DNS and Root Server

Deepak Singh
3 min readMay 4, 2022


In most simplistic terms — the DNS Root server is just another DNS server.

There are 13 Root name servers in the Domain Name System. The general addressing format is character.root-servers.org where the character varies from a to m — a.root-servers.org, b.root-servers.org,…..,m.root-servers.org

The root servers are operated by different organizations for example a.root-servers.org is operated by Verisign, b.root-servers.org by USC, and c.root-servers.org by Cogent Communications, etc.

PRO TIP — 13 root servers represent 13 different IP addresses. They have several hundreds of DNS server instances behind the scenes configured in a load-balanced and high availability fashion and running Anycast routing.

Domain Name System hierarchy

PRO TIP — Verisign is the registry for almost all of the most common TLDs.

Verisign owns almost all common TLDs

Similar to the DNS servers, the DNS Root server also maintains a “Zone file” called “Root Zone file”. The Root Zone file contains a list of domain names and IP addresses of the Authoritative nameserver for each of the Top-Level Domains. You can see below a typical entry in a Root Zone file.

Typical entry in a Root Zone file

Domain Name Resolution

The domain name resolution process converts the hostname to an IP address. It is a recursive process. For it to work, at least one of the DNS servers must act as a recursive resolver. This function is generally served by the DNS server of the domain (set “allow-recursion” property to true) or the DNS server of the ISP.

Domain Name Resolution process

Here is a high-level walkthrough of the process — The browser takes the user request and first checks in the browser cache. It takes the request to the OS DNS module and checks the local DNS cache. If the domain name does not exist in the database or the cache of the local DNS server, the request is taken to a DNS resolver. DNS resolver reaches out to one of the Root Server, which will direct it to a TLD nameserver. The TLD nameserver directs the resolver to an authoritative nameserver of the actual domain. The authoritative nameserver responds with the IP address of the domain.

Once the client DNS resolver module gets the IP address of the domain, a formal TCP handshake is initiated between the client and server. This is all transparent to the user. From the user's point of view — a URL is typed in the browser and a response is displayed in the browser.

PRO TIP — setting “allow recursion” to true may open up your DNS server for DNS attacks or in some cases extra traffic as it can become the default resolver for other networks.

I hope you find this article useful and stay tuned for my next blog post.

Until then!

Happy Learning 😎



Deepak Singh

Sales Eng., Consultant, Solutions Architect, Analyst, Hobbyist Coder. 2 Masters — MBA Georgia Tech, MS Analytics. Interested in technology, business & strategy