12 Mar

Concern about core DNS infrastructure in India

In last few days, I have been pushing discussion on APNIC & NANOG mailing lists about poor DNS infrastructure in India.

Thought to put a quick blog post on the issue.

 

 

 

So what’s exactly wrong? 

To understand what’s wrong, let’s understand how DNS works at core level. 

DNS relies on a hierarchy model with . (dot) on top which is Root and TLD i.e Top Level Domains below Root, which further  follow 2nd level domains which are popularly domain names we use.

 

So e.g mail.google.com is actually like

.
com.
google.com
mail.google.com.

 

First 3 are real DNS zones with own delegation. Let’s see their DNS servers using dig:

anurag@laptop:~$ dig . ns +short
j.root-servers.net.
b.root-servers.net.
c.root-servers.net.
a.root-servers.net.
l.root-servers.net.
g.root-servers.net.
e.root-servers.net.
k.root-servers.net.
f.root-servers.net.
m.root-servers.net.
d.root-servers.net.
h.root-servers.net.
i.root-servers.net.

 

Next, com.

anurag@laptop:~$ dig com. ns +short
l.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
a.gtld-servers.net.
h.gtld-servers.net.
k.gtld-servers.net.
m.gtld-servers.net.
c.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.

 

Next, google.com.

anurag@laptop:~$ dig google.com. ns +short
ns2.google.com.
ns3.google.com.
ns4.google.com.
ns1.google.com.

 

So here dot was the “root zone” which is on top of hierarchy, next com is Top Level Domain, just like net, org, in, us etc. Next, google.com. is 2nd level domain. Nameservers which hold data for google.com domain name sit on gTLD servers of com while root holds ALL dns servers of all Top level domains. So root knows who knows about com/net/org/biz/asia/in/se/us etc. 

There are 13 root servers in world theoritically but actual number is over 100 since they are using anycasting very much and have nodes across multiple places. You can read more on official site of Root Servers along with their location map here.

 

That was the fundamental part. Coming back on main point, what’s missing in India?

We have 4 root servers deployed at Delhi, Mumbai & Chennai which seems like decent number but there are NO gTLD servers at all. Thus India relies on external world for resolving gTLD domains like com/net/ org. This is real problem. If you are from India, I would suggest you to take traceroutes to each of gTLD servers i.e

l.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
a.gtld-servers.net.
h.gtld-servers.net.
k.gtld-servers.net.
m.gtld-servers.net.
c.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.

 

and pass me on directly on email or via comments on the page.

 

Here is my original post at NANOG mailing list.

 

 

2 thoughts on “Concern about core DNS infrastructure in India

    • Tarun,
      1.ISPs DNS servers get ton of new DNS queries. What you are saying works only after they have records in cache.
      2.It is bad that Indian ISP’s still depend badly on outside world for resolving a gTLD or even rDNS in-addr.arpa zone.
      3.OpenDNS & Google are connected well, but if gTLD they are using is out in other country, DNS resolution will be slow. Infact openDNS does not operates node in India at all.

      Looking at DNS resolution of google.com

      anurag@laptop:~$ dig google.com +trace

      ; < <>> DiG 9.7.1-P2 < <>> google.com +trace
      ;; global options: +cmd
      . 59552 IN NS j.root-servers.net.
      . 59552 IN NS b.root-servers.net.
      . 59552 IN NS c.root-servers.net.
      . 59552 IN NS a.root-servers.net.
      . 59552 IN NS l.root-servers.net.
      . 59552 IN NS g.root-servers.net.
      . 59552 IN NS e.root-servers.net.
      . 59552 IN NS k.root-servers.net.
      . 59552 IN NS f.root-servers.net.
      . 59552 IN NS m.root-servers.net.
      . 59552 IN NS d.root-servers.net.
      . 59552 IN NS h.root-servers.net.
      . 59552 IN NS i.root-servers.net.
      ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 65 ms

      com. 172800 IN NS d.gtld-servers.net.
      com. 172800 IN NS j.gtld-servers.net.
      com. 172800 IN NS f.gtld-servers.net.
      com. 172800 IN NS i.gtld-servers.net.
      com. 172800 IN NS l.gtld-servers.net.
      com. 172800 IN NS m.gtld-servers.net.
      com. 172800 IN NS g.gtld-servers.net.
      com. 172800 IN NS b.gtld-servers.net.
      com. 172800 IN NS e.gtld-servers.net.
      com. 172800 IN NS c.gtld-servers.net.
      com. 172800 IN NS h.gtld-servers.net.
      com. 172800 IN NS k.gtld-servers.net.
      com. 172800 IN NS a.gtld-servers.net.
      ;; Received 500 bytes from 192.58.128.30#53(j.root-servers.net) in 497 ms

      google.com. 172800 IN NS ns2.google.com.
      google.com. 172800 IN NS ns1.google.com.
      google.com. 172800 IN NS ns3.google.com.
      google.com. 172800 IN NS ns4.google.com.
      ;; Received 164 bytes from 192.5.6.30#53(a.gtld-servers.net) in 401 ms

      google.com. 300 IN A 173.194.36.5
      google.com. 300 IN A 173.194.36.3
      google.com. 300 IN A 173.194.36.2
      google.com. 300 IN A 173.194.36.7
      google.com. 300 IN A 173.194.36.0
      google.com. 300 IN A 173.194.36.1
      google.com. 300 IN A 173.194.36.8
      google.com. 300 IN A 173.194.36.14
      google.com. 300 IN A 173.194.36.4
      google.com. 300 IN A 173.194.36.9
      google.com. 300 IN A 173.194.36.6
      ;; Received 204 bytes from 216.239.38.10#53(ns4.google.com) in 130 ms

      response in 400ms from gTLD that’s common for all new DNS lookups. Surely it effects least to popular sites due to DNS caching. Hope that clears your doubt.

Leave a Reply