|
DNS root servers function as part of the Internet backbone, as explained in Wikipedia, and have come under attack a number of times in the past—although none of the attacks have ever been serious enough to severely hamper the performance of the Internet.
In response to some of the common misconceptions about the physical location and total number of DNS root servers in the world, Patrik Faltstrom has put together a visual map on Google, pin-pointing the approximate location of each server around the world. (Note: The map may be incomplete and Patrik is updating it as he gathers more input.)
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com
Patrik has confirmed as many misconceptions as he’s possibly debunked. Root server placement is not effective solely based on population, but requires consideration of infrastructure architecture. The map demonstrates that Latin America, Africa, and the Caribbean are woefully under-served. Root serer distribution is one of the answers to the DDoS problem, and in that regard, these areas are woefully under-protected as well.
Martin Hannigan said:
To some degree this map does not tell the truth either. A real map should list the servers based on network topology. That would show that so far (for example), as long as most of the ISPs in Latin America have links to Miami, one of the best locations for a root server for ISPs in Latin America is in Miami. Not in Latin America.
This of course changes when ISPs start to exchange more and more traffic locally (a good thing), and we will and should see more root servers distributed in the world.
More about this in a new post of mine.
Far too many if you ask me.
You only need to compromise one to snaffle a decent share of global traffic to ones own nefarious purposes.
Patrik Fältström said:
Patrik:
We could argue this all day and disagree, but the point is factual. The Caribbean, Africa, and Latin America are woefully under served as far as root servers go and I disagree that being stubbed off of Miami is acceptable or preferred.
Most of the root server operators seek large contributions to operate them in specific areas. Cost is part of the reason you may not see many as well.
Best,
Martin
Martin Hannigan said:
I completely agree with you that the situation with Miami as a “ok place” is not ok anymore. I wanted to point out the historical fact on why Miami in fact was better than a location in Latin America.
I have myself been running various projects that help with deployment of root servers in the areas you talk about, so I am the first to support you in getting even more root servers out there.
The point of my post was to educate people and let them know that today it is “just” a discussion on agreements with one of the root server operators to get a root server. Not a question on what ICANN or some other organisation does.
Of course, in some cases the discussions (that I to some degree participate in) are difficult as (as you say) the parties that run root servers must have their cost recovered in one way or another.
But, there are today at least three root server operators you can get a root server from. My experience so far tell me some problems have existed here and there, but they have all been resolved. Please contact me privately at paf [at ] cisco.com and we can have a side discussion, and I can see what I can help you with. You seem to have some data different from what I have.
In the Internet Protocol Journal of March 2007 (Volume 10, Numer 1) is an article by Steve Gibbard of PCH titled “Geographic Implications of DNS Infrastructure Distribution”. It is well written and seems relevant to this discussion.
CircleID Update: More about “Geographic Implications of DNS Infrastructure Distribution”
Patrik Fältström said:
There are three that require funding for their efforts would be better spent on finding a way to empower other operators to run their own local, unified, copies of root servers. This is already possible, and done, but there are obviously issues around it as Stephane continously reminds me including neutrality and filtering. If the infrastructure is to continue to grow, we need to find a way to move the root away from the current regime and make it a commodity.
Thank you for the offer of help in the meantime. I will catch up with you.
Best,
Marty