Selectel Hosts K-Root Node


Last year was a banner year for Selectel. Of all our accomplishments, one in particular affected not just our clients, but the entire Internet communit: being chosen to host a K-root DNS node. In this article, we’ll be talking about what this all means and how we came by this prestigious responsibility.

Root DNS: Overview

As you know, DNS systems are used to facilitate communication between domain names and IP addresses. At the highest tier of the DNS hierarchy, you’ll find root servers. These contain information on all of the top level domains (TLD), which specify the trusted name servers recursive DNS queries should be sent to.

The DNS system was created in the 1980s, and up until the year 2000, the root DNS system consisted only of the original server (it was originally named, but was later renamed and its replicas, which were subsequently named alphabetically:,, and so forth up to Each of the thirteen root servers are managed by different operators.

Since the early 2000s, the root server system has been using anycast technology. This has significantly helped expand the system geographically and has made it much more reliable. Each root server is connected to service nodes located all over the world.

The K-root operator is RIPE NCC, a non-profit organization. Let’s take a closer look at how the K-root system is built in terms of architecture.

K-Root System Architecture

This spring, the K-root system adopted a new, updated architecture. To better understand these changes, we’ll take a brief look at its previous structure.

In the old architecture, all K-root nodes were divided into two categories: core nodes, which were powerful domain name servers with separate routing systems and switches, and local nodes. Each local node included the following components:

  • a router, which announced the K-root network at the Internet exchange point;
  • two name servers for processing requests;
  • a switch.

Below is a visual representation:


In the new architecture, the entire concept of “local nodes” has gone out the window, and
in their place, “hosted nodes” are used. Hosted nodes are built on Dell servers (we’ll talk about the hardware requirements of these servers in a bit). They don’t include any additional network equipment. The servers, which have been equipped with special software, establish the BGP session themselves with routers provided by the hosting provider and announce the K-root prefix.

The server is responsible for announcing the K-root prefix in AS25152. Thanks to anycast technology, there is practically no difference between core nodes and hosted nodes.

In this new architecture, configurations are managed using Ansible, which automates and accelerates software deployment. Different DNS software is installed on different nodes: BIND, NSD, and Knot. To find out which software is running on the K-root node nearest you, you can use the dig utility:

$ dig version.bind chaos txt +short
"Knot DNS 1.6.4"

$ dig version.bind chaos txt +short
"NSD 4.1.3"

The internal routing system has also been changed; the OSPF (Open Shortest Path First) protocol has been replaced by iBGP, and for prefix announcing, exabgp is used.

Hardware Requirements for K-Root Instances

RIPE NCC has published the following requirements for K-root nodes:

  • Dell PowerEdge R220 or R320;
  • 16 GB RAM;
  • Intel Xeon quad-core processor;
  • PERC H310 RAID controller;
  • two 500 GB SATA drives;
  • integrated iDRAC 7 Enterprise remote access controller;
  • two power supplies;
  • dedicated IP addresses (IPv4 or IPv6).

How We Became K-Root Hosts

The root DNS system is constantly expanding. The organization that oversees root servers periodically announces a competition for hosting new nodes. Any communications provider can take part as long as their technical infrastructure meets the given requirements.

We found out about the plans to expand the K-root system in April, 2015. A competition was held for potential K-root hosts, wherein the technical and organizational capabilities of the candidates were evaluated. An important criterion in this competition is connectivity; only superior connectivity can guarantee the new server will be able to serve a large number of clients.
We submitted all of the necessary paperwork and our candidacy was quickly approved.

Afterwards, we ordered a server that met the advertised RIPE NCC requirements. By August, it was already installed in one of our data centers.

Our decision to host a K-root node was by no means commercially motivated. Before the server was installed, we signed a memorandum of understanding with RIPE NCC, which expressly stated that both parties express an interest in improving the connectivity of the DNS system; there was no mention of any financial or commercial compensation.

So what are the benefits of taking part in this non-profit endeavour?
Firstly, this reaffirmed the stability and reliability of our infrastructure. Secondly, this was our chance to make a contribution to the development of the root DNS system, and we have successfully boosted its reliability and fault-tolerance.

The K-root node hosting contract has an open term, and we are interested in developing our partnership with RIPE NCC. We hope to be able to take part in future projects to help develop the Internet as a whole.