⛷️ 🎾 🗨️ The National Domain Name System: A First Look 🔯 👩‍👩‍👧 ‼️

Since the beginning of this year, the National Domain Name System - NSDI has been operated in Russia, which you can already read about on Habr , and the RKN sends letters with requirements to it to providers and the owner of autonomous systems. At its core, it is a set of public DNS servers available to everyone and offered for use by both providers and end users of the Internet. Unfortunately, I have little idea of how the global domain name system is specifically organized and functioning, or how the work of servers serving, for example, the zoneRU.

, and I hope this article, including, to draw attention to this issue of people who understand this or participate in this process - it should be very interesting and informative, in order to tell everyone about it. Therefore, my first glance will be about addressing, routing, delays, for which, among other things, RIPE Atlas tools will be used , and, of course, about DNS, but exactly as far as I understand this. A distinctive feature of this particular national system is its accessibility for research, so I hope my first glance will be continued and picked up to consider this issue from all sides.

From the article already mentioned above, the links can be used to find the original RKN letter, from which we know that they exist:

194.85.254.37 - a root DNS server that allows, among other things, to perform a query AXFR

, that is, to get the root zone "as is", but for this you need to get into the list of trusted servers and I do not have such an opportunity
a.auth-nsdi.ru , b.auth-nsdi.ru - also root DNS, allowing non-recursive queries of records from the root zone
a.res-nsdi.ru , b.res-nsdi.ru - recursive resolvers allowing to query any record

Immediately I would like to draw your attention to the fact that the system is in a very mobile state, as it should be for any system at the initial stage of operation, and indeed for an Internet system. And the meticulous reader has probably already found that there exist, for example, c.auth-nsdi.ru and d.auth-nsdi.ru , which have not yet responded to requests. But this means that in a couple of months or weeks, the situation as described in this article may change dramatically. Remember this.

Root servers

194.85.254.37 194.85.254.0/24, RIR - 2020 , AS62135. CHAOS TXT :

version.bind - "PowerDNS Authoritative Server 4.4.0-alpha3.125.master.g6835270cd (built Nov 16 2020 18:13:24 by root@b6b5979d40d3)"
id.server - mu.cmu.msk-ix.ru

NSID - "mu.cmu.msk-ix.ru", RIPE Atlas .

	NSID	()
	mu.cmu.msk-ix.ru	39,5
-	mu.cmu.msk-ix.ru	10,7
--	mu.cmu.msk-ix.ru	19,1
	mu.cmu.msk-ix.ru	24,1
	mu.cmu.msk-ix.ru	3,2
	mu.cmu.msk-ix.ru	14,0
	mu.cmu.msk-ix.ru	20,4
	mu.cmu.msk-ix.ru	25,4
	mu.cmu.msk-ix.ru	32,2
	mu.cmu.msk-ix.ru	44,3
	mu.cmu.msk-ix.ru	50,3
	mu.cmu.msk-ix.ru	81,4
	mu.cmu.msk-ix.ru	101,9

, , , - . , .

a.auth-nsdi.ru b.auth-nsdi.ru IPv4

IPv6

195.208.6.0/24, 2a0c:a9c7:a::/48,195.208.7.0/24 2a0c:a9c7:b::/48, RIR , 2020. AS41740 c as-name NDNS. AS 12 , :

193.232.147.0/24, 193.232.253.0/24, 195.208.5.0/24, 195.208.4.0/24, 195.208.6.0/24, 195.208.7.0/24, 2a0c:a9c7:a::/48, 2a0c:a9c7:253::/48, 2a0c:a9c7:147::/48, 2a0c:a9c7:b::/48, 2a0c:a9c7:9::/48, 2a0c:a9c7:8::/48

NSID CHAOS TXT id.version

. RIPE Atlas (30376498, 30376499, 30376500, 30376501) .

