First ICANN Managed Root Server Instance Installed in Palau
SINGAPORE – 2 July 2020 – The Internet Corporation for Assigned Names and Numbers (ICANN) today announced the successful installation of an ICANN Managed Root Server (IMRS) instance in the Republic of Palau (Palau).
The installation of the first Palau instance is a joint effort between ICANN and the Palau National Communications Corporation (PNCC). PNCC supplied the equipment necessary for the installations and the bandwidth needed to support the instance.
“We appreciate the joint effort by PNCC to host the IMRS instance. This commitment improves root zone Domain Name System service, and augments the technical stability and resiliency of the Domain Name System in the region,” said David Conrad, ICANN Chief Technology Officer.
“Having an IMRS instance in Palau should not be considered a PNCC accomplishment,” said Leo Ben Teriong, PNCC Chief Executive Officer. “It is an advancement in the quality of experience that every Internet user in Palau will benefit from, as we continue to build our Republic of Palau hand-in-hand.”
ICANN manages more than 165 IMRS instances around the world, most of which are hosted by third parties. There are now 22 IMRS instances installed in Oceania, located in Australia, Federated States of Micronesia, Fiji, French Polynesia, Guam, Marshall Islands, New Caledonia, New Zealand, Palau, Papua New Guinea, Samoa, and Solomon Islands.
ICANN’s mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you have to type an address – a name or a number – into your computer or other device. That address must be unique, so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation and a community with participants from all over the world.
What is a root server?
A root server is a name server for the Domain Name System (DNS) root zone. Root servers respond to DNS lookup requests made by DNS resolvers generally operated by Internet service providers. When the request is a query about the root zone itself, the root server will respond authoritatively with the answer. For all other queries, the root server will respond with either a referral to the appropriate top-level domain (TLD) name server or an error response (e.g., to indicate a non-existent TLD). Each root server is made up of a number of machines at multiple locations. These machines are known as instances.
What is a root server instance?
An instance makes use of an Internet traffic routing technique known as “anycast” that allows all the root server’s instances to have the same two IP addresses (an IPv4 address and an IPv6 address) and to serve the same DNS content, including information about the name servers for TLDs.
Benefits of root server instances
Increasing the number of instances improves the overall fault tolerance of the DNS, bolsters the resilience against certain types of cyber threats such as Denial of Service (DoS) attacks, and can reduce the response time that local Internet users experience during DNS queries.
Contrary to common misconception, root servers do not control the Internet. The operation of an instance also does not provide any mechanism to alter content of the DNS. Any modification of root zone content will be mitigated by a part of the DNS protocol known as the DNS Security Extensions (DNSSEC) and if an instance fails to respond to a query, resolvers will ask the same question to another instance or root server.
Regardless of which root server the resolvers are sending queries to, spreading more instances geographically leads to a more resilient, dispersed system that reduces the risk of Internet users being taken offline by a problem or attack. The increased distribution of instances also ensures that the turnaround time of a DNS query and response is as fast as possible, resulting in better experiences for Internet users.
Historically, there were 13 individual machines that provided root service, with each one of those machines having one of 13 unique IPv4 addresses. However, today, there are 26 unique IP addresses – 13 IPv4 and 13 IPv6, that are used to provide root service via over 1000 individual machines. The equipment, hardware, and connectivity for the machines that use those 26 addresses are administered by 12 organizations known as “root server operators.” ICANN, which administers the ICANN Managed Root Server (IMRS), is one of those 12 organizations.
Each of the root server operators manages their constellation of instances independently of the others, although they do coordinate with one another when needs arise. While the service provided by each root server operator may differ in how the service is offered, they are identical in the answers to DNS questions they receive. No root server operator is unique – all 12 root server operators obtain root zone data as defined by the Internet Assigned Numbers Authority (IANA) and make that data available via the IPv4 or IPv6 address associated with their server.