Hosting an F-Root Node

Process Overview

What does it mean to host an F-Root server?

The Domain Name Service is a hierarchical system to resolve domain names into IP addresses. At the root of that hierarchy are 13 different “root letters” managed by 12 different organizations known as Root Server Operators. Each RSO operates one or more root server instances.

To “operate” a server means to be responsible for what it does. To “host” a server means to provide space, electrical power, internet access, and remote-hands support to the server operator.

Internet Systems Consortium (ISC), isc.org, operates F-Root and hosts some of its servers. The F-Root servers not hosted by ISC are hosted by other organizations willing to provide the resources to support an F-Root server, in return for the benefits of having a root server on their premises, to provide highest-quality root name service to its customers or members.

This document describes the requirements, details, and procedures for hosting an F-Root node that will be operated by ISC on your premises.

Who can host an F-Root?

Any organization can host a root server if the root operator permits; there are no specific rules. ISC requires that F-Root servers be hosted in professionally-managed data centers or internet exchanges, which must have redundant electrical power, adequate security, cooling, and local hands. An organization hosting an F-Root server must contract not to tamper with it, not to interfere with its operation, and not to commercialize access to it.

Who benefits from additional root servers?

If the internet is running smoothly, a very small number of root servers can satisfy the root service need of the entire world. But there are always attacks, failures, misconfigurations, overloads, and other problems. Therefore the internet community, collectively, benefits from having a larger number of servers that use anycast routing. In addition to providing load balancing that makes sense in both a geographic and network-wise fashion, nycast also protects the whole service. One server can draw attack traffic while those in other regions and sites remain accessible to provide service.

What is ISC’s current architecture for an F-Root server?

We are now installing only single-box servers, which we call “F-Single” to differentiate them from older F-Root installations that have several servers and routers and switches making up the installation. The F-Single peers with your Route Server, which in turn peers with the networks that will use F-Root service.

The hardware is a 1U Dell PowerEdge R350 with an Enterprise iDRAC license, including a bootable SD-Card so that we can remotely reinstall and re-provision the operating system without the need for remote hands and significant amounts of RAM.

This system functions as both root server and router: it speaks BGP directly to all willing peers at a routing exchange, and will accept full customer routes from your route server.

Organizations that host F-Root servers are not given access to the device, so it doesn’t matter to the host organization what software is running there. It’s our job to maintain it, not yours. But there is no reason not to explain that we use the latest stable versions of FreeBSD, BIND, and BIRD as the basis for F-Root.

What does it cost and what is the process?

Review the Technical Requirements for Hosting an F-Root Node.

Complete an application to supply all the information to ISC that we need.

ISC technical staff will review the information provided, and decide if you are an appropriate site for a new node. You will need to agree to a Memorandum of Understanding (MoU) that sets out the terms under which this F-Root server is operated, and describes the process by which either party can request that the arrangement be terminated and the server taken offline.

Once the MoU is signed, you must acquire the server hardware. We ask that you buy it locally in your country, so that it will be covered by the vendor’s extended warranty and service and will not be subject to import duty. If you buy a large number of machines from Dell and are subject to a discount of some sort, your discount will apply. Currently our recommended server configuration from Dell Computer costs about $3200 delivered. Prices vary from country to country, of course.

We work only with Dell server computers for F-Root because of their unique ability to be managed remotely. Our RAM and CPU requirements are somewhat high due to a need to handle the continued growth of both the root zone as well as the global internet routing table.

You buy the computer, install it in your data center, and provide power and three separate internet connections. One connection is for our access to the server’s remote management device (iDRAC), one connection is for general management access, and the third connection is to the Internet Exchange point, for BGP peering and F-Root service. When the server is installed, contact ISC and let us know. We will coordinate with you so that we can log-in remotely, load the operating system and the other software, and configure it. We can then announce availability of a new F-Root node!