Follow Slashdot stories on Twitter


Forgot your password?
The Internet United States

DNS Root Servers Outside US Surpass Those Inside 333

penciling_in writes "Paul Rendek, head of member services and communica of RIPE Network Coordination Centre (RIPE NCC) has reported on CircleID that: 'For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server.' In the same report, Daniel Karrenberg, Chief Scientist of the RIPE NCC says: 'We monitor the quality of the root name service from more than 50 locations worldwide, and we publish the results for everyone to see.'"
This discussion has been archived. No new comments can be posted.

DNS Root Servers Outside US Surpass Those Inside

Comments Filter:
  • Er (Score:5, Funny)

    by millisa ( 151093 ) on Wednesday January 28, 2004 @10:29PM (#8119889)
    So it was a K-raut K-root server that tipped the balance?

    *dodges the thrown fruit*
  • by Anonymous Coward on Wednesday January 28, 2004 @10:29PM (#8119890)
    The number of countries outside the U.S. outnumber the number of countries inside the U.S.
  • Damnit! (Score:5, Funny)

    by Jin Wicked ( 317953 ) on Wednesday January 28, 2004 @10:31PM (#8119899) Homepage Journal

    I just changed bloody hosts three days ago and my DNS still isn't completely changed over! Now I find out it's because all the new servers are farting around in Frankfurt! Great, just great! =)~

  • by toddestan ( 632714 ) on Wednesday January 28, 2004 @10:34PM (#8119919)
    Sure, there may be more DNS root servers outside the US, but it would seem that Verisign still has exclusive rights to muck around with them. So what's the big deal?
    • The .com and .net servers are not the same as the root servers.
    • As i stated in the past the only reason verisign, ICANN or anyone else has DNS power is because everyone agrees to use their standard.. well.. not everybody ;) there is a choice in the matter [] anyone who wants to run a DNS server can do so and can map domains to whatever IP address they like... it's just that issuing conflicting domain names on different servers benifits nobody and makes things worse for everyone
    • by rs79 ( 71822 ) <> on Wednesday January 28, 2004 @11:37PM (#8120353) Homepage

      In the bad old days you and you alone were in control of name resolution. For those of you without receding and/or grey hairlines who may not know or remember this, you had a file called hosts.txt that contained all the mappings of names to IPs. That, obviously, didn't scale and DNS was developed and was widely deployed by about 86 or so.

      The one big gotcha with DNS is it takes control out of your hands. That is, you may have your own DNS server locally, but you traditionally refer to other servers that serve up the root zone that tells your DNS server where all the TLD servers are. Somewhere along the line the decision was made to use other machines, not your own, for this.

      This is wrong for many reasons:

      1. It's slower than if you have your own local copy of the root zone
      2. it's a point of failure you can live without - a DDOS on the legacy roots shouldn't take you down
      3. it provides a political point of capture - he who controls the root controls all the DNS namespace, and it's currently under the aegis of the trademark lobby under the guise of an incompetant and gutless wonder we jokingly refer to as "ICANN []".

      But there are ways around this. The easiest if is you static route the 13 root server IPs to your own nameserver. Then you can run an unmodified copt of the legacy root zone [] on your own nameserver and the US government root servers can be backhoed or DDOS'd and you wouldn't even notice. ISP's are starting to figure this out, especiallly ones with expensive longhaul connections.

      Or, you can modify your nameserver to declare youtself primary for the root zone (which you've dutifully downloaded) and edit out the declarations for "." in the legacy root zone.

      Or you can use the ORSC root zone []. If it's good enough for two ICANN board members, it's good enough for you.

      Whatever you do, for God's sake dump bind [] and use DJBDNS []. It really is so much better it's just not funny.

      • Well, in a typical environment you're not talking to the root servers at all, but rather sending a recursive DNS query to an intermediate DNS server. This will be faster than handling the root zone yourself in many cases as your intermediate DNS server can handle many clients (see large ISP) and cache results.
        • I dunno what typical is or means. Even on a lowly W98 box I put Simple DNS+ [] ($35) or, better, BIND PE [] (free) on it. And they will query the root servers to find where the pointers to say, .TH or .SK are.

          Probably you mean most people just use their ISP's DNS servers. This is usualy not a terrific idea as most of these blow dead goats.

          If you have a spare 386 or higher, deploy it as a dedicated DNS server (under Windows or *nix, it does't matter), primary the root on it and watch everything you do get just a
      • A testimonial (Score:4, Informative)

        by karl.auerbach ( 157250 ) on Thursday January 29, 2004 @03:49AM (#8121580) Homepage
        I've been using the ORSC root zone and its servers for several years. I have not noticed any outages or problems - oops, yes there was a problem once - it was when ICANN decided to create a .biz of its own even though there was one already running.
  • by Faust7 ( 314817 ) on Wednesday January 28, 2004 @10:36PM (#8119937) Homepage
    "Service quality and security is not always proportional to money spent."

    Time until someone makes a Windows-Linux parallel: 5... 4...
  • The US... (Score:3, Insightful)

    by Pathway ( 2111 ) <> on Wednesday January 28, 2004 @10:36PM (#8119941)
    Cool. This is as it should be, too.. As the rest of the world gets on the net, we'll se the US further down the list, I'm sure.
  • by qortra ( 591818 ) on Wednesday January 28, 2004 @10:37PM (#8119948)
    I'm an American, and I love the US, but the imbalance of the internet towards the US has always bothered me. To me, it always has seemed that it should be a completely global venture, and be supported fairly evenly throughout the globe.

    DNS servers are probably a good indicator of internet usage/participation and the fact that other countries are catching up is a good thing; however, just shy of half of the DNS servers are still in the US. That's pretty sad considering we represent less than 5% of the global population. Here's to hoping other countries continue to grow in their participation.

    Also, I hope Babelfish improves as globalizations continues.....
    • I've also found it sad that while the internet is a global service, many TLDs (namely .gov .edu) are US centric. Some countries right now use a .gov.TLDcc title for their government uses, I don't see why it couldn't have been
      • by aled ( 228417 ) on Wednesday January 28, 2004 @10:50PM (#8120055)
        perhaps, just perhaps, other countries don't speak english and gov means absolute nothing.
        I think that USA has a .us domain, it's just also the default domain. So is really
        Of course you didn't want to mean that USA rules the world. Eh... you don't, no?
        • Other countries might not speak english, but they still get assigned english TLDs, so wouldn't be a stretch. For example, why is Japan .jp instead of .nh, when germany got .dk?
        • Of course you didn't want to mean that USA rules the world. Eh... you don't, no?

          Well, it kinda does.

          Our "friends" get to ignore UN resolutions, while our "enemies" get killed faster than a baby at planned parenthood.

          The Internet is now a truly global communications medium, but its humble beginnings were for the communication of the US military.

        • No, that's not how it works at all. .gov [] is a top-level domain. "" doesn't exist.

          Default domains have nothing to do with it: whatever country you're in, a hostname ending with ".gov" refers to the US government's root domain.

          For example, if you're in the UK and you fancy visiting a US government site, you'd type, say, "", not "", because that hostname doesn't exist. Conversely, if you wanted to visit a UK government site, you'd type, say, "

    • by Judg3 ( 88435 ) <jeremy@ p a> on Wednesday January 28, 2004 @10:45PM (#8120004) Homepage Journal
      " imbalance of the internet towards the US has always bothered me"

      Don't worry the rest of the world will catch up. Just like telephone networks, automobiles and transistors the internet will follow the usual pattern of:

      1. US Invents it
      2. US then screws it up
      3. Other countries improve on methods and make superior products
      4. US consumers flock to the improved, cheaper products
      5. US companies create something new to get people to 'Buy American'
      6. Follow 2 - 6

      I'm guessing that the reason we Americans go from a technological breakthrough to wondering why the hell everyone buys the product from overseas is we're either to arrogant and set in our ways, we spent a lot of $$$$ being early adopters and now the technology we use is antiquated just as the rest of the world adopts it, or a combo of the two.
    • by Anonymous Coward
      To me, it always has seemed that it should be a completely global venture

      It mostly is, isn't it?

      and be supported fairly evenly throughout the globe.

      Well it more or less is. It's supported in accordance with the infrastructure of countries and how much wealth the people have. Like anything else.

