Must be bollocks. But they just said it on a documentary about the Internet. They even showed some footage of it. It’s held in a ‘secret location’.
This must be tosh.
What do you mean by “all internet addresses?” Are we talking about IP addresses here? Domain names?
My guess is they’re talking about the DNS system, which has (last time I checked) 12 root servers which hold the master zone records for all the top level domain names.
Yes. Domain names.
Later the program went on to say ‘by the end of the century there will be at least 500 million computers on the internet’ So it is at least 4 years old (the documentary)
Well, yeah. They’re all stored on one bigass list. But there’s a dozen big root servers, not just one. And most DNS requests go to the thousands of intermediate servers maintained by local ISPs, which keep the info cached. The root servers are only consulted when the data at the local level goes stale, which is why it takes several days for changes in the DNS system to propogate.
I don’t remember where, but I heard that it was something about DNS and it was stored on six computers, which struck me as fishy as well.
There are in fact 12 root servers, but they don’t actually store the addresses for individual domains. The list stored on the root servers shows which DNS servers contain authoritive information about individual domains. Anyone with their own domain can run their DNS server all you have to do is register it in the root list and point domains at it.
Look here: http://www.dns.net/dnsrd/
to learn more about DNS than you ever wanted to.
or here: http://www.tldp.org/HOWTO/DNS-HOWTO.html
for details on how to set up your own DNS server. Go for it, it’s fun!
To address the tone of the report Lobsang saw: The idea of the DNS records being secret, either now or at any point in the past, is moronic. Keeping the DNS records secret makes as much sense as keeping the NYC Metro phonebook secret.
Is it possible for someone to compile a complete list of all DNS records and then keep that list a closely-guarded secret? Yes. He could even keep that list reasonably up-to-date without much work. But the value of his work is zero since the information is freely-available anyway, must be by design, and will always be available to the world at large before it appears in his Super-Secret List.
They meant the physical computer, not the list or the records. (I’m not saying they were right)
If the root servers and their backups were comprehensively destroyed, the internet would begin to die within minutes & would be all but dead within hours.
So yes, those machines are protected to fierce physical security in addition to the logical security. The locations of control centers for conventional utilities are also pretty secret for the same reason.
One of the primary Internet Exchange Facilities, MAE East, is, judging by its zip code, within about four miles of my house. I’ve lived here for 15 years, yet I have absolutely no idea where it is. Secretive, indeed!
Is this true?
As I understand it, the root servers are of course the authorative source of all addresses, but there are zillions of DNS’s around that contain copies of the more frequently used addresses. Don’t most ISP have their own DNS? So you could just combine those, make a few DNS act as new root server, then re-assign the reference within each DNS, and you’d be as good as new. You’d only lose addresses that weren’t consultated lately, but the owner would surely notice and could ask his ISP?
Please tell me where this reasoning goes wrong.
Actually as I stated in my above post the root servers don’t store * any * address information whatsoever. They just tell you which DNS servers are authoritive for which domains, ie they tell your DNS server where to look for information about the domain you’re looking up. So if the root servers went bye-bye no actual adressing information would be lost, however no one would know where to look. What you’d need to do would be to restore the master list from backup onto a new group of root servers placed on the same addresses as the current one. This isn’t really something that you need to worry about though as we only actually need one of the root servers to be up for the system to function, and all 12 servers are geographically dispersed and in generally well protected data-centers.
I think I should point out that there are two functions DNS servers perform. The first is that they store the addressing information for domains they are authoritive for. For example the DNS server I run, ns1.sitandspinonmy.com is an authoritive host for my domains: sitandspinonmy.com and acerbic.org, and is a secondary/tertiatry DNS server for a few friends. Meaning that when someone asks for information about acerbic.org the root servers direct their request to ns1.sitandspinonmy.com which then answers their request.
The other function that DNS servers perform is the one you’re more familar with, which is to resolve DNS requests for end users. When you’re setting up your internet account and you fill in that field that says “DNS server” this is the service that your setting up. How this works is that you make a request for a name lookup and it goes up to your ISP’s DNS server, it then queries the root server (or more likely another DNS server upstream from it since it’s bad form for small time DNS servers to directly reference the root) to find out where it needs to look to find that information, then it goes out and asks the proper DNS server what the address is and returns the answer to you. Most resolving DNS servers also keep a cache of requests they fill so they don’t have to keep going out to the internet everytime you, or another user, asks for that name to be looked up. This cache does expire after a while and the time limit on that cache is determined by whoever setup the domain on the authortive server (described above)
Look here: http://computer.howstuffworks.com/dns.htm for a more detailed, laymens description on how DNS works.
Thanks for your clear explanation!
There are 12, although there is what they call the A Root Server, which is really the root of the roots. That’s where the data goes first, and distributed to the others from there. That’s held under fairly tight security at VeriSign COM NET Registry, which was until recently called VeriSign Global Registry Services, which used to be Network Solutions before acquisition by VeriSign.