	a.auth-nsdi.ru		b.auth-nsdi.ru
	NSID	()	NSID	()
`IPv4/IPv6`	auth1-spb.ix.ru, auth2-spb.ix.ru	28.3	auth1-khouse.ix.ru, auth2-khouse.ix.ru	36,6
`IPv4/IPv6`	auth1-khouse.ix.ru, auth2-khouse.ix.ru	40,0	auth1-rnd.ix.ru, auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth2-spb.ix.ru	41,3
- `IPv4/IPv6`	auth1-spb.ix.ru, auth2-spb.ix.ru	1,4	auth2-spb.ix.ru, auth1-spb.ix.ru	1,3
- `IPv4/IPv6`	auth2-kzn.ix.ru, auth1-kzn.ix.ru	76.4	auth1-nsk.ix.ru, auth2-rnd.ix.ru, auth2-nsk.ix.ru, auth2-vlv.ix.ru	229,0
-- `IPv4/IPv6`	auth2-rnd.ix.ru, auth2-khouse.ix.ru, auth1-rnd.ix.ru, auth1-khouse.ix.ru	0,8	auth1-rnd.ix.ru, auth2-rnd.ix.ru, auth2-khouse.ix.ru	0,8
-- `IPv4/IPv6`	auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth2-rnd.ix.ru, auth1-rnd.ix.ru	0,7	auth1-rnd.ix.ru, auth1-khouse.ix.ru, auth2-rnd.ix.ru	0,7
`IPv4/IPv6`	auth2-khouse.ix.ru, auth1-khouse.ix.ru	23,5	auth1-khouse.ix.ru, auth2-khouse.ix.ru	23,5
`IPv4/IPv6`	auth1-khouse.ix.ru, auth2-khouse.ix.ru	21,3	auth1-rnd.ix.ru, auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth2-spb.ix.ru	21,4
`IPv4/IPv6`	auth1-kzn.ix.ru, auth2-kzn.ix.ru	17,1	auth1-khouse.ix.ru, auth2-khouse.ix.ru	2,6
`IPv4/IPv6`	auth2-kzn.ix.ru, auth1-kzn.ix.ru	16,9	auth1-spb.ix.ru, auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth2-spb.ix.ru	5,4
`IPv4/IPv6`	auth2-khouse.ix.ru, auth1-khouse.ix.ru	13,6	auth1-khouse.ix.ru, auth2-khouse.ix.ru	13,6
`IPv4/IPv6`	auth2-kzn.ix.ru, auth1-kzn.ix.ru	91,8	auth1-nsk.ix.ru, auth2-rnd.ix.ru, auth2-nsk.ix.ru, auth2-vlv.ix.ru	244,4
`IPv4/IPv6`	auth2-khouse.ix.ru, auth1-khouse.ix.ru	21,8	auth1-khouse.ix.ru, auth2-khouse.ix.ru	21,1
`IPv4/IPv6`	auth1-khouse.ix.ru, auth2-khouse.ix.ru	19,2	auth1-nsk.ix.ru, auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth2-rnd.ix.ru, auth2-nsk.ix.ru	27,9
`IPv4/IPv6`	auth1-ekt.ix.ru, auth2-ekt.ix.ru	2,1	auth1-ekt.ix.ru, auth2-ekt.ix.ru	2,1
`IPv4/IPv6`	auth2-ekt.ix.ru, auth1-ekt.ix.ru	1,8	auth1-ekt.ix.ru, auth2-spb.ix.ru, auth2-ekt.ix.ru	1,8
`IPv4/IPv6`	auth1-ekt.ix.ru, auth2-ekt.ix.ru	4,0	auth1-khouse.ix.ru, auth2-khouse.ix.ru	30,3
`IPv4/IPv6`	auth2-kzn.ix.ru, auth1-kzn.ix.ru	58,1	auth1-nsk.ix.ru, auth2-khouse.ix.ru, auth2-nsk.ix.ru, auth2-vlv.ix.ru	116,2
`IPv4/IPv6`	auth2-khouse.ix.ru, auth1-khouse.ix.ru	43,8	auth1-khouse.ix.ru, auth2-khouse.ix.ru	43,7
`IPv4/IPv6`	auth1-khouse.ix.ru, auth2-khouse.ix.ru	38,5	auth1-nsk.ix.ru, auth1-rnd.ix.ru, auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth2-nsk.ix.ru	35,4
`IPv4/IPv6`	auth1-nsk.ix.ru, auth2-nsk.ix.ru, auth2-khouse.ix.ru	6,5	auth2-nsk.ix.ru, auth1-nsk.ix.ru, auth1-khouse.ix.ru	6,5
`IPv4/IPv6`	auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth1-nsk.ix.ru	6,6	auth1-nsk.ix.ru, auth2-rnd.ix.ru, auth2-nsk.ix.ru	6,6
`IPv4/IPv6`	auth1-nsk.ix.ru, auth2-nsk.ix.ru, auth2-khouse.ix.ru, auth1-khouse.ix.ru	36,1	auth1-nsk.ix.ru, auth2-nsk.ix.ru, auth2-khouse.ix.ru	36,0
`IPv4/IPv6`	auth1-khouse.ix.ru, auth2-khouse.ix.ru	80,4	auth1-rnd.ix.ru, auth2-vlv.ix.ru, auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth2-spb.ix.ru	81,0
`IPv4/IPv6`	auth2-khouse.ix.ru, auth2-ekt.ix.ru, auth1-ekt.ix.ru, auth1-nsk.ix.ru, auth2-vlv.ix.ru, auth1-khouse.ix.ru, auth1-vlv.ix.ru, auth2-nsk.ix.ru	34,5	auth2-vlv.ix.ru, auth1-khouse.ix.ru, auth2-khouse.ix.ru	100,8
`IPv4/IPv6`	auth1-khouse.ix.ru, auth2-vlv.ix.ru, auth2-nsk.ix.ru, auth1-spb.ix.ru, auth1-vlv.ix.ru, auth2-khouse.ix.ru	39.0	auth1-nsk.ix.ru, auth2-vlv.ix.ru, auth1-vlv.ix.ru, auth1-khouse.ix.ru, auth2-khouse.ix.ru, auth2-spb.ix.ru	100.9