      That's pretty sad considering we represent less than 5% of the global population.

      Only in terms of numbers. It's way more than that in terms of developing and using technology. So it stands to reason where mo
    • It kind of reminds me of how the Annual Hockey game is always North America vs. the World (even though the world has some good hockey players).

      That's wonderful also and I think that the Internet and everything should also be more globalized, but the DNS servers are providing a resource that has a certain demand associated. Simply, the internet should be skewed to America because, for whatever reason (they are obvious), America likely generates the most requests and receives the most requests (though I do
    • I am an American, and I like the USA, but the imbalance of the InterNet into the USA always worried itself me. At me it has to always seem that it would have to be a completely global enterprise, and, i.e. continuously rather even with the whole sphere. Dns host are probable a good indicator of the InterNet customs/participation, and the fact that other countries are highly sticking on, is a good thing; however, just shy of half the dns host always are in the USA. Rather more sadly us represent less than 5%
    • It's still isn't in parity, but I would think that we would probably host DNS servers in propotion relative economies or relative numbers of accessors. I think in both cases the US accounts for about 1/3 of global totals. I would assume that it will stay in parity with those figures for a reasonable period of time. Remember that the internet has only been a mainstream phonomeon for about a decade, so the fact that we developed it is probably a lot of the imbalance. I don't think that you will see India
    • "That's pretty sad considering we represent less than 5% of the global population"

      Sure, but what percentage of the INTERNET population does the US represent ?
  • by Bingo Foo ( 179380 ) on Wednesday January 28, 2004 @10:40PM (#8119968)
    Can someone please explain how it is that "Name Service" has become synonymous with "The Internet?" Am I mistaken that all these root servers do is propagate name service information down to other machines until my office DNS can tell met that has address

    The routers themselves deal in numerical IP space, right? Why is name service so dang important?

    • Well, because most things users have dealings with operate by hostnames, rather than IP addresses?

      Even more so when IPv6 comes in. Besides, unless you're a masochist, I bet your mail client has SMTP:, rather than it's IP?

      Did you come to, or

      Thought so.

      • I can barely remember my social security number, let alone a IPv6 IP address! I understand that you don' t have to remember all of it, but once real web sites start using IPv6, there will be some long addresses. Of course, people memorize pi to a gazillion decimal places, too.
      • "The Internet" would function just fine for extended periods of time if name services were more distributed and locally defined. "Root Server" != "The Internet"

        The U.S. Interstate Highway System is an engineering marvel and a national asset. Its value lies in its connectivity and capacity, not so much in the green signs with white letters. Most people on it know where they are going already.
      • Besides, a lot of smaller sites won't even work with the IP address, since they're being vhosted, they depend on you using the actual hostname, which is passed by the browser.

    • Am I mistaken that all these root servers do is propagate name service information down to other machines until my office DNS can tell met that has address

      Correct. But that only happens when everything is working correctly.

      Why is name service so dang important?

      Try the book "DNS and Bind" (O'Reilly Publishing), pp 1-601.
      • Maybe I wasn't perfectly clear about what I was asking, but I'm sure the O'Reilly book has the answers. Anyway, what I meant, is that my local DNS and my /etc/hosts or NetInfo database will hold the addresses for virtually everywhere I want to go for months on end. Those numbers don't change, and I can't believe that a call is made to a root server every time someone in the world resolves any name to an IP number. How often do calls to the "root server" get made? Is it only when someone emails me something
        • Sure, your local DNS cache will work, untill that machine, or, heaven forbid, BIND crashes and it has to be restarted, then you're toast.

          Without the root servers you never get the resolution in the first place.
        • by morelife ( 213920 ) <f00fbug&postREMOVETHISman,at> on Wednesday January 28, 2004 @11:44PM (#8120390)

          Those numbers don't change, ...

          They can, and often do.

          How often do calls to the "root server" get made

          Many millions of times an hour. Each zone (or domain, in practical terms) has expiration and refresh times. In addition to caching host and other data, these expiration (ttl) and refresh times get cached as well. The clock is ticking on the ttl when first cached, and when it expires a new lookup will have to be made (even if the resulting information is, as you said, identical, e.g. it "doesn't change") Just about every time a lookup is made by a tier 3 name server the query will recursively end up at a root server which will point it back down to a gTLD server and down to the tld auth server which finally sends the data to the requestor.

