DNS servers are managed by multiple organizations and entities. It is mainly divided into the following mechanisms.
1. Root DNS Servers
There are 13 root DNS servers in the world (in fact, each server is distributed in a large number of mirrors). They are the foundation of the entire internet’s DNS infrastructure.
Management is centrally managed by ICANN (Internet Corporation for Assigned Names and Numbers) and delegated to specific organizations (e.g., VeriSign, USC/ISI, Cogent Communications, etc.).
| Server Name | IPv4 address | IPv6 address | Governing Organization | Official website |
| A.ROOT-SERVERS.NET | 198.41.0.4 | 2001:503:ba3e::2:30 | VeriSign (U.S.) | VeriSign |
| B.ROOT-SERVERS.NET | 199.9.14.201 | 2001:500:200::b | University of Southern California Institute of Information Science (USA) | ISI |
| C.ROOT-SERVERS.NET | 192.33.4.12 | 2001:500:2::c | Cogent Communications (U.S.) | Cogent |
| D.ROOT-SERVERS.NET | 199.7.91.13 | 2001:500:2d::d | University of Maryland (USA) | UMD |
| E.ROOT-SERVERS.NET | 192.203.230.10 | 2001:500:a8::e | National Aeronautics and Space Administration (NASA) (U.S.) | NASA |
| F.ROOT-SERVERS.NET | 192.5.5.241 | 2001:500:2f::f | Internet Systems Consortium (USA) | ISC |
| G.ROOT-SERVERS.NET | 192.112.36.4 | 2001:500:12::d0d | U.S. Defense Information Systems Agency (U.S.) | DISA |
| H.ROOT-SERVERS.NET | 198.97.190.53 | 2001:500:1::53 | U.S. Army Research Laboratory (U.S.) | ARL |
| I.ROOT-SERVERS.NET | 192.36.148.17 | 2001:7fe::53 | Netnod (Sweden) | Netnod |
| J.ROOT-SERVERS.NET | 192.58.128.30 | 2001:503:c27::2:30 | VeriSign (U.S.) | VeriSign |
| K.ROOT-SERVERS.NET | 193.0.14.129 | 2001:7fd::1 | RIPE NCC (Netherlands) | RIPENCC |
| L.ROOT-SERVERS.NET | 199.7.83.42 | 2001:500:9f::42 | ICANN (United States) | ICANN |
| M.ROOT-SERVERS.NET | 202.12.27.33 | 2001:dc3::35 | WIDE Project/JPRS (Japan) | WIDE Project / |
2. TLD (Top-Level Domain) DNS Servers
Top-level domains (TLDs) are the top-level part of a domain name on the internet, and each TLD is managed by a specific organization. These organizations are called “registries” and are responsible for the operation and management of TLDs. Below, we have summarized the major TLDs, their governing bodies, and their official websites.
| TLD | Uses and meanings | Managing Organizations | Official website |
|---|---|---|---|
| .com | Commercial use | VeriSign, Inc. | verisign.com |
| .org | Non-Profit Organizations | Public Interest Registry | pir.org |
| .net | Network related | VeriSign, Inc. | verisign.com |
| .edu | Educational institutions (mainly in the United States) | EDUCAUSE | educause.edu |
| .gov | U.S. Government Agencies | CISA (Cybersecurity and Infrastructure Security Agency) | get.gov |
| .int | international organization | Internet Assigned Numbers Authority (IANA) | iana.org |
| .jp | Japan | Japan Registry Service (JPRS) | jprs.jp |
| .uk | United Kingdom | Nominet UK | nominet.uk |
| .de | Germany | DENIC eG | denic.de |
| .fr | France | Association Française pour le Nommage Internet en Coopération (AFNIC) | afnic.fr |
| .cn | China | China Internet Network Information Center (CNNIC) | cnnic.cn |
| .au | Australia | .au Domain Administration (auDA) | auda.org.au |
| .ca | Canada | Canadian Internet Registration Authority (CIRA) | cira.ca |
| .ai | Anguilla (British Territory) | Government of Anguilla | gov.ai |
These TLDs are classified as generic top-level domains (gTLDs) and country-coded top-level domains (ccTLDs). gTLDs are designed for specific applications and industries, while ccTLDs represent countries and regions. Each TLD management organization establishes and appropriately operates domain name registration policies and operations.
A detailed list of TLDs and information about the governing organization can be found on the official IANA website.
3. Registries and Registrars
Definition: A registrar is an organization or company that provides services to register domain names for users.
Examples: GoDaddy, Namecheap, Name.com
Key roles:
- A point of contact for users to purchase and register new domain names.
- Manage the information of users who have registered domain names.
- Register your domain name and its nameserver information with a top-level domain (TLD) registry.
Construction:
- The registrar communicates directly with the TLD registry (e.g.,
.comVerisign) to update the domain’s registration information. - After the domain is registered, the user-specified nameserver information is registered in the TLD registry.
4. Resolver (Cached DNS Server)
- It is managed by the ISP (Internet Service Provider) used by the user, the company, and the cloud provider.
- Example:
- Google Public DNS(8.8.8.8)
- Cloudflare DNS(1.1.1.1)
- ISP-specific DNS servers
- Definition: A resolver is a part of a DNS server or program that is responsible for processing DNS queries to obtain the IP address corresponding to a domain name.
- Key roles:
- It translates the domain name entered by the user in the browser or application into an IP address.
- DNS queries to the root DNS, TLD DNS, and authoritative DNS (Authoritative DNS) and returns a final answer.
- Construction:
- For example, if a user
example.comtries to access , the resolver will behave as follows:- Query the root DNS server to
.comget the TLD server information for . - Contact the TLD server to
example.comget the name server information. - Contact the nameservers to get the final IP address.
- Query the root DNS server to
- For example, if a user
The relationship between registrar and resolver
Registrars and resolvers do not communicate directly, but they have an indirect and important relationship within the entire DNS system.
Relationship flow
- Registrar registers nameserver information:
When a domain is registered, the registrar records the user-specified nameserver information in the TLD registry. - The TLD registry provides information:
The TLD registry manages the nameserver information for that domain and responds to resolver queries. - The resolver gets the information:
The resolver uses the nameserver information it retrieves from the TLD registry to obtain detailed DNS records for that domain, such as A and MX records, from authoritative DNS servers.
5. Authoritative DNS Servers
An authoritative DNS server is a DNS server that manages and provides official DNS information about a specific domain. This server acts as the name server for that domain and holds accurate DNS records about the domain (e.g., A records, MX records, etc.).
- DNS servers for individual domains.
- Operated or commissioned by the domain owner (e.g., business, web hosting service, etc.).
Key roles
- Provide official information:
For a specific domain, it provides the DNS information with final authority (the name resolution answer). - Manage DNS records:
Store DNS records related to your domain (such as A records, CNAME records, MX records, etc.) and return them in response to your query. - Final stage of name settlement:
When a client sends a DNS query through a resolver, the query goes through the root DNS server or TLD server and eventually reaches the authoritative DNS server. Authoritative DNS servers provide accurate answers.
Authoritative DNS Servers in the Name Resolution Process
- The user enters “www.example.com” into the browser.
- The Resolver starts resolving the name.
- Contact the root DNS server to
.comget the TLD server information. - Contact the TLD DNS server to
example.comget the authoritative DNS server (e.g.,ns1.example.com). - The authoritative DNS server returns the IP address of the “www.example.com” to the resolver.
- Contact the root DNS server to
supplement
The management of the DNS infrastructure is decentralized, with ICANN responsible for overall coordination, while delegating management of individual domains and TLDs to different organizations.
Comments