1

Initially, when Internet was just growing up, DNS packet size was use to be only 512 bytes (at max), dns servers was listening only on udp protocol and due to other similar issues; number of Root servers was fixed to 13 numbers so that answer from root server can be put into a single packet of 512 bytes.

Now, we are in 21st century, we have DNSSEC enabled across the domains (from last 2-3 years, all the gTLDs are signed) and this force all the servers (be it authoritative or caching) to listen and reply on TCP (along with UDP) AND this increases a DNS packet size upto 4096 bytes.

I know that multiple instances of each root servers are running and they are providing us resiliency and till date we hadn't face any such major downtime issues with root servers.

Then also, what is stopping us from increasing the number of Root Servers ?

Gaurav Kansal
  • 618
  • 9
  • 24
  • 6
    Sorry, but this does not deal with an actual technical problem you face. Also, you described the initial reason for the limitation and how it was overcome, but you didn't make a point demonstrating it would be actually necessary to do anything further (e.g. if 13 clustered servers are not enough, why would 20 or 50 be?). – Sven Oct 28 '16 at 18:06
  • 2
    @Sven... Users were putting their views and opinion on the question. You should have allowed the users to share their thoughts and should not put this post on hold. – Gaurav Kansal Oct 28 '16 at 18:22
  • @Michael Hampton.... This question is not duplicate with the question that you have shared. Question you have shared ask about `how 13 servers handle all the requests` while i am asking `why can't a limit of 13 has been increased keeping in mind the present Internet scenario;` And i am aware that root servers are running in anycast mode. – Gaurav Kansal Oct 28 '16 at 18:34
  • 5
    @GauravKansal Two moderators have told you this question is off-topic here. I'm not sure what you intend to gain by fighting that, but if you want to do so, http://meta.serverfault.com/ instead of here. – ceejayoz Oct 28 '16 at 18:35
  • To be blunt, you need to assume the answer is *"because there is no need to"* until you can demonstrate an actual need or limitation. If we can take it one step further and say *"because it would potentially break >0 devices **and** there is no need to"*, the reason goes without saying. I see two reopen votes on this Q&A, but in my opinion it should not be reopened without *an actual problem statement*. – Andrew B Oct 28 '16 at 21:50
  • see https://tools.ietf.org/html/draft-ietf-dnsop-respsize – Alnitak Oct 28 '16 at 22:43

4 Answers4

7

I would think that it's a combination of:

  • There's no actual need to have more (with the hundreds of anycast nodes worldwide for the 13 root server entries)
  • This allows continued compatibility with old non-EDNS0 clients
Håkan Lindqvist
  • 35,011
  • 5
  • 69
  • 94
  • Regarding anycast nodes, i already mentioned in my question. Is there any study available, which can describe whether we still have non-EDNS0 available over internet ? – Gaurav Kansal Oct 28 '16 at 17:32
  • 2
    @GauravKansal http://stats.dns.icann.org/plotcache/L-Root/edns_version/2016-09-28T00:00-2016-10-27T23:59-all.html shows statistics from L-root (ICANN) for the last month. – Håkan Lindqvist Oct 28 '16 at 17:38
  • 5
    If "there's no actual need to have more" is insufficient to answer your question, then this becomes a "why not" opinion based question. – Andrew B Oct 28 '16 at 17:42
  • 1
    @GauravKansal there are _many, many_ servers (or servers with broken firewalls in front of them) that do not correctly support EDNS0. See http://ednscomp.isc.org/ – Alnitak Oct 28 '16 at 22:38
  • @HåkanLindqvist the only current considerations for fitting more Anycast letters beyond the current 13 are political, not technical – Alnitak Oct 28 '16 at 22:39
4

It's 13 clusters of servers not literally 13 root servers (yikes, imagine if it was old school server in the basement?). The reason for choosing 13 root name servers was to fit all the IP addresses in a single 512 byte packet. How many root servers will there be when we transition to IPv6? :-)

kasperd
  • 30,455
  • 17
  • 76
  • 124
Neil Anuskiewicz
  • 461
  • 1
  • 3
  • 15
  • This i already mentioned in my question. I want a reason for not allowing more than 13 root servers in present scenarios – Gaurav Kansal Oct 28 '16 at 17:33
  • @GauravKansal Who said more than 13 weren't allowed? There's just no need. – ceejayoz Oct 28 '16 at 17:34
  • @ceejayoz And who said `no need` ? – Gaurav Kansal Oct 28 '16 at 17:37
  • @GauravKansal The Internet? Which is generally running fine? – ceejayoz Oct 28 '16 at 17:41
  • I mention this in my question itself - ` till date we hadn't face any such major downtime issues with root servers` But isn't that we should think about increasing the number of root-servers. – Gaurav Kansal Oct 28 '16 at 17:44
  • 3
    @GauravKansal Look, I don't need to do a scientific study and write a white paper to explain why I don't need 43 cars in my garage. If you think the Internet needs more than 13 (anycasted) roots, explain why. – ceejayoz Oct 28 '16 at 17:46
  • The Internet is running fine most of the time... until it's not. Even if there's not a need for more root servers, it's still worth thinking about whether these servers are vulnerable to an attack we perhaps can't imagine today. – Neil Anuskiewicz Oct 28 '16 at 18:31
  • @NeilAnuskiewicz Do you mean fit all the IP addresses of root servers in a single packet? Wouldn't that only require 4 * 13 = 52 bytes? – gardenhead Oct 28 '16 at 18:39
  • It's 32 bytes * 13 = 416 bytes. This leaves 96 bytes remaining for other data. – Neil Anuskiewicz Oct 28 '16 at 18:44
  • 4
    @gardenhead You need more than just the IP addresses. You need 13 NS records each mapping the zone name to name server names. And you need 13 glue records mapping the name server names to IP addresses. And each record has additional fields containing class, type, TTL, and length for the record. The only reason all of that can fit in 512 bytes is because DNS has built in compression. – kasperd Oct 28 '16 at 20:27
  • @Neil That would also not be topical for here. "let's theorycraft why 13 scalable anycast nodes aren't sufficient" is not Q&A to solve a problem, it's a Q&A to invent one. At the very least the question needs to open with a premise for how the limitation of 13 roots is holding us back. – Andrew B Oct 28 '16 at 22:07
4

Q:

Then also, what is stopping us from increasing the number of Root Servers ?

A: Limitations in DNS and the size of unfragmented UDP (512), caused the decision to limit the root hints to 13

source : Mark Andrews of the Internet Systems Consortium

Bryan Cerrati
  • 96
  • 8
3

It's not 13 individual servers. It's 13 "named authorities". There are actually 367 servers that comprise the "13" root servers/named authorities.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172