          Or something like that :) The root servers have to operate in a highly reliable way, as almost all name servers use them.. There is hardly a service on the 'net that does NOT rely on names (mail, nntp, shoutcast streaming, rss, http, etc), but you are right in that strictly speaking, routing operations are IP address based and have little to do with DNS.
    • DNS converts the name (e.g. into an IP addy ( Without DNS, the internet would be like the phone with no phone book.... no way to find the number of the person/company you want to call... and in internet terms, no way to find the IP address of the website you want. Think about it.... would you (and many users who are new to computers/the internet) find it easier to remember or My guess would be the hostnames.
      • Almost, except you can't browse DNS (like you can UDDI, LDAP, DAP, NDS, AD, NTLM, Netbios) unless you have a tier-1 zone updates subscription. =)
      • could you keep your own local 'phone book' like a DNS table cache on your own box? how large are the tables that the root DNS servers store?
        • VirtualHosting (Score:3, Informative)

          by DotNM ( 737979 )
          The thing is.... surfing by IP only (without DNS) would require EVERY SITE to have a static IP address, instead of every server.

          Many hosting companies, etc. use shared servers. I do as well, in fact, for my websites. For example, my website [] may have the IP address, but the site will only show up if you use the hostname.

          Based on the sheer number of websites these days, I'm sure we'd run out of IPv4 space instantly without DNS, and maybe even run out of IPv6 space!

          • ipv4, sure. but ipv6, not any time soon. all joking aside, which i am sure you are, ipv6 gives more addresses than there are particles in the universe, if i remember my geek trivia correctly... no one we run out of those anytime soon.
        • You can primary the root on your own box. Hell if you ask NSI nicely they'll let you download daily copies of .com and .net as well.

          If you have the disk space, ram and cpu you can do all of these.

          You can primary the root zone (it's a piddly 100K file) on a 386 and get better performance than using the legacy root servers.
    • What happens if all the root DNS servers went off? Would the 2nd-tier boxed be able to take over the role, would they eventually clear their tables, or do they only edit what they have, never perge?
      • by ( 543558 ) <[changeling] [at] []> on Wednesday January 28, 2004 @11:29PM (#8120299) Homepage Journal
        If all the root servers somehow miraculously disappeared then most people would be alright for 1-2 days. After 2 days all the cached NS records for .com will have expired and virtually no one will be able to resolve any .com addresses. Similar results for all other TLDs, but the time until resolution failure for each TLD can differ.
        Of course this is a highly unlikely scenerio as there are 13 root DNS servers and many of these servers are actually multiple machines using anycast (for example). Of course, taking out a handful of the machines places sufficient load on the remaining servers to cause them to start dropping requests, but this too is unlikely.
    • 'cause some of us young whippersnappers like to actually *use* this new-fangled Internet-thingy, rather than just putz around with it like you old geezers. Jeez...old farts still think that we should all use hosts files or something.
    • cause i can't always remember if yahoo is or Hell, i barely know my own phone number and you expect me to remember ip addresses?
    • DNS is to the internet what the phone book is to the telephone system, with an added advantage that the dns system resides on computers, and computers ar just perfect for making queries. Imagine you'd have to buy a book and look up an ip addresses manually.. wouldn't that be great?
  • Sucks (Score:4, Funny)

    by Gyan ( 6853 ) on Wednesday January 28, 2004 @10:46PM (#8120012)
    I wanted to read the article, but my browser can't resolve the host.
  • Is this really a suprise?, world = 6 billion or so. World - America = 5.85 billion.
  • Personally, I'm waiting to see how the contenders in the Presidential election plan to restore American supremacy in this critical area of the New Economy. Forget mere investment in additional servers, let's jump right to forced annexation of the some of these upstart two-bit "nations"...
  • by thedji ( 561789 ) <dotslasl AT wicked DOT dj> on Wednesday January 28, 2004 @11:06PM (#8120157) Homepage

    Everyone ping [] and try and /. THAT
  • by FearUncertaintyDoubt ( 578295 ) on Wednesday January 28, 2004 @11:11PM (#8120191)
    I'd hate to think any of my packets being exported to those guys who wouldn't even help us rid Iraq of weapons of mass destruction! I think in protest, we should hereby refer to all the USA DNS root servers as "Freedom Hosts" (cue Lee Greenwood
    • Germans? (Score:5, Informative)

      by KalvinB ( 205500 ) on Wednesday January 28, 2004 @11:37PM (#8120352) Homepage
      I think you're confused. The Germans volunteered to change the names of things such as saurekraut (I'm only half German) to "Liberty Cabbage" during WWII because they were getting persecuted so much by (you guessed it) Americans. We Americans know that the French are too stuck up to stick it to themselves so we changed "their" things to names like "Freedom Toast." And I'm not old. I learned that "Liberty Cabbage" thing from Grandpa Simpson. I kid you not. Simpson's is edumacational.

      And besides, even the govenment couldn't change the name to "Freedom Hosts" because even they are slaves to VeriSign. It'd be all wrapped up in too much irony. Even for this administration.

      Source []

  • by Linus Sixpack ( 709619 ) on Wednesday January 28, 2004 @11:41PM (#8120365) Journal
    Yes but Export laws will keep any dns number above 2^2 from crossing the border.

    Its amazing how those forigners keep sneaking back into the US to develop their software then releasing it like it came from other countries!

  • How does anyone make money running a root server?
    • NSI used to pay for them by picking up the tab for machines and bandwidth. I don't know if they still do that or if the USG pays for it.
  • by Mustang Matt ( 133426 ) on Wednesday January 28, 2004 @11:47PM (#8120407)
    Quick everyone in the US go setup 5 DNS servers!
  • by Saeed al-Sahaf ( 665390 ) on Wednesday January 28, 2004 @11:47PM (#8120412) Homepage
    This whole root server thing is good for the Internet. For way too long, big corporations and the USA government have believed that the US "owns" the Internet. It seems like rules are made based on what USA corporations "want" or "need". Americans *do not* own the internet.
  • by ongeboren ( 734626 ) on Wednesday January 28, 2004 @11:54PM (#8120450)
    ... are resolved to us.
  • by qtp ( 461286 ) on Thursday January 29, 2004 @12:49AM (#8120805) Journal
    what they are talking about for a change.

    The recent flurry of articles giving the impression that VeriSign is somehow "in charge" of DNS has been rather irritating, when in fact, it is not difficult to configure your DNS server to ignore VeriSign operated root servers. (If you're using bind, dont include thier roots in your roots.cache zone file. I'm sure there's an equivalent trick for djbdns.)

    I wish all of those who are about to continue the current flood of "what difference does it make?" and "VeriSign controls DNS anyway." posts would kindly read this article [] and this one [] as well for a breif tutorial on DNS from that programmer who writes good shit but everyone says they hate him anyway, D. J. Bernstein [].

    If you like the subject, maybe you should go out and buy a copy of DNS and BIND [] so you'll have something interesting to talk about at the coffee house this weekend.

    The truth is that DNS is a distributed system that is rather well designed to be redundant. The anycast implementation mentioned in the article is a good and needed way (it's the right way[tm]) to increase the redundancy that is already inherent in the system, making DNS much more secure and resistant to DDOS attacks and other attempts to disrupt DNS service. VeriSign showing off thier "secure" sites, and blowing thier own horn about how "important" they in particular are to the internet is a load of sh*t that should not be given a second thought unless you are in the habit of educating our lawmakers about related issues. Not an especially good habit, it will make you enemies (but only if you're right).

  • There is a web site called Long Bets [] where people can place long term bets that may not be settled until long after they are dead.

    For example, the longest bet is Long Bet #7 - The universe will eventually stop expanding []. I don't suppose any of us will be around to empirically determine the answer.

    One candidate for a bet is/was Long Bet #26 - By the end of 2012, more than 50% of the root servers on the internet will be located outside the United States [].

    But noone accepted the bet.

"The number of Unix installations has grown to 10, with more expected." -- The Unix Programmer's Manual, 2nd Edition, June, 1972