Root servers

From FreeBSDwiki
Revision as of 15:22, 21 May 2006 by Jimbo (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The root servers are the top tier of nameservers which contain the necessary information to resolve each of the top level domains of the internet. There are currently several clusters of root servers. Within each cluster, the member servers are spread out geographically both to minimize latency and to maximize fault tolerance for the internet as a whole. The separate clusters service separate top level domains; if you initially query a root server which is not a member of the proper cluster it will give you the IP address of a server in the correct cluster.

Once given this address, you repeat your query to that server. If you are still not in the right cluster to provide authoritative answers for the top level domain, you will be forwarded again, and repeat your query again. Once you arrive at the authoritative nameserver for your top level domain, you repeat your query to it, and it will point you to the authoritative nameserver for the second level domain. This process can continue once or more for every subdomain level of the URL you wish to resolve.

For example, when you visited, either your own nameserver or your ISP's nameserver had to first resolve the A record to an IP address, by starting from the root servers and working its way downward. At each step, it had to ask a progressively lower-hierarchy server the same question: where is Finally, the buck was passed all the way down to the bottom, and it got its final answer.

That process can be repeated on the command line with the DNS tool dig, and simplified a little, it looks a lot like this:

workstation# dig
        ;; ->>HEADER<<- QUERY: 1, status: NOERROR, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14
        ;; ADDITIONAL SECTION:     172800  IN      A

First, we ask (which we found in the root hint file) where to find It didn't know the answer, but it did know you should be asking one of the gtld-servers about the .net TLD - so it told you that it knew an NS (nameserver record) for the .net part of your URL. And since it figured you would just come right back and pester it for directions to that NS record anyway, it volunteered the corresponding A record, which contained its actual IP address, without making you specifically ask for it.

workstation# dig
        ;; ->>HEADER<<- QUERY: 1, status: NOERROR, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
        ;; ADDITIONAL SECTION:     172800  IN      A

Following directions, next we ask the exact same question - but it doesn't know the answer either. However, it does know that the authoritative nameserver (NS) for - the second level domain of the - is And just like, it gave you the corresponding A record before you could even ask. Next step:

workstation# dig
        ;; ->>HEADER<<- QUERY: 1, status: NOERROR, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
        ;; ANSWER SECTION:           300  IN      A

Now we ask for the exact same thing - But since is authoritative for both the third (www) and second (freebsdwiki) level subdomains of the .net top level domain, we don't get handed off to anybody else. This time, we are given the final answer to our query. And now that the DNS resolver has the A record for, it extracts from it, hands that to your web browser, which then fetches the web page, and here you are.

Personal tools