What is DNS

Domain Name System - translates human-readable domain names (like www.example.com) into the numerical IP addresses (like 192.0.2.1) that computers use to communicate.

How does it work

DNS Workflow

How owns this Infrastructure

The global Domain Name System (DNS) is a decentralized system with different types of servers managed by multiple organizations and entities. Let’s break it down:

1. Root Servers (Controlled by ICANN and Partners)

  • Root servers are the top of the DNS hierarchy. There are 13 root server “clusters” worldwide, operated by different organizations.

  • These root servers are managed by various organizations, under the oversight of ICANN (Internet Corporation for Assigned Names and Numbers), a nonprofit organization that coordinates the global DNS.

    Some key operators of root servers include:

    • Verisign
    • Internet Systems Consortium (ISC)
    • University of Maryland
    • NASA
    • U.S. Department of Defense

    Even though there are only 13 “logical” root servers (labeled A to M), each root server is highly distributed via Anycast, meaning there are hundreds of physical servers worldwide.

2. TLD Servers (Managed by Registries)

  • TLD servers (e.g., for .com, .org, .net, .uk, etc.) are operated by organizations called registries.

  • Each TLD has its own registry, and they control the DNS records for that specific TLD.

    Examples:

    • .com and .net → Managed by Verisign.
    • .org → Managed by Public Interest Registry (PIR).
    • Country Code TLDs (ccTLDs), like .uk or .in, are often managed by national organizations. For example:
      • .uk → Managed by Nominet.
      • .in → Managed by INRegistry (under the Government of India).

ICANN works with these registries to ensure the system operates smoothly and securely.

3. Authoritative Name Servers (Managed by Domain Owners)

  • Authoritative name servers are typically managed by the organization or individual that owns the domain name.
  • These servers are set up with the help of domain registrars (like GoDaddy, Namecheap, etc.), and domain owners can control their DNS records (e.g., A, MX, TXT records).
  • Large companies or organizations may host their own authoritative name servers, while smaller entities may use third-party DNS hosting providers like:
    • Cloudflare
    • AWS Route 53
    • Google Cloud DNS

4. Recursive Resolvers (Managed by ISPs or Public Providers)

  • Recursive resolvers are managed by:
    • Internet Service Providers (ISPs): Many ISPs operate their own DNS resolvers for customers.
    • Public DNS Providers: Some well-known public DNS resolvers include:
      • Google DNS (8.8.8.8)
      • Cloudflare DNS (1.1.1.1)
      • OpenDNS (208.67.222.222)

These resolvers interact with the root, TLD, and authoritative servers to resolve DNS queries.

5. ICANN (Global Coordination)

  • ICANN plays the central role in coordinating the entire DNS system. It ensures:
    • Root zone file management (via IANA, which is a part of ICANN).
    • Policies and agreements with TLD registries and registrars.
    • Security and stability of the DNS infrastructure.

ICANN delegates specific responsibilities to registries and works with governments and organizations globally.

Summary of Control:

  • Root servers: Controlled by ICANN and its designated operators.
  • TLD servers: Controlled by registries (e.g., Verisign for .com, PIR for .org).
  • Authoritative name servers: Controlled by domain owners or their DNS hosting providers.
  • Recursive resolvers: Controlled by ISPs or public DNS providers (e.g., Google, Cloudflare).

No single entity controls the entire DNS system—it’s a collaborative, hierarchical effort involving multiple organizations worldwide.