. NSID , . NSID. IPv6

IPv4

. - IPv4

IPv6

, , -, , , , , . , NSID, IPv4

, , , . 14 , .

auth1-ekt.ix.ru, auth1-khouse.ix.ru, auth1-kzn.ix.ru, auth1-nsk.ix.ru, auth1-rnd.ix.ru, auth1-spb.ix.ru, auth1-vlv.ix.ru, auth2-ekt.ix.ru, auth2-khouse.ix.ru, auth2-kzn.ix.ru, auth2-nsk.ix.ru, auth2-rnd.ix.ru, auth2-spb.ix.ru, auth2-vlv.ix.ru

, AXFR

Root Zone File, . Bash,

. , , DNSSEC NSEC. , , NXDOMAIN,

- . dig +dnssec

Root Zone File

. - , , IPv6

, , dig

base64

+nosplit

IDN

- +noidnout

. , , . , , , , , .

a.res-nsdi.ru b.res-nsdi.ru - IPv4

IPv6

: 195.208.4.0/24, 2a0c:a9c7:8::/48,195.208.5.0/24 2a0c:a9c7:9::/48 AS41740

. 2020. CHAOS TXT id.version

, NSID - . PowerDNS, . , , , - . RIPE Atlas (30376488, 30376489, 30376490, 30376491, 30376492, 30376493, 30376494, 30376495).

	a.auth-nsdi.ru		b.auth-nsdi.ru
		()		()
`IPv4/IPv6`	res1-spb-lb.ix.ru, res2-spb-lb.ix.ru	26,8	res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru, res1-khouse-lb.ix.ru	39,1
`IPv4/IPv6`	res2-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-khouse-lb.ix.ru, res2-khouse-lb.ix.ru	38,1	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-spb-lb.ix.ru	39,7
- `IPv4/IPv6`	193.232.139.82, res1-rnd-lb.ix.ru, res1-spb-lb.ix.ru, res2-spb-lb.ix.ru	1,3	res1-khouse-lb.ix.ru ,res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru, res2-spb-lb.ix.ru	7,0
- `IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-kzn-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru, res2-kzn-lb.ix.ru, res2-nsk-lb.ix.ru	81,5	193.232.139.82, res1-nsk-lb.ix.ru, res1-vlv-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru, res2-rnd-lb.ix.ru, res2-vlv-lb.ix.ru	172,0
-- `IPv4/IPv6`	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-rnd-lb.ix.ru	17,2	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-rnd-lb.ix.ru	1,3
-- `IPv4/IPv6`	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-rnd-lb.ix.ru	18,5	193.232.139.82, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-rnd-lb.ix.ru	1,3
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru	23,3	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru	23,4
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru	21,3	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-rnd-lb.ix.ru, res2-spb-lb.ix.ru	21,5
`IPv4/IPv6`	res1-kzn-lb.ix.ru, res1-spb-lb.ix.ru, res2-kzn-lb.ix.ru, res2-spb-lb.ix.ru	16,0	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru	2,6
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-kzn-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru, res2-kzn-lb.ix.ru	12,1	res1-spb-lb.ix.ru, res2-khouse-lb.ix.ru, res2-spb-lb.ix.ru	12,9
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru	30,1	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru	13,7
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-kzn-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res2-khouse-lb.ix.ru, res2-kzn-lb.ix.ru, res2-nsk-lb.ix.ru	97,6	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res1-vlv-lb.ix.ru, res2-nsk-lb.ix.ru, res2-rnd-lb.ix.ru, res2-vlv-lb.ix.ru	187,4
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru	27,6	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru	20,9
`IPv4/IPv6`	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-rnd-lb.ix.ru	30,2	res1-nsk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru	30,4
`IPv4/IPv6`	193.232.231.82, res1-ekt-lb.ix.ru, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-ekt-lb.ix.ru, res2-nsk-lb.ix.ru	9,1	193.232.231.82, res1-ekt-lb.ix.ru, res2-ekt-lb.ix.ru	2,0
`IPv4/IPv6`	193.232.231.82, res1-ekt-lb.ix.ru, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-ekt-lb.ix.ru, res2-khouse-lb.ix.ru	10,5	193.232.231.82, res1-ekt-lb.ix.ru, res2-ekt-lb.ix.ru, res2-spb-lb.ix.ru	1,8
`IPv4/IPv6`	193.232.231.82, res1-ekt-lb.ix.ru, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-ekt-lb.ix.ru	13,5	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru	31,1
`IPv4/IPv6`	res1-kzn-lb.ix.ru, res1-spb-lb.ix.ru, res2-kzn-lb.ix.ru, res2-nsk-lb.ix.ru, res2-spb-lb.ix.ru	82,6	res1-nsk-lb.ix.ru, res1-vlv-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru, res2-vlv-lb.ix.ru	86,2
`IPv4/IPv6`	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru, res2-rnd-lb.ix.ru	37,9	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-rnd-lb.ix.ru	44,6
`IPv4/IPv6`	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru, res2-rnd-lb.ix.ru	34,7	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru	25,4
`IPv4/IPv6`	193.232.139.82, 193.232.231.82, res1-ekt-lb.ix.ru, res1-nsk-lb.ix.ru, res1-rnd-lb.ix.ru, res1-spb-lb.ix.ru, res2-ekt-lb.ix.ru, res2-nsk-lb.ix.ru, res2-spb-lb.ix.ru	6,5	res1-nsk-lb.ix.ru, res1-rnd-lb.ix.ru, res2-nsk-lb.ix.ru, res2-rnd-lb.ix.ru	6,5
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru	9,2	res1-nsk-lb.ix.ru, res2-nsk-lb.ix.ru	6,6
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res1-spb-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru, res2-spb-lb.ix.ru	66,0	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res2-nsk-lb.ix.ru, res2-vlv-lb.ix.ru	36,4
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-spb-lb.ix.ru, res2-khouse-lb.ix.ru, res2-spb-lb.ix.ru	81,4	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-rnd-lb.ix.ru, res1-vlv-lb.ix.ru, res2-khouse-lb.ix.ru, res2-spb-lb.ix.ru, res2-vlv-lb.ix.ru	82,8
`IPv4/IPv6`	193.232.139.82, res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res1-rnd-lb.ix.ru, res1-vlv-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru, res2-rnd-lb.ix.ru, res2-vlv-lb.ix.ru	95,9	res1-khouse-lb.ix.ru, res1-msk-lb.ix.ru, res2-khouse-lb.ix.ru, res2-vlv-lb.ix.ru	101,9
`IPv4/IPv6`	res1-khouse-lb.ix.ru, res1-kzn-lb.ix.ru, res1-msk-lb.ix.ru, res1-spb-lb.ix.ru, res1-vlv-lb.ix.ru, res2-kzn-lb.ix.ru, res2-nsk-lb.ix.ru, res2-spb-lb.ix.ru, res2-vlv-lb.ix.ru	100,3	res1-nsk-lb.ix.ru, res1-vlv-lb.ix.ru, res2-khouse-lb.ix.ru, res2-nsk-lb.ix.ru, res2-spb-lb.ix.ru, res2-vlv-lb.ix.ru	61,4

.AAAA

IPv6

, IPv4

. A

IPv6

. , PTR

, A

AAAA

. 17 IPv4

IPv6

. , ( ).

193.232.139.82(res2-rnd-lb.ix.ru), 193.232.231.82(res2-ekt-lb.ix.ru), res1-ekt-lb.ix.ru, res1-khouse-lb.ix.ru, res1-kzn-lb.ix.ru, res1-msk-lb.ix.ru, res1-nsk-lb.ix.ru, res1-rnd-lb.ix.ru, res1-smr-lb.ix.ru, res1-spb-lb.ix.ru, res1-vlv-lb.ix.ru, res2-ekt-lb.ix.ru, res2-khouse-lb.ix.ru, res2-kzn-lb.ix.ru, res2-nsk-lb.ix.ru, res2-rnd-lb.ix.ru, res2-smr-lb.ix.ru, res2-spb-lb.ix.ru, res2-vlv-lb.ix.ru

, , RIPE DB 193.232.139.0/24, , , , . , , .

- NXDOMAIN

.

- . , . RIPE Atlas , , . DNSSEC, TLD. ARPA.

, , , . , ... , - , , - .

The National Domain Name System: A First Look

Root servers

More articles: