DENIC's Name Service: The Navigation System for the German Internet
Internet users all over the world connect to websites and web services under the country code .de – more than 7 billion times every day! As long as everything keeps running smoothly, most users hardly think about or notice how this is being achieved. For the complex processes involved behind the scenes, the so-called name service plays an essential role. As far as It is run by DENIC, everyday around the clock, in a stable, secure, and reliable way.
Link between User and Web
The name service is essentially based on the Domain Name System (DNS). This system is indispensable for the accessibility of websites, e-mails, download portals, web shops, online banking systems, or social media. Its main function is to respond to name resolution queries of users typing a web address that they wish to connect to into their Internet browser. The Domain Name System (DNS) enables us to use simple names for computers or services instead of having to remember long numbers. The system converts or "resolves" these names into numeric labels (IP numbers) that can be processed and are used by the computers to communicate among each other. Thanks to the DNS, we can just key in, for example, www.denic.de instead of 184.108.40.206.
Name resolution is achieved by means of a large number of special computers called "name servers". On the name servers, information on how the simple names (domains) translate into IP numbers is stored in so-called "zone files". These are a kind of telephone directory for the Internet. Managing the German zone (.de) of this directory is among the responsibilities of DENIC.
Distributed All over the World – for Minimum Access Times and Maximum Security
In order to provide the name service for Germany's Top-Level Domain .de and ENUM domain .9.4.e164.arpa, DENIC operates a global network of name servers. Currently, this network includes 17 locations in 16 cities on four continents.
Whenever a .de domain is registered, deleted or transferred to another provider for further administration, the new data is entered into DENIC's domain database. In this database, all information about .de domains is centrally stored in Frankfurt am Main, Germany, where DENIC has its place of business. To ensure that the latest domain data is quickly available and can be used all over the world, the .de zone is updated several times a day. The current practice is to create a new zone file and redistribute it to the global name server locations via secure connections (VPN tunnels) at hourly intervals.
All locations have an expandable (scalable) architecture allowing for spare capacity and are equipped with state-of-the-art hardware. Centralised control from our German offices enables all international name servers to be reconfigured automatically or new software versions to be deployed in next to no time. This allows us to respond very quickly and most flexibly to errors or special security requirements.
Ideal Distribution of Locations
For an optimum structure and, where necessary, expansion of our name server network, DENIC must always be aware of how many name server queries are received and from where they come. This is essential to enable us to take account of the ever increasing demand for name server resources caused by the ever rising use of the Internet. The number of queries to be handled by DENIC's name servers has more than tripled over the last five years. Currently, they receive more than seven billions per day, with peaks of 125,000 per second. The .de name server locations are directly connected to the world's largest Internet exchanges. This translates into the shortest possible response times for users, wherever they are.
Anycast: Central Hub for Billions of Queries from All over the World
The majority of DENIC's name servers is grouped in six Anycast clusters , as they are called. The servers of each cluster are distributed across several locations, which may be anywhere in the world.
Anycast is a routing and addressing method in which several globally dispersed servers can be reached by the same IP address. A single IP address routes to a whole group of servers and selects one respectively, for instance to resolve the inquired name. The special benefit of this routing method is that the "shortest", that is, the most efficient route is chosen in each individual case. This means, a name server request addressed to an Anycast cluster is always answered by the server of the cluster that can be reached best under the prevailing conditions at that specific point in time.
The concept of multiple – redundant – geographically dispersed name server locations with one single IP address offers greater availability and increased reliability. The failure of one server of an Anycast cluster has no noticeable impact on the name resolution service as provided to the user. The data traffic will simply be re-routed to another server of the cluster, that is, the one that can be reached best under the given circumstances.
Third-party TLD operators (ccTLDs, gTLDs or Brand TLDs) are offered shared use of DENIC’s Anycast slave services already since 2010 under a cost-sharing schemes.
Name Server Locations (Anycast Clouds) for .de
|Host Name||IP Address||Location(s)|
|a.nic.de||220.127.116.11||Amsterdam, Beijing, Berlin, Hong Kong, Los Angeles, Stockholm, Vienna|
|a.nic.de||2001:678:2::53||Amsterdam, Beijing, Berlin, Frankfurt/Main, Hong Kong, Los Angeles, Miami, Moscow, Sao Paulo, Seoul, Stockholm, Vienna|
|ca. 50 additional locations worldwide|
|z.nic.de||18.104.22.168||Frankfurt/Main, Miami, Moscow, Sao Paulo, Seoul|
Added Security by Triple Global Presence
Since 2012, the Domain Name System (DNS) for .de has become even more secure. This has been achieved by a complementary name service based on the infrastructure of an independent impartial third-party provider. DENIC makes use of their extensive Anycast infrastructure to complement our own worldwide name server network. This additional backup considerably enhances stability and performance of the .de zone: By integrating some 50 more locations spread all over the world, we can respond to the most different operational situations with much greater flexibility. As an extra benefit, the integration of the external services in DENIC's Anycast architecture provides for a significant capacity and performance increase of the name service for .de.
Meeting the Demands of Multiple Customers: Shared Use of DNS Infrastructures
DENIC offers a range of DNS infrastructure services. One of these services is the shared use of our name server network for third-party TLDs. In this context, the Anycast DNS service may be used either as a primary service or in addition to existing name server landscapes in order to enhance footprint, diversity and robustness. Being situated directly at large Internet hubs, our Anycast locations dispose over generously dimensioned bandwidths and are compatible with DNSSEC as well as with IPv6. In addition to its high performance and reliability, this highly professional service stands out due to the DENIC monitoring, the 24/7 support, rapid technical integration of new customers and the possibility of additional optional monitoring by the customer via web interface.