96:
access to the DNS. For this purpose, operating systems or DNS servers or resolver software packages typically include a file with all addresses of the DNS root servers. Even if the IP addresses of some root servers change, at least one is needed to retrieve the current list of all name servers. This
200:
that the United States and its allies had engaged in surveillance. The chairman of the board of ICANN denied the two were connected, however, and said the transition process had been ongoing for a long time. ICANN president Fadi Chehadé called the move historic and said that ICANN would move toward
191:
In 1997, when the
Internet was transferred from U.S. government control to private hands, NTIA exercised stewardship over the root zone. A 1998 Commerce Department document stated the agency was "committed to a transition that will allow the private sector to take leadership for DNS management" by
208:
The proposal was adopted, and ICANN's renewed contract to perform the IANA function lapsed on
September 30, 2016, resulting in the transition of oversight responsibility to the global stakeholder community represented within ICANN's governance structures. As a component of the transition plan, it
152:
are hosted in multiple secure sites with high-bandwidth access to accommodate the traffic load. At first, all of these installations were located in the United States; however, the distribution has shifted and this is no longer the case. Usually each DNS server installation at a given site is a
60:
A combination of limits in the DNS definition and in certain protocols, namely the practical size of unfragmented User
Datagram Protocol (UDP) packets, resulted in a practical maximum of 13 root name server addresses that can be accommodated in DNS name query responses. However the root zone is
128:
and email, are based on domain names. The DNS servers are potential points of failure for the entire
Internet. For this reason, multiple root servers are distributed worldwide. The DNS packet size of 512 octets limits a DNS response to thirteen addresses, until protocol extensions
195:
According to
Assistant Secretary of Commerce for Communications and Information, Lawrence E. Strickling, March 2014 was the right time to start a transition of the role to the global Internet community. The move came after pressure in the fallout of
656:"Proposal to Transition the Stewardship of the Internet Assigned Numbers Authority (IANA) Functions from the U.S. Commerce Department's National Telecommunications and Information Administration (NTIA) to the Global Multistakeholder Community"
204:
NTIA's announcement did not immediately affect how ICANN performs its role. On March 11, 2016, NTIA announced that it had received a proposed plan to transition its stewardship role over the root zone, and would review it in the next 90 days.
250:
While the root zone file is signed with DNSSEC, some DNS records, such as NS records, are not covered by DNSSEC signatures. To address this weakness, a new DNS Resource Record, called ZONEMD, was introduced in
133:) lifted this restriction. While it is possible to fit more entries into a packet of this size when using label compression, thirteen was chosen as a reliable limit. Since the introduction of
842:
46:
37:
Before
October 1, 2016, the root zone had been overseen by the Internet Corporation for Assigned Names and Numbers (ICANN) which delegates the management to a subsidiary acting as the
192:
the year 2000, however, no steps to make the transition happen were taken. In March 2014, NTIA announced it would transition its stewardship to a "global stakeholder community".
197:
522:
116:
With the address of a single functioning root server, all other DNS information may be discovered recursively, and information about any domain name may be found.
73:
of the
Internet. Thus, every name resolution either starts with a query to a root server or uses information that was once obtained from a root server.
172:, is represented by 104 (as of January 2016) individual server systems located around the world, which can be queried using anycast addressing.
838:
235:
422:
209:
created a new subsidiary called Public
Technical Identifiers (PTI) to perform the IANA functions which include managing the DNS root zone.
181:
38:
694:
153:
cluster of computers with load-balancing routers. A comprehensive list of servers, their locations, and properties is available at
655:
255:. ZONEMD doesn't replace DNSSEC. ZONEMD and DNSSEC must be used together to ensure the full protection of the DNS root zone file.
530:
201:
multi-stakeholder control. Various prominent figures in
Internet history not affiliated with ICANN also applauded the move.
910:
130:
898:
932:
864:
916:
552:
384:
231:
93:
784:
164:
addressing and routing to provide resilience and load balancing across a wide geographic area. For example, the
496:
314:"Stewardship of IANA Functions Transitions to Global Internet Community as Contract with U.S. Government Ends"
124:
The root DNS servers are essential to the function of the
Internet, as most Internet services, such as the
50:
34:
is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.
