You are here: Home > Analyse > DNS > K-root > FAQs

K-root FAQs

What is a root DNS server?

A root DNS server is a server that serves the DNS root or "." zone, operated by one of 12 independent root server operators. Without any previously cached information, DNS resolvers consult a root DNS server to find the nameservers for the top-level domain (TLD) of any query. As an example, when a packet needs to be sent to the IP address for www.ripe.net, the DNS resolver will first need to find the IP address of the DNS server for the "net" zone. This address for the "net" zone must be requested from a root DNS server. Keep in mind that, in real Internet traffic, almost all queries for the DNS root zone are answered from a DNS cache provided by a service provider.

What is a K-root hosted node?

A K-root hosted node is a small, rack-mounted server with well-defined hardware specifications, managed by the RIPE NCC, that serves your local network with a fresh copy of the DNS root zone.

Who can host a K-root node?

In principle, anyone who is interested can request to host a K-root node. However, we of course want to provide reliable and stable K-root DNS operations. We therefore expect requests to come from organisations that can host the server in a professionally run colocation environment, including reliable and redundant power facilities and appropriate physical security.

What are the benefits to my network of hosting a K-root node?

For most well-connected networks, the benefits of locally hosting a K-root node, or any other root DNS server, will be very modest - or even non-existent. Most queries for the root zone will be answered from a local cache, such as one hosted by your service provider or even by your own organisation. The very small fraction of queries for the root zone actually sent to a root DNS server may indeed be answered faster if you host a DNS server yourself. However, this will only have a noticeable impact in the case that your Internet traffic currently experiences a very long delay to reach the nearest DNS Root server.

What are the benefits to the Internet of hosting a K-root node in my network?

The root DNS system is already quite well distributed over several hundred locations. Therefore, the benefit of adding a single K-root instance to any network will have little impact on the global DNS as a whole. However, by distributing DNS root servers over a larger number of smaller networks, the DNS system as a whole becomes more resilient to some types of attacks. For example, a denial of service attack against the DNS system has a more localised impact in the presence of a larger number of locally hosted root DNS instances.

Will having a K-root node increase my network's performance?

As mentioned, the vast majority of queries for the root zone will be answered from a local cache. Any improvements in performance that you may notice will only apply to the small fraction of queries that are actually sent upstream to a DNS root server. Generally, you should not expect any noticeable performance improvement.

Will a K-root node in my network improve the resiliency of DNS resolution in my network?

The design and implementation of the DNS system as a whole is already extremely resilient. However, depending on the resiliency of the upstream connections from your own network, it is possible that your network could become disconnected from the larger Internet and the root servers there. In some cases your clients may still be able to exchange traffic locally. When your network remains disconnected from its upstreams for a period of hours to days, the cached information for the root zone will gradually become invalid and your clients may start to notice a gradually increasing number of failing queries, including those for local destinations. In this particular case, hosting a K-root node locally may increase the time before the cached information about the root zone becomes invalid. In this limited way, a locally hosted K-root node may slightly improve your DNS resiliency. However, it must be noted that, even though the root zone information may be available for a somewhat longer time, cached information for important top-level domains (for example "com", "net" and important ccTLD's for your clients) will also start to become invalid. Therefore, in practice, your end users will still notice failing queries for local traffic in the case that the disconnection persists for longer periods.

Will a K-root node in my network improve response times for DNS queries in my network?

Your network currently may experience long response times for queries to the root servers. This may, for example, be caused by a very large geographical distance to the nearest root server, or by congested uplink connectivity from your network. In this case, hosting a K-root node locally may improve response times for queries for the root zone. However, you must keep in mind that only a very small fraction of queries for the root zone are actually answered by the root servers; most of these queries will be answered from local caches. Also, for real Internet traffic, the queries to important TLDs will also be impacted by your upstream connectivity. Therefore, again, the actual improvements to overall DNS response will be very limited, or even unnoticeable.

Will having a K-root hosted node decrease upstream bandwidth for my network?

As explained above, only a very small percentage of queries for the root zone are actually sent to the root servers. Therefore, hosting a K-root node will not impact your upstream bandwidth use in any noticeable way.

How will the K-root server be operated? Will I have access to the K-root system?

The RIPE NCC will manage the server remotely. Your staff will have no access to the K-root server itself.

How will the K-root anycast prefixes be originated? Will I source the K-root prefixes from my ASN?

The K-root node will have a BGP peering with one of your BGP-speaking routers. The K-root server will advertise the K-root anycast prefixes from AS25152 to your router. Your router needs to propagate the K-root prefixes to your clients. In the case that the RIPE NCC observes problems with the hosted node or its reachability, our server will withdraw the prefixes in order to redirect traffic to other root DNS servers.

Will I have to run this K-root node forever?

The intention is that K-root services are reliable and stable. This means that we expect a K-root hosted node to be a long-term commitment for both the host and the RIPE NCC, as stated in the MoU we ask hosts to sign. However, it is possible for both the RIPE NCC and the host to terminate the MoU and the K-root hosted node if this is deemed necessary by either party.

Will the RIPE NCC be able to cancel this K-root node if they want to?

The intention is that K-root services remain reliable and stable. As such, we expect a K-root hosted node to be a long-term commitment for both the host and the RIPE NCC, and ask hosts to sign an MoU to this extent. However, it is possible for both the RIPE NCC and the host to terminate the MoU and the K-root node if this is deemed necessary by either party. In the case that the RIPE NCC observes problems with the hosted node or its reachability, our server will withdraw the prefix in order to redirect traffic to other root DNS servers.

Will I have to pay the RIPE NCC for managing a K-root hosted node on my network?

No, the RIPE NCC does not charge any fees for managing the K-root hosted node. However, you will have to purchase a server according to our specifications to run the K-root hosted node.

Will the RIPE NCC cover my initial or ongoing operational costs for hosting a K-root node?

No, the RIPE NCC will not contribute to either purchasing costs or any ongoing costs for a K-root hosted node.

More information

For further explanation of the DNS system as a whole, including the role of the root servers, please read this excellent explanation:
http://www.internetsociety.org/internet-domain-name-system-explained-non-experts-daniel-karrenberg

You can also find a more detailed list of questions about root DNS name servers in general here:
http://www.internetsociety.org/dns-root-name-server-frequently-asked-questions