Threat Intelligence 101

DNS Root Servers Explained: Concept and Location

Posted: 29th March 2024
By: Esteban Borges

The Domain Name System is one of the most important internet services in existence, without which we wouldn't be able to access any online content or even send an email. In fact, every time we try to connect to a website or any other online service, DNS root servers help our computers find and reach the desired addresses.

In the context of DNS security and intelligence, these root servers gain even more significance. DNS security is vital in defending against cyber threats that exploit DNS vulnerabilities, while DNS intelligence helps in analyzing and interpreting DNS data to identify potential security risks.

Understanding the role and operation of DNS root servers is key not just for navigating the internet, but also for strengthening our defenses against cyber threats and enhancing our capabilities in cyber intelligence.

DNS root servers are a crucial part of the entire DNS and for that matter, the Internet, but there isn't that much information about them available. There are also a few myths floating around. So today, we'll learn what root servers are, what they do and how many of them are really out there.

What are DNS root servers?

Root servers, or DNS root servers, are name servers that are responsible for the functionality of the DNS as well as the entire Internet. They're the first step in the name resolution of any domain name, meaning they translate domain names into IP addresses.


The mapping of domain names to IP addresses works in a hierarchical order using DNS zones. Root servers serve the root zone, which tops the hierarchy, and they publish the root zone file. The root zone is the global list of top-level domains and it contains the generic top-level domains (.com, .net, .org), country code top-level domains (.no, .se, .uk), and internationalized top-level domains which are ccTLDs written in the countries’ local characters. The root zone comes from the Internet Assigned Numbers Authority (IANA), which is part of the Internet Corporation for Assigned Names and Numbers (ICANN).

The root zone is signed using DNSSEC, and sent to the root server operators to publish to their root servers. In turn, the root zone file contains resource records for the authoritative servers of all TLDs. Because of this, they can work two ways:

  • Answer directly to queries for those resource records in the root zone or
  • Refer queries to the appropriate name servers for the requested TLD

While in the second case they aren't directly involved in name resolution, root servers are in the root (figuratively and literally) of the entire Internet's infrastructure. Without them, most of the online world we know and use today wouldn't be accessible.

How do root servers work?

The way root servers work comes down to the process of name resolution:

  1. When you type in recordedfuture .com in your web browser it will first go to either an ISP DNS server or another DNS server you've configured. Sometimes, that DNS server may have the information on the domain stored in cache, and if that's the case it will simply respond with the information and serve you that website.
  2. However, if it doesn't have that information stored, the DNS server will send a query to the root server. The root servers won't have information on a specific IP address for recordedfuture .com, but it will know where the name servers that serve that TLD(.com) are.
  3. Root servers will return the list of TLD servers so the provider or configured server can again send a query, this time to a TLD server.
  4. The TLD server will then return the authoritative name server where the desired domain is stored.
  5. This is when the server that made the request sends a query to the authoritative server hosting the zone of the domain in question.
  6. Once the request has reached the authoritative server, it will respond to the requesting server with the IP address for recordedfuture .com
  7. When the requesting server has this information, it will cache it for future requests and will return the answer to your resolver, which will send it to your web browser and allow you to access the desired website.

Where are the DNS root servers located?

There are hundreds of root servers at over 130 locations all over the world. ICANN is responsible for the servers for one of the 13 IP addresses and entrusts the operation of the rest to various other organizations. In total, there are 12 organizations held responsible, with VeriSign operating two of them (a and j

List of the DNS root server locations


IP address IPv4 / IPv6

Organization, 2001:503:ba3e::2:30

VeriSign, Inc., 2001:500:200::b

University of Southern California (ISI), 2001:500:2::c

Cogent Communications, 2001:500:2d::d

University of Maryland, 2001:500:a8::e

NASA, 2001:500:2f::f

Internet Systems Consortium, Inc., 2001:500:12::d0d

US Department of Defense (NIC), 2001:500:1::53

US Army (Research Lab), 2001:7fe::53

Netnod, 2001:503:c27::2:30

VeriSign, Inc., 2001:7fd::1

RIPE NCC, 2001:500:9f::42

ICANN, 2001:dc3::35

WIDE Project

Stats and Facts

According to “As of 2024-01-22T14:56:50Z, the root server system consists of 1756 instances operated by the 12 independent root server operators.”

Some other cool facts about these servers are the number of queries received, which reached its peak in 2021, with almost 150 billions. The page also offers other stats such as Queries by Protocol, Queries by RSI, UDP vs TCP and IPv4 vs IPv6.

The page also offers an interactive map with the exact location of the authorities responsible for root servers available at

DNS Root Servers Location / Map

Source: OpenStreetMap

Root DNS Servers FAQ

What is a Root Zone File?

A Root Zone File, central to the DNS hierarchy, is a comprehensive database comprising all top-level domains (TLDs). Managed by the Internet Assigned Numbers Authority (IANA), this file is key in converting user-friendly web addresses into IP addresses. When a DNS resolver, like those operated by internet service providers, queries a domain name, it contacts a root name server. This server, one of several root server instances, uses the root zone file to direct the query to the appropriate TLD's authoritative name servers.

What Happens if a DNS Root Server Becomes Unavailable?

In the event a DNS root server, such as a managed by VeriSign, Inc., or another operated by the University of Maryland, becomes unavailable, the system's fault tolerance ensures continuity. The network of root DNS servers, which includes entities like Cogent Communications and the Army Research Lab, has been designed to handle such situations. DNS queries are rerouted to other available root name servers, and the use of load balancing routers and diverse server addresses helps maintain steady DNS server functionality. This redundancy means that even if one server goes offline, others are ready to take over, ensuring most internet users experience no noticeable interruption.

What Would Happen if All Root Servers for DNS Would Shut Down?

A total shutdown of all root DNS servers would significantly impact the internet, offering cybercriminals a prime opportunity to exploit vulnerabilities. New DNS queries, especially those requiring a fresh lookup of the same address, would fail, as there would be no root server to initiate the DNS resolution process. While cached DNS data on local DNS servers might temporarily sustain access to some websites, most internet users would quickly encounter issues accessing new websites. This potential impact highlights the critical role that DNS root servers, including the well-known a.root-servers .net, play in the global internet infrastructure.


The DNS is responsible for almost everything connected to the Internet, and as with everything, the root system supports the branches. The importance of DNS root servers isn't widely discussed—the end user rarely needs to worry about them—but in the grand scheme of things, they truly are the Internet's backbone.

We also hope we've dispelled a few misconceptions about the actual number of root servers. So the next time someone says there's 13, not only will you know the truth, you'll also know the how and the why behind it.

Did you know Recorded Future possesses the world's largest DNS data set?

This extensive resource enables our customers to proactively identify and stay ahead of unknown hosts and domains, which could serve as potential entry points for attackers. Discover how you can actively uncover, prioritize, and respond to vulnerabilities across your digital attack surface. Book your demo today.

Esteban Borges Blog Author
Esteban Borges

Esteban is a seasoned security researcher and IT professional with over 20 years of experience, specializing in hardening systems and networks, leading blue team operations, and conducting thorough attack surface analysis to bolster cybersecurity defenses. He's also a skilled marketing expert, specializing in content strategy, technical SEO, and conversion rate optimization. His career includes roles as Security Researcher and Head of Marketing at SecurityTrails, before joining the team at Recorded Future.