[dns-operations] root? we don't need no stinkin' root!

Jim Reid jim at rfc1035.com
Mon Nov 25 21:39:32 UTC 2019

> On 25 Nov 2019, at 20:54, Florian Weimer <fw at deneb.enyo.de> wrote:
> The query numbers are surprisingly low.  To me at last.

What do you consider to be a lot of queries? The root server system collectively handles 500K-1M queries per second. That seems rather a lot to me. YMMV. I don't know of any other IT platform that reliably handles transactions at anything close to that volume. Or orders of magnitude lower. IIUC Mastercard and Visa each handle around "only" 30K transactions/second.

Root server query numbers are continually rising. This is why suggestions like Mark's and RFC7706 need careful consideration. Ultimately, the root server operators won't be able to keep on adding capacity and bandwidth to keep up with demand or mitigate DDoS attacks. They'll eventually run out of money/bits/hardware before the script kiddies and their botnets do. Even though the RSOs are winning that arms race today.

> Do we know why the number of root instances has increased?

Partly it will be each RSO adding more instances to improve resilience, capacity and performance. They will also be adding more servers to address layer 9+ questions from countries who want to have more root servers inside their borders. IXPs/ISPs want that too, just like they want extra copies of local cache nodes from CDNs.

Some countries perceive the DNS root to be US-centric. When they're not on friendly terms with the USA, that can be a problem. Adding anycast root instances in say China or Russia can go some way to alleviate some of those concerns.

> Is it because of the incoming data is interesting?

Define interesting. IMO instances are being added for the reasons above. Whether the ever-growing volume of queries to the root is interesting or not is irrelevant IMO.

More information about the dns-operations mailing list