629:
84:. To resolve these names into addresses, a DNS resolver must first find an authoritative server for the
69:
The DNS root zone is served by thirteen root server clusters which are authoritative for queries to the
566:
180:
The content of the Internet root zone file is coordinated by a subsidiary of ICANN which performs the
284:
785:"[dns-operations] Root zone operational announcement: introducing ZONEMD for the root zone"
89:
54:
359:
904:
858:
294:
138:
606:
279:
149:
70:
339:
698:
344:
145:, previous practices are being modified and extra space is filled with IPv6 name servers.
313:
230:
for the Domain Name System that can in turn be used to provide a trust anchor for other
743:
125:
805:
926:
697:. Internet Corporation For Assigned Names and Numbers. April 18, 2010. Archived from
105:
name server reference implementation. The current official version is distributed by
427:
267:
239:
227:
45:. Prior to this, ICANN performed management responsibility under oversight of the
234:(PKI). The root zone DNSKEY section is re-signed periodically with the root zone
824:
817:
258:
The ZONEMD deployment for the DNS root zone was completed on December 6, 2023.
188:
generates and distributes the zone file to the various root server operators.
609:. National Telecommunications and Information Administration. August 17, 2015
474:
61:
serviced by several hundred servers at over 130 locations in many countries.
878:
761:
D. Wessels; P. Barber; M. Weinberg; W. Kumari; W. Hardaker (February 2021).
526:
452:
762:
720:
252:
185:
169:
110:
42:
839:"NTIA announces intent to transition key internet domain name functions"
157:. As of 24 June 2023, there were 1708 root servers worldwide.
17:
888:
161:
392:
893:
223:
553:"DNS Root Servers: The most critical infrastructure on the internet"
289:
106:
423:"In sudden announcement, US to give up control of DNS root zone"
142:
134:
102:
672:
883:
592:
238:
performed in a verifiable manner in front of witnesses in a
154:
92:, the address of at least one root server must be known for
570:
889:
IANA's Authoritative Database of TLDs on the DNS Root Zone
843:
National Telecommunications and Information Administration
634:
National Telecommunications and Information Administration
47:
National Telecommunications and Information Administration
913:, More root server instances outside the U.S. than inside
673:"Root DNSSEC: Information about DNSSEC for the Root Zone"
385:"DNS root servers in the world « stupid.domain.name"
723:. Internet Assigned Numbers Authority. November 12, 2015
266:
The B-Root DNS servers offer experimental support for
222:
Since July 2010, the root zone has been signed with a
806:"B-Root Offers Experimental Support for DNS over TLS"
675:. Internet Corporation For Assigned Names and Numbers
76:The root servers clusters have the official names
57:represented within ICANN's governance structures.
242:. The KSK2017 with ID 20326 is valid as of 2020.
53:. Oversight responsibility transitioned to the
827:– IAB Technical Comment on the Unique DNS Root
41:(IANA). Distribution services are provided by
894:ICANN's Root Server System Advisory Committee
523:"Why There Are Only 13 DNS Root Name Servers"
8:
744:"Adding ZONEMD Protections to the Root Zone"
820:– Root Name Server Operational Requirements
630:"Reviewing the IANA Transition Proposal"
567:"Root Servers Technical Operations Assn"
907:, paper on root server location problem
763:"RFC 8976 Message Digest for DNS Zones"
593:"Root Server Technical Operations Assn"
516:
514:
305:
49:(NTIA), an agency of the United States
856:
636:. United States Department of Congress
521:Bradley Mitchell (November 19, 2008).
497:"SANS Institute InfoSec Reading Room"
416:
414:
412:
410:
7:
447:
445:
333:
331:
783:Wessels, Duane (December 6, 2023).
182:Internet Assigned Numbers Authority
39:Internet Assigned Numbers Authority
919:Continuously verified and updated.
607:"An Update on the IANA Transition"
25:
742:Wessels, Duane (April 18, 2023).
421:Farivar, Cyrus (March 14, 2014).
555:. Slash Root. November 15, 2013.
213:Data protection of the root zone
131:see Extension Mechanisms for DNS
360:"There are not 13 root servers"
226:signature, providing a single
1:
477:. InterNIC. November 17, 2015
338:Jerry Brito (March 5, 2011).
65:Initialization of DNS service
841:. Office of Public Affairs.
55:global stakeholder community
160:The modern trend is to use
949:
917:List of public DNS servers
232:public key infrastructure
155:https://root-servers.org/
218:Signing of the root zone
120:Redundancy and diversity
97:address file is called
863:: CS1 maint: others (
628:Strickling, Lawrence.
168:server, maintained by
51:Department of Commerce
901:, on DNS Root Servers
721:"Root KSK Ceremonies"
340:"ICANN vs. the World"
695:"First KSK Ceremony"
395:on February 11, 2021
285:Alternative DNS root
240:key signing ceremony
88:zone. To avoid this
270:(DoT) on port 853.
90:circular dependency
933:Domain Name System
389:stupid.domain.name
184:(IANA) functions.
166:j.root-servers.net
82:m.root-servers.net
78:a.root-servers.net
27:Top-level DNS zone
701:on April 14, 2015
533:on March 18, 2014
316:. October 1, 2016
295:Internet backbone
150:root name servers
139:Internet Protocol
71:top-level domains
16:(Redirected from
940:
884:root-servers.org
868:
862:
854:
852:
850:
845:. March 14, 2014
810:
809:
802:
796:
795:
793:
791:
780:
774:
773:
771:
769:
758:
752:
751:
739:
733:
732:
730:
728:
717:
711:
710:
708:
706:
691:
685:
684:
682:
680:
669:
663:
662:
660:
652:
646:
645:
643:
641:
625:
619:
618:
616:
614:
603:
597:
596:
589:
583:
582:
580:
578:
573:on June 24, 2023
569:. Archived from
563:
557:
556:
549:
543:
542:
540:
538:
529:. Archived from
518:
509:
508:
506:
504:
493:
487:
486:
484:
482:
471:
465:
464:
462:
460:
449:
440:
439:
437:
435:
418:
405:
404:
402:
400:
391:. Archived from
381:
375:
374:
372:
370:
356:
350:
349:
335:
326:
325:
323:
321:
310:
280:Root name server
137:, the successor
21:
948:
947:
943:
942:
941:
939:
938:
937:
923:
922:
875:
855:
848:
846:
837:
834:
832:Further reading
813:
804:
803:
799:
789:
787:
782:
781:
777:
767:
765:
760:
759:
755:
741:
740:
736:
726:
724:
719:
718:
714:
704:
702:
693:
692:
688:
678:
676:
671:
670:
666:
658:
654:
653:
649:
639:
637:
627:
626:
622:
612:
610:
605:
604:
600:
591:
590:
586:
576:
574:
565:
564:
560:
551:
550:
546:
536:
534:
520:
519:
512:
502:
500:
495:
494:
490:
480:
478:
473:
472:
468:
458:
456:
451:
450:
443:
433:
431:
420:
419:
408:
398:
396:
383:
382:
378:
368:
366:
358:
357:
353:
337:
336:
329:
319:
317:
312:
311:
307:
303:
276:
264:
248:
236:key signing key
220:
215:
178:
122:
67:
28:
23:
22:
15:
12:
11:
5:
946:
944:
936:
935:
925:
924:
921:
920:
914:
908:
902:
896:
891:
886:
881:
879:Root Zone File
874:
873:External links
871:
870:
869:
833:
830:
829:
828:
821:
812:
811:
797:
775:
753:
734:
712:
686:
664:
647:
620:
598:
584:
558:
544:
510:
488:
466:
453:"Root Servers"
441:
406:
376:
351:
327:
304:
302:
299:
298:
297:
292:
287:
282:
275:
272:
263:
260:
247:
244:
219:
216:
214:
211:
177:
174:
126:World Wide Web
121:
118:
66:
63:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
945:
934:
931:
930:
928:
918:
915:
912:
909:
906:
903:
900:
897:
895:
892:
890:
887:
885:
882:
880:
877:
876:
872:
866:
860:
844:
840:
836:
835:
831:
826:
822:
819:
815:
814:
807:
801:
798:
786:
779:
776:
764:
757:
754:
749:
748:Verisign Blog
745:
738:
735:
722:
716:
713:
700:
696:
690:
687:
674:
668:
665:
661:. March 2016.
