers needed to 
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers). 
; 
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.cache 
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:     April 27, 2023
;       related version of root zone:     2023042701
; 
; FORMERLY NS.INTERNIC.NET 
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
; 
; FORMERLY NS1.ISI.EDU 
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     199.9.14.201
B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
; 
; FORMERLY C.PSI.NET 
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
; 
; FORMERLY TERP.UMD.EDU 
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
; 
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
; 
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
; 
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
; 
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
; 
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
; 
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
; 
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
; 
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
; 
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of file

So the names vary from a.root-servers.net to m.root-servers.net. 'A' records are for IPv4 and 'AAAA' records are for IPv6.

More information about root servers can be found at https://root-servers.org/. The site also shows the geographical distribution of root server instances on an interactive world map. Just below the map, a statement appears indicating the number of root server instances. Here's what I see as of writing this page:

"As of 2023-05-09 07:47:21, the root server system consists of 1699 instances operated by the 12 independent root server operators."

So 1699 root server instances are used. However, that doesn't appear to be the number of actual physical servers. Those "instances" could be clusters of physical servers. You can verify it for example by scrolling down the page at https://root-servers.org/, clicking on 'M' in the 'Root Servers' section and then clicking on the 'Homepage' link to access the homepage of the 'M Root DNS server' at https://m.root-servers.org/. The page says this:

"Each cluster of M-Root server system consists of a few active servers for enhancing performance and redundancy."

Taking into consideration this mapping of a cluster instance to multiple physical servers, the number of physical servers used as root servers would be more than 1699. The exact count? I don't know. Neither I tried to find those details since it is not really needed for many of us.

In fact, there had been 13 root server instances in the past even though I am not sure whether they included clusters. Perhaps what I heard was correct at the time I heard it but not correct at the time I answered the question. 13 had been the case before the use of Border Gateway Protocol (BGP) Anycast technology for root servers where the transition had happened in 2002. BGP Anycast allows multiple routes for the same IP address making it possible for multiple server instances associated with different routes to use the same IP address. One benefit of this is the faster interaction between clients and servers since a DNS client can connect to the closest root DNS server. Interaction becomes faster due to the reduced network latency. Another benefit is fall over so small scale failures will not affect the resolution process. A third benefit is load balancing which also provides a degree of protection for Distributed Denial of Service (DDoS) attacks.

The summary is that the number of physical servers used as root servers in the DNS is not limited to 13 even though the number of host names is limited to 13 and each of them have 1 IPv4 and 1 IPv6 address. The number of physical servers is way high.