A DNS root server is the first stop in a DNS lookup.
What is a DNS root server?
The administration of the Domain Name System (DNS) is structured in a hierarchy using different managed areas or “zones”, with the root zone at the very top of that hierarchy. Root servers are DNS nameservers that operate in the root zone. These servers can directly answer queries for records stored or cached within the root zone, and they can also refer other requests to the appropriate Top Level Domain (TLD) server. The TLD servers are the DNS server group one step below root servers in the DNS hierarchy, and they are an integral part of resolving DNS queries.
During an uncached DNS query, whenever a user enters a web address into their browser, this action triggers a DNS lookup, and all DNS lookups start at the root zone. Once the lookup hits the root zone, the lookup will then travel down the hierarchy of the DNS system, first hitting the TLDs servers, then the servers for specific domains (and possibly subdomains) until it finally hits the authoritative nameserver for the correct domain, which contains the numerical IP address of the website being sought. This IP address is then returned to the client. Interestingly, despite the number of steps required, this process can happen very quickly.
Root servers are an essential part of the Internet’s infrastructure; web browsers and many other Internet tools would not work without them. 13 different IP addresses serve the DNS root zone, and hundreds of redundant root servers exist around the globe to handle requests to the root zone.
Why are there only 13 DNS root server addresses?
A common misconception is that there are only 13 root servers worldwide. In reality, there are many more, but still, only 13 IP addresses are used to query the different root server networks. Limitations in the original architecture of DNS require there to be a maximum of 13 server addresses in the root zone. In the early days of the Internet, there was only one server for each of the 13 IP addresses, most of which were in the United States.
Today, each of the 13 IP addresses has several servers, which use Anycast routing to distribute requests based on load and proximity. Right now, there are over 600 different DNS root servers distributed across every populated continent on Earth.
Who operates DNS root servers?
The Internet Corporation for Assigned Names and Numbers (ICANN) operates servers for one of the 13 IP addresses in the root zone and delegated operation of the other 12 IP addresses to various organizations, including NASA, the University of Maryland, and Verisign, which is the only organization that operates two of the root IP addresses.
How do resolvers find DNS root servers?
Since the DNS root zone is at the top of the DNS hierarchy, recursive resolvers cannot be directed to them in a DNS lookup. Because of this, every DNS resolver has a list of the 13 IP root server addresses built into its software. Whenever a DNS lookup is initiated, the recursor communicates with one of those 13 IP addresses.
What happens if a DNS root server becomes unavailable?
Thanks to Anycast routing and heavy redundancy, the root servers are very reliable. But on rare occasions, a root server will have to update its IP address. In this case, recursive resolvers can continue using the other 12 IP addresses in the root zone to perform DNS lookups until their software is updated with the correct addresses of all 13 servers. Since resolvers will retry until they reach a working root server, there is no disruption to the normal operations of the Internet when one root server is down.