657:
651:
648:
635:
631:
624:
621:
608:
602:
599:
594:
588:
585:
572:
568:
562:
559:
554:
548:
545:
532:
528:
524:
517:
515:
511:
498:
492:
489:
476:
475:"named.cache"
470:
467:
454:
448:
446:
442:
430:
429:
424:
417:
415:
413:
411:
407:
394:
390:
386:
380:
377:
365:
364:www.icann.org
361:
355:
352:
347:
346:
341:
334:
332:
328:
315:
309:
306:
300:
296:
293:
291:
288:
286:
283:
281:
278:
277:
273:
271:
269:
261:
259:
256:
254:
246:ZONEMD record
245:
243:
241:
237:
233:
229:
225:
217:
212:
210:
206:
202:
199:
193:
189:
187:
183:
175:
173:
171:
167:
163:
158:
156:
151:
146:
144:
140:
136:
132:
127:
119:
117:
114:
112:
108:
104:
100:
95:
94:bootstrapping
91:
87:
83:
79:
74:
72:
64:
62:
58:
56:
52:
48:
44:
40:
35:
33:
32:DNS root zone
19:
911:CirlceID.com
899:CircleID.com
847:. Retrieved
800:
788:. Retrieved
778:
766:. Retrieved
756:
747:
737:
727:November 17,
725:. Retrieved
715:
703:. Retrieved
699:the original
689:
677:. Retrieved
667:
650:
638:. Retrieved
633:
623:
613:November 17,
611:. Retrieved
601:
587:
575:. Retrieved
571:the original
561:
547:
535:. Retrieved
531:the original
501:. Retrieved
491:
481:November 17,
479:. Retrieved
469:
457:. Retrieved
432:. Retrieved
428:Ars Technica
426:
397:. Retrieved
393:the original
388:
379:
367:. Retrieved
363:
354:
343:
320:December 25,
318:. Retrieved
308:
268:DNS over TLS
265:
262:DNS over TLS
257:
249:
228:trust anchor
221:
207:
203:
194:
190:
179:
165:
159:
147:
123:
115:
98:
85:
81:
77:
75:
68:
59:
36:
31:
29:
705:October 19,
459:January 17,
399:January 18,
369:January 18,
198:revelations
99:named.cache
301:References
176:Management
905:CAIDA.org
849:March 15,
823:RFC
816:RFC
790:March 10,
768:March 10,
679:March 19,
537:March 17,
527:About.com
503:March 17,
434:March 15,
927:Category
859:cite web
577:June 29,
274:See also
253:RFC 8976
186:Verisign
170:Verisign
111:InterNIC
43:Verisign
18:DNS root
640:May 26,
162:anycast
101:in the
499:. SANS
455:. IANA
224:DNSSEC
659:(PDF)
290:AS112
107:ICANN
865:link
851:2014
825:2826
818:2870
792:2024
770:2024
729:2015
707:2014
681:2014
642:2016
615:2015
579:2023
539:2014
505:2014
483:2015
461:2020
436:2014
401:2018
371:2018
345:Time
322:2017
148:The
143:IPv4
135:IPv6
103:BIND
30:The
141:to
109:'s
86:net
80:to
929::
861:}}
857:{{
746:.
632:.
525:.
513:^
444:^
425:.
409:^
387:.
362:.
342:.
330:^
113:.
867:)
853:.
808:.
794:.
772:.
750:.
731:.
709:.
683:.
644:.
617:.
595:.
581:.
541:.
507:.
485:.
463:.
438:.
403:.
373:.
348:.
324:.
129:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.