12 Mar

Concern about core DNS infrastructure in India

In last few days, I have been pushing discussion on APNIC & NANOG mailing lists about poor DNS infrastructure in India.

Thought to put a quick blog post on the issue.

 

 

 

So what’s exactly wrong? 

To understand what’s wrong, let’s understand how DNS works at core level. 

DNS relies on a hierarchy model with . (dot) on top which is Root and TLD i.e Top Level Domains below Root, which further  follow 2nd level domains which are popularly domain names we use.

 

So e.g mail.google.com is actually like

.
com.
google.com
mail.google.com.

 

First 3 are real DNS zones with own delegation. Let’s see their DNS servers using dig:

anurag@laptop:~$ dig . ns +short
j.root-servers.net.
b.root-servers.net.
c.root-servers.net.
a.root-servers.net.
l.root-servers.net.
g.root-servers.net.
e.root-servers.net.
k.root-servers.net.
f.root-servers.net.
m.root-servers.net.
d.root-servers.net.
h.root-servers.net.
i.root-servers.net.

 

Next, com.

anurag@laptop:~$ dig com. ns +short
l.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
a.gtld-servers.net.
h.gtld-servers.net.
k.gtld-servers.net.
m.gtld-servers.net.
c.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.

 

Next, google.com.

anurag@laptop:~$ dig google.com. ns +short
ns2.google.com.
ns3.google.com.
ns4.google.com.
ns1.google.com.

 

So here dot was the “root zone” which is on top of hierarchy, next com is Top Level Domain, just like net, org, in, us etc. Next, google.com. is 2nd level domain. Nameservers which hold data for google.com domain name sit on gTLD servers of com while root holds ALL dns servers of all Top level domains. So root knows who knows about com/net/org/biz/asia/in/se/us etc. 

There are 13 root servers in world theoritically but actual number is over 100 since they are using anycasting very much and have nodes across multiple places. You can read more on official site of Root Servers along with their location map here.

 

That was the fundamental part. Coming back on main point, what’s missing in India?

We have 4 root servers deployed at Delhi, Mumbai & Chennai which seems like decent number but there are NO gTLD servers at all. Thus India relies on external world for resolving gTLD domains like com/net/ org. This is real problem. If you are from India, I would suggest you to take traceroutes to each of gTLD servers i.e

l.gtld-servers.net.
f.gtld-servers.net.
g.gtld-servers.net.
j.gtld-servers.net.
i.gtld-servers.net.
a.gtld-servers.net.
h.gtld-servers.net.
k.gtld-servers.net.
m.gtld-servers.net.
c.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
b.gtld-servers.net.

 

and pass me on directly on email or via comments on the page.

 

Here is my original post at NANOG mailing list.