October 16, 2015 at 13:30

Remote K-root node in Selectel

    image

    The increase in the number of Internet users in developing countries entails the need to develop the appropriate infrastructure, including DNS servers.

    Over the past few years, the geography of root DNS servers has been significantly expanded. More recently, the working nodes of the root servers were mainly concentrated in Europe and the USA, today they appear in the countries of Asia, Africa, South America. This year, one of the K-Root server nodes was installed even in Iran , from which Western sanctions have not yet been lifted.

    The issue of expanding the root DNS system is relevant for Russia. We managed to make a certain contribution to his decision: in August this year, we hosted one of the nodes of the K-Root root DNS server. In this article we will talk about its architecture and participation in the competition for its placement.

    Root DNS Servers: Quick Reference


    As you know, the DNS system is used on the Internet to provide a connection between domain names and IP addresses. The highest level of the DNS hierarchy is occupied by root servers. They contain information about all top-level domains (TLDs). This information indicates which authoritative NS servers need to send a subsequent request to recursively resolve the domain name.

    DNS was created in the 1980s. From this time until the year 2000, the system of root DNS servers consisted of a primary server (it was first called ns.internic.net, but then it was renamed a.root-servers.net) and its replicas, which later received names by Letters of the Latin alphabet: b.root-servers.net, c.root-servers.net and so on - up to m.root-servers.net. Each of the thirteen root servers is managed by a separate operator.

    Since the early 2000s, the Anycast technology has been used in the root server system. This contributed to a significant expansion of its geography and increase the level of reliability. Around each root server is a system of service nodes located around the world.

    The operator of the K-root server system is the nonprofit organization RIPE NCC . Let's take a closer look at how the K-root system works from an architectural point of view.

    K-root system architecture


    In the spring of this year, the K-root system switched to a new, modernized architecture. To better understand the essence of all recent changes, we will briefly consider how everything was arranged earlier.

    In the old architecture, all nodes of the K-root system were divided into two types: core (core nodes) - powerful DNS servers with a separate system of routers and switches and local (local nodes). Each local node included the following elements:
    • the router that announced the k.root network to the participants of the traffic exchange point;
    • two NS-servers for processing requests;
    • switch.

    Graphically, this diagram can be represented as follows:

    Old K-Root DNS Server Host Architecture

    In the new architecture, the concept of a “local node” is absent altogether. Instead, the term “hosted node” is used.
    Remote sites are organized on the basis of Dell servers. There is no network equipment as part of the remote nodes.
    Servers on which specialized software is installed themselves establish a BGP session with the routers of the hosting provider and announce K.Root prefixes on behalf of AS25152. Thanks to Anycast technology , the distinction between the primary and remote sites is essentially leveled.

    New K-Root DNS Server Remote Node Architecture


    Ansible ( presentation of the RIPE NCC engineer ) is used to manage configurations , which allows you to speed up and automate software deployment processes. As working software, BIND , NSD and Knot are used .

    To find out which server is installed on the k.root node closest to you, use the dig utility:
    $ dig @k.root-servers.net version.bind chaos txt +short
"Knot DNS 1.6.4"
$ dig @k.root-servers.net version.bind chaos txt +short
"NSD 4.1.3"

    Exabgp is used to announce prefixes .

    Technical requirements for local nodes


    For servers acting as local K-root hosts, RIPE NCC has the following requirements:
    • Dell Power Edge 2xx family model (preferably R320 or R420);
    • at least 16 GB of RAM;
    • multi-core processor;
    • at least 2 Ethernet ports with a total bandwidth of 2 GB / s;
    • PERC H310 RAID Controller
    • two SATA disks with a capacity of 500 GB each;
    • the presence of an integrated remote access controller iDRAC 7 Enterprise;
    • the server has two power supplies;
    • IP address allocation (both IPv4 and IPv6).

    The potential host must provide the RIPE NCC server with the characteristics described above. In our case, we installed an additional power supply for connecting the server to different power inputs.

    K-root hosting: how we got it


    The DNS root server system is constantly expanding. Organizations that control the root servers periodically announce a competition for the placement of new service nodes. Any telecom operator whose technical infrastructure meets the requirements of the operator can take part.

    We learned about plans to expand the K-root system in April 2015. A contest was held among candidates for the location of new nodes of the K-root system, during which the technical and organizational capabilities of potential hosters were evaluated. An important selection criterion in this competition is the presence of good connectivity. Only good connectivity can guarantee that a new server can serve a large number of clients.

    We filled out all the necessary documents, and soon our candidacy was approved.

    After that, we ordered a server that meets the requirements of RIPE NCC, and by August it was installed in one of our data centers.

    Hosting the K-root site is a completely non-profit project. Before installing the server, we signed a protocol of understanding with RIPE NCC (a sample in English can be viewed here ), which explicitly states that both parties express interest in improving the connectivity of the DNS system - and not a word about the monetary component.

    The K-root host hosting agreement is unlimited. Both we and RIPE NCC are interested in developing partnerships.

    What does it give us


    What are the benefits of participating in this nonprofit project?

    The only obvious advantage is the notorious plus in karma: we made a small but still contribution to the development of the DNS system and to the increase of its fault tolerance.

    We hope that in the future we will be able to take part in other large-scale projects for the development of the Internet.
    Tags:

    Also popular now: