DENIC's Name Service: The Navigation System for the German Internet
Internet users all over the world connect to websites and web services under the country code .de – more than 7 billion times every day! As long as everything keeps running smoothly, most users hardly think about or notice how this is being achieved. For the complex processes involved behind the scenes, the so-called name service plays an essential role. As far as It is run by DENIC, everyday around the clock, in a stable, secure, and reliable way.
Link between User and Web
The name service is essentially based on the Domain Name System (DNS). This system is indispensable for the accessibility of websites, e-mails, download portals, web shops, online banking systems, or social media. Its main function is to respond to name resolution queries of users typing a web address that they wish to connect to into their Internet browser. The Domain Name System (DNS) enables us to use simple names for computers or services instead of having to remember long numbers. The system converts or "resolves" these names into numeric labels (IP numbers) that can be processed and are used by the computers to communicate among each other. Thanks to the DNS, we can just key in, for example, www.denic.de instead of 184.108.40.206.
Name resolution is achieved by means of a large number of special computers called "name servers". On the name servers, information on how the simple names (domains) translate into IP numbers is stored in so-called "zone files". These are a kind of telephone directory for the Internet. Managing the German zone (.de) of this directory is among the responsibilities of DENIC.
Distributed All over the World – for Minimum Access Times and Maximum Security
In order to provide the name service for Germany's Top-Level Domain .de and ENUM domain .9.4.e164.arpa, DENIC operates a global network of name servers. Currently, this network includes 17 locations in 16 cities on four continents.
Whenever a .de domain is registered, deleted or transferred to another provider for further administration, the new data is entered into DENIC's domain database. In this database, all information about .de domains is centrally stored in Frankfurt am Main, Germany, where DENIC has its place of business. To ensure that the latest domain data is quickly available and can be used all over the world, the .de zone is updated several times a day. The current practice is to create a new zone file and redistribute it to the global name server locations via secure connections (VPN tunnels) at hourly intervals.
All locations have an expandable (scalable) architecture allowing for spare capacity and are equipped with state-of-the-art hardware. Centralized control from our German offices enables all international name servers to be reconfigured automatically or new software versions to be deployed in next to no time. This allows us to respond very quickly and most flexibly to errors or special security requirements.
Ideal Distribution of Locations
For an optimum structure and, where necessary, expansion of our name server network, DENIC must always be aware of how many name server queries are received and from where they come. This is essential to enable us to take account of the ever increasing demand for name server resources caused by the ever rising use of the Internet. The number of queries to be handled by DENIC's name servers has more than tripled over the last five years. Currently, they receive more than seven billions per day, with peaks of 125,000 per second. The .de name server locations are directly connected to the world's largest Internet exchanges. This translates into the shortest possible response times for users, wherever they are.
Anycast: Central Hub for Billions of Queries from All over the World
Most of DENIC's name servers are grouped in three Anycast clusters, as they are called. Anycast is a routing and addressing method in which a single IP address routes to a whole group of servers. The servers of the Anycast cluster are distributed across several locations, which may be anywhere in the world. The Anycast routing ensures that always the "shortest", that is, the most efficient route is chosen in each individual case. To put it more simply: A request is answered by the server that can be reached best in the given circumstances at a given time.
The concept of multiple redundant DNS locations in different parts of the world with one single IP address offers even more advantages: Higher availability and increased reliability. The failure of one server of an Anycast cluster has almost no impact on the name resolution service. The data traffic will immediately be re-routed to another server of the cluster, that is the one that can be reached best under the given circumstances. Moreover, having locations in different Dparts of the world enhances security because it makes the Domain Name System more robust when it comes to coping with load peaks and attacks (data traffic aimed at disrupting services).
Name Server Locations (Anycast Clouds) for .de
|Host Name||IP Address||Location(s)|
|a.nic.de||220.127.116.11||Amsterdam, Beijing, Hong Kong, Los Angeles, Stockholm, Vienna|
|a.nic.de||2001:678:2::53||Amsterdam, Beijing, Berlin, Frankfurt/Main, Hong Kong, Los Angeles, Moscow, Seoul, Stockholm, Vienna|
|ca. 50 additional locations worldwide|
|z.nic.de||18.104.22.168||Berlin, Frankfurt/Main, Miami, Moscow, Sao Paulo, Seoul|
Added Security by Triple Global Presence
Since 2012, the Domain Name System (DNS) for .de has become even more secure. This has been achieved by a complementary name service based on the infrastructure of an independent impartial third-party provider. DENIC makes use of their extensive Anycast infrastructure to complement our own worldwide name server network. This additional backup considerably enhances stability and performance of the .de zone: By integrating some 50 more locations spread all over the world, we can respond to the most different operational situations with much greater flexibility. As an extra benefit, the integration of the external services in DENIC's Anycast architecture provides for a significant capacity and performance increase of the name service for .de.
Meeting the Demands of Multiple Customers: Shared Use of DNS Infrastructures
DENIC offers a range of DNS infrastructure services. One of these services is the shared use of our name server network for third-party TLDs. In this context, the Anycast DNS service may be used either as a primary service or in addition to existing name server landscapes in order to enhance footprint, diversity and robustness. Being situated directly at large Internet hubs, our Anycast locations dispose over generously dimensioned bandwidths and are compatible with DNSSEC as well as with IPv6. In addition to its high performance and reliability, this highly professional service stands out due to the DENIC monitoring, the 24/7 support, rapid technical integration of new customers and the possibility of additional optional monitoring by the customer via web interface.