What are DNS root servers?

Role and position 🌐

Root servers sit atop the DNS hierarchy, holding the root zone and pointing resolvers to TLD name servers (.com, .jp, etc.). A quick glossary for resolver/authoritative/DNSSEC is here.

How it works

• Recursive resolvers use root hints to query a root server; the root replies with TLD server info.
• They serve the root zone—not individual domain records.
• The root zone is signed (DNSSEC) and anchors the validation chain.

13 identifiers, not 13 boxes 🔢

A–M are just 13 labels; the actual footprint is much larger.

Why 13

• Historically, root server names were set to 13 (A.root-servers.net through M.root-servers.net).
• Each is run by a different operator (e.g., A=Verisign, B=USC-ISI, C=Cogent, J=Verisign, L=ICANN, M=WIDE, etc.).

Anycast everywhere

• Each identifier has many anycast sites; traffic goes to the nearest instance.
• Overall, there are hundreds to thousands of physical servers worldwide.

Why people say “13 servers”

• Seeing only the 13 identifiers makes it sound like 13 machines, but each has many instances.
• Early articles sometimes said “only 13,” and the phrasing stuck.
• RSSAC and the operators publish counts of anycast sites; the footprint is much larger.

Common misconceptions

It’s not a fragile set of 13 boxes; it’s globally redundant.

Myths vs. reality

• There are far more than 13 machines, so “only 13, so fragile” is incorrect.
• Multiple operators and geographic spread provide robustness.

Practical notes 💡

You don’t run root servers yourself, but knowing the basics helps troubleshooting.

Good to know

• Use `dig . NS` or `dig . DNSKEY` to view root zone data.
• Resolvers hit nearby anycast instances, so paths/latency differ by region.
• Root hints ship with DNS software; you don’t need to manage them manually in normal setups.