- The root hints file (named.root) contains the domain names and IP addresses of the authoritative nameservers for the root zone (represented by a “.”). This file allows a DNS server to resolve domain names that are not in its authoritative and cached data.
- There are 13 root nameservers (a.root-servers.net to m.root-servers.net) distributed across the world, owned by 12 independent operators (at the time of this writing) and accessible via anycast IP addresses.
- All queries from nameservers to the root nameservers are iterative, thereby allowing the root nameservers to refer the client nameservers to other nameservers for domain name resolution.
- DNS forwarders (or just forwarders) are nameservers that accept queries from other nameservers to resolve domain names that are not in their authoritative and cached data.
- All queries to DNS forwarders are recursive, thereby requiring forwarders to reply with a definite answer. Forwarders either return responses based on their authoritative and/or cached data or issue iterative queries to root and other nameservers to determine responses.
Resolution of external domains
When deploying an enterprise DDI (DNS, DHCP, IPAM) solution, a decision must be made whether to allow your internal DNS servers use root hints or a DNS forwarder for the resolution of domain names for which your internal DNS is not authoritative (e.g. external domain names). There is no right or wrong answer here and the decision depends on your enterprise infrastructure, budget and requirements (performance, availability, etc.).
Given below are some basic tests (using dnsperf with a top 10000 domain list) with root hints and some public DNS forwarders. Your organization could also use its own internal DNS forwarder (with redundancy) that all other internal nameservers use.
Given below are some thoughts on using root hints and forwarders for your DNS server.
Some DDI solutions provide value-added features such as shared caches (allows DNS servers to benefit from each other’s caches) and full cache startups (allows DNS servers to save their caches before restarts so that they load their caches upon startup with minimal performance impact).