Reason for Limited number of Root DNS Servers

Kevin Darcy kcd at chrysler.com
Fri Nov 11 16:20:30 UTC 2011 

On 11/11/2011 4:30 AM, Gaurav Kansal wrote:
> Thanks a lot Mark.
> But  I don't understand the calculation part.
> Is there any source available from which I can get detail information
> regarding the same??????
>
>
>
> Thanks and Regards,
> Gaurav Kansal
> 9910118448
>
>
>
> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org]
> Sent: Friday, 11 November, 2011 12:14 PM
> To: Gaurav Kansal
> Cc: bind-users at isc.org
> Subject: Re: Reason for Limited number of Root DNS Servers
>
>
> In message<004c01cca034$259d4870$70d7d950$@nic.in>, Gaurav Kansal writes:
>> Dear All,
>>
>>
>>
>> Somewhere I read that number of ROOT DNS servers is limited to 13
>> because of protocol limitation of DNS and UDP.
>>
>> Exact writing was  "A combination of limits in the DNS and certain
>> protocols, namely the practical size of unfragmented User Datagram
>> Protocol
>> (UDP) packets, resulted in a limited number of root server addresses
>> that can be accommodated in DNS name query responses. This limit has
>> determined the number of name server installations at (currently) 13
>> clusters, serving the needs of the entire public Internet worldwide."
>>
>> As root DNS are running in anycast so number is not an issue at all.
>> But I don't understand where exactly is this limitation exists???
>>
>> Please some elaborate on this.
>>
>> Thanks and Regards,
>>
>> Gaurav Kansal
>>
>> 9910118448
> 	Actually despite the words above it has *nothing* to do
> 	with unfragmented UDP and everything to with being able to
> 	reassemble fragmented UDP.
>
> 	All IPv4 hosts MUST accept fragmented packets up to 576
> 	octets (RFC 791).  DNS's 512 octet UDP limit was choosen to
> 	ensure that the UDP datagram can always be reassembled and
> 	for there to be room for some IP options in addition to the
> 	IP and UDP headers.
>
> 	Originally there wasn't commonality in the root server's
> 	names.  Then it was said if we make the maximum use of
> 	compression how root servers can we fit into a DNS/UDP
> 	message?
>
> 	The first NS record takes 31 octets (1 + 2 + 2 + 4 + 2 + 20).
>
> 	Additional a NS records for . takes 15 octets (1 octets for
> 	the name, 2 octets for the class, 2 octets for the type, 4
> 	octets for the ttl, 2 octet for length and 4 of actual data).
>
> 	A "A" record with a compressed ownername takes 16 octets
> 	(2 octets for the name, 2 octets for the class, 2 octets for the
> 	type, 4 octets for the ttl, 2 octet for length and 4 of actual
> data).
>
> 	Then there is the 12 octet header and the 5 octet question.
>
> 	Doing the math on priming queries you get the following:
>
> 		13 names uses 436 octets
> 		14 names uses 467 octets
> 		15 names uses 498 octets
>
> 	If you have a referral to the root with a maximum sized qname
> 	it takes 482 octets (12 + 255 + 4 + 31 + 15 * 12).
> 	
I believe you only need to read RFCs 1034 and 1035 thoroughly to 
understand the structure and size of a response packet, including label 
compression. Mark's calculations didn't include any later protocol 
extensions like EDNS0 or DNSSEC-related records, although with a modern 
resolver you might see those come into play.

                                                                         
                                                                         
- Kevin

More information about the bind-users mailing list