[the_ancient]

While I am sure the load is high, everytime you look up a .com you are not connecting to Verisign Server.

DNS does not work that way, Major DNS companies like RackSpace and AWS's Route 53 I suspect have higher load DNS than the Root Registries, and they offer the service for free...

[toast0]

> While I am sure the load is high, everytime you look up a .com you are not connecting to Verisign Server.

It depends on what's in your resolver cache. If coming from a cold cache, you would start from the root hints file[1] -- if you ask them for an A record for news.ycombinator.com, they give you the NS records for com. ([a-m].gtld-servers.net, and some A and AAAA records for those); these are the Verisign servers, then you ask one of those, and they tell you to go to amazon dns, then you ask amazon dns and they tell you it's a CNAME to cloudflare and you have to chase that down.

Next time you ask, hopefully, you'll have the delegations for com., ycombinator.com, and cloudflare.net. still in the cache; but if you have a small cache, or a large amount of diversity in domain names, you're still going to make a large number of requests to the Verisign servers; anyway the delegations are served with a 2 day TTL, so you'll need to come back periodically.

[1] ftp://rs.internic.net/domain/named.root

[rms_returns]

> if you ask them for an A record for news.ycombinator.com, they give you the NS records for com.

Why does it have to go to the .com registry? Why can't the NS servers of the registrar (GoDaddy/Namecheap/etc.) themselves provide that resolution (ycombinator.com == xx.xx.xx.xx IP) ? After all the registrars are assigned for that specific purpose, aren't they?

Looks like a centralized bureaucracy to me if each request has to go to the root com/org/net DNS servers.

[zAy0LfpBZLC8mAC]

> Why can't the NS servers of the registrar (GoDaddy/Namecheap/etc.) themselves provide that resolution (ycombinator.com == xx.xx.xx.xx IP) ?

They could. Any name server along the chain could just answer the question if it knew the answer. It's a matter of configuration whether a certain domain is delegated to a different nameserver. And that doesn't end at ycombinator.com. The nameserver for ycombinator.com could delegate subdomains to further nameservers, and so on.

> After all the registrars are assigned for that specific purpose, aren't they?

No, their job is to enter their customers' data into the registry's database, that's it. That is, who the owner of the domain is, and which nameservers it should be delegated to. Some registrars also provide DNS hosting, in which case their customer can choose to have them provide the DNS server that's put into the registry's database for the domain to be delegated to.

Also, the DNS doesn't just map domain names to IP addresses. You can have as many subdomains and hostnames below some domain, each pointing to different IP addresses, and you have other information in the DNS, such as which server is responsible for receiving emails for some domain name.

And in particular, none of this information is necessarily static, or even global. Large websites might have multiple webservers, and when one of them fails, they automatically remove its IP address from their DNS server so the clients only try to use the ones that actually work. Or others run DNS servers that return different IP addresses, depending on which part of the planet the request came from, to direct clients to a server that's geographically close. All of that is only possible because the responsibility is delegated to their own nameserver that they can program to behave however they want.

Also, no, not every request goes to the root servers or the com/net/org servers. Your computer, for example, asks your internet provider's DNS resolver server for any names it needs to look up. Now, your provider's server caches responses. So, if you were to go to ycombinator.com, for example, it wouldn't start at the root again, as is already knows which nameservr is responsible for ycombinator.com, as it has already looked up news.ycombinator.com in order to load this page. So it would ask the nameserver that's responsible for ycombinator.com directly. And that's also the main reason why it's built the way it is: The delegation combined with the caching distributes the load to the many individual name servers of each domain instead of having all the requests hit one central server.