- Impact
- 48,109
The Root of the DNS
by Geoff Huston, APNIC
Published in The Internet Protocol Journal, August 2025
ISSN 1944-1134
The Domain Name System (DNS) of the Internet is a remarkably simple system. You send queries into this system via a call to the name resolution library of your local host, and you get answers back. If you peek into the DNS system you’ll see exactly the same simplicity: The DNS resolver that receives your query may not know the answer, so it, in turn, will send queries deeper into the system and collect the answers. This query/response process is the same, applied recursively. Simple.
However, the DNS is simple in the same way that Chess or Go are simple. They are all constrained environments governed by a small set of rigid rules, but they all generate surprising complexity in their operation.
The Root Zone
The DNS is not a dictionary of any natural language, although these days when we use DNS names in our written and spoken communications we might be excused from getting the two concepts confused! The DNS is a hierarchical namespace. Individual domain names are constructed using an ordered sequence of labels. This ordered sequence of labels serves numerous functions, but perhaps most usefully it can be used as an implicit procedure to translate a domain name into an associated attribute value through the DNS name resolution protocol.
For example, I operate a web server that is accessed using the DNS name www.potaroo.net. If you direct your browser to load the contents of this DNS name, your system first needs to resolve this DNS name to an IP address, so that your browser knows where to send the IP packets to perform a transaction with my server. But how does the system know which nameserver is authoritative for the zone that includes the name www.potaroo.net?
This point is where the structure of the namespace is used to discover the nameserver. In this case, the DNS resolver will query a root server to resolve the name. As this name is not defined within the Root Zone (the zone that is served by the root servers), the response from any root server to such a query will be a referral response. In this example, this response is a redirection that lists the set of nameservers that are authoritative for the .net zone. Ask any of these .net nameservers for this same DNS name and again you will get back a redirection response, consisting of the list of nameservers that are authoritative for the potaroo.net zone. Ask any of these potaroo.net nameservers for the same name, www.potaroo.net, and you will receive the IP address you are looking for.
[continue]
Read the full article (PDF)
https://ipj.dreamhosters.com/wp-content/uploads/2025/08/282-ipj.pdf
Internet Protocol Journal website
https://ipj.dreamhosters.com/
This article was originally published in The Internet Protocol Journal and is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Last edited:
