12 Mar

Concern about core DNS infrastructure in India

In last few days, I have been pushing discussion on APNIC & NANOG mailing lists about poor DNS infrastructure in India.

Thought to put a quick blog post on the issue.

 

 

 

So what’s exactly wrong? 

To understand what’s wrong, let’s understand how DNS works at core level. 

DNS relies on a hierarchy model with . (dot) on top which is Root and TLD i.e Top Level Domains below Root, which further  follow 2nd level domains which are popularly domain names we use.

 

So e.g mail.google.com is actually like

.
com.
google.com
mail.google.com.

 

First 3 are real DNS zones with own delegation. Let’s see their DNS servers using dig:

anurag@laptop:~$ dig . ns +short
j.root-servers.net.
b.root-servers.net.
c.root-servers.net.
a.root-servers.net.
l.root-servers.net.
g.root-servers.net.
e.root-servers.net.
k.root-servers.net.
f.root-servers.net.
m.root-servers.net.
d.root-servers.net.
h.root-servers.net.
i.root-servers.net.

 

Next, com.

anurag@laptop:~$ dig com. ns +short
l.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
a.gtld-servers.net.
h.gtld-servers.net.
k.gtld-servers.net.
m.gtld-servers.net.
c.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.

 

Next, google.com.

anurag@laptop:~$ dig google.com. ns +short
ns2.google.com.
ns3.google.com.
ns4.google.com.
ns1.google.com.

 

So here dot was the “root zone” which is on top of hierarchy, next com is Top Level Domain, just like net, org, in, us etc. Next, google.com. is 2nd level domain. Nameservers which hold data for google.com domain name sit on gTLD servers of com while root holds ALL dns servers of all Top level domains. So root knows who knows about com/net/org/biz/asia/in/se/us etc. 

There are 13 root servers in world theoritically but actual number is over 100 since they are using anycasting very much and have nodes across multiple places. You can read more on official site of Root Servers along with their location map here.

 

That was the fundamental part. Coming back on main point, what’s missing in India?

We have 4 root servers deployed at Delhi, Mumbai & Chennai which seems like decent number but there are NO gTLD servers at all. Thus India relies on external world for resolving gTLD domains like com/net/ org. This is real problem. If you are from India, I would suggest you to take traceroutes to each of gTLD servers i.e

l.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
a.gtld-servers.net.
h.gtld-servers.net.
k.gtld-servers.net.
m.gtld-servers.net.
c.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.

 

and pass me on directly on email or via comments on the page.

 

Here is my original post at NANOG mailing list.

 

 

07 Mar

Updates!

 

Hello readers!

I am blogging after quite a few days. Spent bit of time at events like APRICOT 2012 – New Delhi, followed by (unexpected) college start (on time) with heavy fine!

Overall time is moving fast. Last week TeamARIN posted a guest blog post from me on DNS in case of IPv6. Apart from that I was excited with small article from RIPE NCC about K-root server connectivity issue as reported by me on mailing list. I have been hosting a RIPE NCC Probe for Atlas Project at home and its overall going quite good. It’s giving really very interesting data about our connectivity with root nameservers, response time, latency etc. I will spend some time on analysis of latest data and will post it here.

 

That’s all from me from now. Overall exciting times ahead! 🙂