New replica K-root Name Server

New replica of K root names server

CSUC has launched a new replica of the k-root Name Server at CATNIX. This replica has been on trials with Anella Científica from its installation on August 18. With the new K-root replica, the latency from the K-root to Anella Científica has decreased, from 40 ms to 1 ms.

The K-root replica name server, managed by RIPE NCC since 1997, is provided by a set of distributed nodes using anycast IPv4 and IPv6. The node at CATNIX announces the prefix and 2001:7fd::/48, originated in AS25152, to those CATNIX members wishing to reach it through CATNIX's services router.

Until May 2015, the K-root name server infrastructure had just a few replicas (5 global and 12 local, 17 in total). For this reason, RIPE NCC decided to start an expansion plan to expand its coverage. Following such plan, CSUC expressed interest in hosting a K-root server at the CATNIX.

In addition to this K-root replica, CATNIX allocates replicas of 3 other root name servers: L-root name server, operated by the Internet Corporation for Assigned Names and Numbers (ICANN); F-root server, operated by the Internet Systems Consortium; and J, .com and .net root servers, operated by VeriSign. They improve DNS response times and increase security as they guarantee the service in case of Distributed Denial of Service Attacks (DDoS).

The DNS, one of the Internet pillars, is based on a hierarchical structure in which millions of globally distributed servers have all the information needed to make the system work. The root system comprises 13 servers named with the first 13 letters of the alphabet (from A to M). Of these root servers, 10 are located in the United States, 2 in Europe, and 1 in Japan. The limited number of root servers and their high concentration in the US resulted in a weakness in security and stability, especially regarding DDoS. That is why nowadays many replicas of root servers are distributed around the world to improve the security and availability of this critical service for the proper functioning of the network, because when DNS does not work or its access is degraded, regular applications (web, mail, etc.) are useless or penalized.