Hosting an F Root node

An overview of the process

What does it mean to host an F-Root server?

The Domain Name Service is a hierarchical system to resolve domain names into IP addresses. At the root of that hierarchy are 13 different “root letters” managed by 12 different organizations. Each root letter organization operates one or more root servers. All of the servers operated by “A” are referred to as “A Root”, all servers operated by “B” are referred to as “B Root”, and so forth. Each server implementing B-Root functionality is referred to as an “instance” of B Root.
To “operate” a server means to be responsible for what it does. To “host” a server means to provide space, electrical power, internet access, and remote-hands support to the server operator.
Internet Systems Consortium (ISC),, operates F Root and hosts some of its servers. The F-Root servers not hosted by ISC are hosted by other organizations willing to provide the resources to support an F-Root server, in return for the benefits of having a root server on their premises, to provide highest-quality root name service to its customers or members.
This document describes the requirements, details, and procedures for hosting an F-Root node that will be operated by ISC on your premises.

Who can host an F Root?

Any organization can host a root server if the root operator permits; there are no specific rules. ISC requires that F-Root servers be hosted in professionally-managed data centers or internet exchanges, which must have redundant electrical power, adequate security, cooling, and local hands. An organization hosting an F Root must contract not to tamper with it, not to interfere with its operation, and not to commercialize access to it.

Who benefits from additional root servers?

If the internet is running smoothly, a very small number of root servers can satisfy the root service need of the entire world. But there are always attacks, failures, misconfigurations, overloads, and other problems. Therefore the internet community, collectively, benefits from having a larger number of servers that use anycast routing. In addition to providing load balancing that makes sense in both a geographic and network-wise fashion, nycast also protects the whole service. One server can draw attack traffic while those in other regions and sites remain accessible to provide service.

What is ISC’s current architecture for an F-Root server?

We are now installing only single-box servers, which we call “F-Single” to differentiate them from older F-Root installations that have several servers and routers and switches making up the installation. The F-Single peers with your Route Server, which in turn peers with the networks that will use F-Root service. The hardware is a 1U Dell PowerEdge R430 with an Enterprise iDRAC license, including a bootable SDCard so that we can remotely reinstall and re-provision the operating system without the need for remote hands and significant amounts of RAM. This system functions as both root-server and router: it speaks BGP directly to all willing peers at a routing exchange, and will accept full customer routes from your route server. ISC may also run other public-benefit services on this system (nothing commercial) such as [SNS-PB, AS 112, looking glasses, traffic analysis tools, etc].
Organizations that host F Roots are not given access to the device, so it doesn’t matter to the host organization what software is running there. It’s our job to maintain it, not yours. But there is no reason not to explain that we use the latest stable versions of FreeBSD, BIND, and BIRD as the basis for F Root.

What does it cost and what is the process?

  1. Review the Technical Requirements for Hosting an F Root Node.
  2. Complete an application, to supply all the information to ISC that we need.
  3. ISC technical staff will review the information provided, and decide if you are an appropriate site for a new node. If we decide to proceed, ISC will send you a Memorandum of Understanding (MoU) that sets out the terms under which this F-Root server is operated, and describes the process by which either party can request that the arrangement be terminated and the server taken offline.
  4. Once the MoU is signed, you must acquire the server hardware. We ask that you buy it locally in your country, so that it will be covered by the vendor’s extended warranty and service and will not be subject to import duty. If you buy a large number of machines from Dell and are subject to a discount of some sort, your discount will apply. Currently our recommended server configuration from Dell Computer costs about €5500 ($6000) delivered. Prices vary from country to country, of course. We work only with Dell server computers for F Roots because of their unique ability to be managed remotely. Our RAM and CPU requirements are somewhat high due to a need to handle the continued growth of both the root zone as well as the global internet routing table.  Once the MoU is signed, ISC will provide exact specifications for the Dell configuration that you take to your local Dell sales group.
  5. You buy the computer, install it in your data center, and provide power and three separate internet connections. One connection is for our access to the server’s remote management device (iDRAC), one connection is for general management access, and the third connection is to the Internet Exchange point, for BGP peering and F-Root service.
  6. When the server is installed, contact ISC and let us know.  We will coordinate with you so that we can log-in remotely, load the operating system and the other software, and configure it.
  7. We can then announce availability of a new F Root node!

Last modified: November 3, 2016 at 10:51 am