Root Server
A DNS root server (also called a root name server) is a nameserver for the root zone of the Domain Name System. Root servers sit at the top of the DNS hierarchy and are the first step in resolving domain names into IP addresses. They directly answer requests for records in the root zone and respond to other requests by providing a list of authoritative nameservers for the appropriate top-level domain (TLD).
How it works
Root servers are the foundation of the entire DNS system. Every DNS query that cannot be answered from cache begins at a root server. When a recursive resolver needs to look up a domain name, it first queries one of the 13 root server addresses (labeled A through M), which then directs the resolver to the appropriate TLD nameservers for domains like .com, .org, or country-code TLDs.
The DNS root server system works as follows:
**The 13 Root Server Addresses:**
There are 13 sets of root servers, identified by letters A through M (a.root-servers.net through m.root-servers.net). This number was chosen due to technical limitations in the original DNS specification, which limits UDP packets to 512 bytes. Fitting the IP addresses of all root servers within this limit meant a maximum of 13 addresses.
**Anycast Distribution:**
While there are only 13 root server addresses, there are actually over 1,900 physical root server instances distributed worldwide as of 2025. This is achieved through anycast addressing, where multiple physical servers share the same IP address. When you query a root server, you're automatically routed to the nearest instance, improving speed and providing redundancy.
**The Root Zone File:**
Root servers contain the root zone file, which is essentially a directory of all top-level domains (TLDs). This file lists the names and IP addresses of the authoritative DNS servers for every TLD - .com, .org, .edu, .uk, .jp, and hundreds more.
**Query Process:**
1. A recursive resolver receives a query for
www.example.com
2. If not cached, the resolver queries a root server
3. The root server examines the TLD (.com) and responds with the IP addresses of the .com TLD nameservers
4. The resolver then continues by querying the .com TLD servers
5. This process continues down the hierarchy until the IP address is found
Root servers never provide the final IP address for a website - they only provide referrals to TLD servers, which then provide referrals to authoritative servers.Key Points
- There are 13 root server addresses (A-M), but over 1,900 physical instances worldwide using anycast
- Root servers sit at the top of the DNS hierarchy and handle the first step of DNS resolution
- They store the root zone file containing information about all TLD nameservers
- Root servers don't provide final IP addresses - only referrals to TLD servers
- All uncached DNS queries begin with a root server query
Common Use Cases
- DNS Query Initiation: Every uncached DNS lookup starts at a root server, which directs the query to the appropriate TLD nameservers
- TLD Discovery: Root servers maintain the authoritative list of all top-level domains and their corresponding nameservers
- Internet Resilience: The globally distributed anycast architecture ensures DNS remains functional even if individual root server instances go offline
- New TLD Support: When new TLDs are introduced (like .app or .cloud), root servers are updated to include their nameserver information
code The 13 Root Server Addresses
| Type | Host / Name | Value / Points to | TTL |
|---|---|---|---|
| Server | a.root-servers.net | Verisign, Inc. | — |
| Server | b.root-servers.net | ISC (Internet Systems Consortium) | — |
| Server | c.root-servers.net | Cogent Communications | — |
| Server | j.root-servers.net | Verisign, Inc. | — |
* Root servers are identified by letters A through M. Each address represents multiple physical servers distributed worldwide.
Frequently Asked Questions
Why are there only 13 root servers?expand_more
The limit of 13 root server addresses is due to technical constraints in the original DNS specification. DNS responses using UDP are limited to 512 bytes, and fitting the IP addresses of all root servers within this size meant a maximum of 13 addresses. However, this doesn't mean there are only 13 physical servers - through anycast technology, there are actually over 1,900 root server instances worldwide, all sharing these 13 IP addresses.
Who operates the DNS root servers?expand_more
The 13 root servers are operated by different organizations including Verisign (A and J), ISC (B), Cogent Communications (C), the University of Maryland (D), NASA (E), Internet Systems Consortium (F), the US Department of Defense (G), the US Army Research Lab (H), Netnod (I), RIPE NCC (K), ICANN (L), and WIDE Project (M). IANA (Internet Assigned Numbers Authority) coordinates the root zone content.
Can root servers be attacked or taken down?expand_more
Root servers have been targeted by DDoS attacks in the past, but their distributed anycast architecture makes them extremely resilient. With over 1,900 instances worldwide, an attacker would need to overwhelm hundreds of servers simultaneously to significantly impact DNS functionality. Additionally, extensive caching throughout the DNS system means that even if all root servers went offline temporarily, most DNS queries would still be answered from cache.
Do DNS queries always start at root servers?expand_more
No, only queries that can't be answered from cache need to query root servers. Due to DNS caching at multiple levels (browser, OS, recursive resolver), most DNS queries are answered without ever reaching a root server. Recursive resolvers cache both the answers and the referrals from root servers, so they only need to query root servers for domains they haven't recently looked up or when cached data expires.
What is the root zone file?expand_more
The root zone file is a database containing information about all top-level domains (TLDs) in the DNS. It includes the names of TLDs (like .com, .org, .uk) and the IP addresses of their authoritative nameservers. When a root server receives a query, it consults this file to determine which TLD servers to refer the query to. The root zone file is maintained by IANA and distributed to all root server operators.