DENIC's Name Service: The Navigation System for the German Internet
Internet users all over the world connect to websites and web services under the country code .de – more than 6 billion times every day! As long as everything keeps running smoothly, most users hardly think about or notice how this is being achieved. For the complex processes involved behind the scenes, the so-called name service plays an essential role. It is run by DENIC, everyday around the clock, in a stable, secure, and reliable way.
Link between User and Web
The name service is essentially based on the Domain Name System (DNS). This system is indispensable for the accessibility of websites, e-mails, download portals, web shops, online banking systems, or social media. Its main function is to respond to name resolution queries of users typing a web address that they wish to connect to into their Internet browser. The Domain Name System (DNS) enables us to use simple names for computers or services instead of having to remember long numbers. The system converts or "resolves" these names into numeric labels (IP numbers) that can be processed and are used by the computers to communicate among each other. Thanks to the DNS, we can just key in, for example, www.denic.de instead of 18.104.22.168.
Name resolution is achieved by means of a large number of special computers called "name servers". On the name servers, information on how the simple names (domains) translate into IP numbers is stored in so-called "zone files". These are a kind of telephone directory for the Internet. Managing the German zone (.de) of this directory is among the responsibilities of DENIC.
Distributed All over the World – for Minimum Access Times and Maximum Security
In order to provide the name service for Germany's Top-Level Domain .de and ENUM domain .9.4.e164.arpa, DENIC operates a global network of name servers. Currently, this network includes 18 locations in 16 cities on four continents.
Whenever a .de domain is registered, deleted or transferred to another provider for further administration, the new data is entered into DENIC's domain database. In this database, all information about .de domains is centrally stored in Frankfurt am Main, Germany, where DENIC has its place of business. To ensure that the latest domain data is quickly available and can be used all over the world, the .de zone is consistently updated and the new zone file is redistributed to the global name server locations via secure connections (VPN tunnels).
All locations have an expandable (scalable) architecture allowing for spare capacity and are equipped with state-of-the-art hardware. Centralised control from our German offices enables all international name servers to be reconfigured automatically or new software versions to be deployed in next to no time. This allows us to respond very quickly and most flexibly to errors or special security requirements.
Ideal Distribution of Locations
For an optimum structure and, where necessary, expansion of our name server network, DENIC must always be aware of how many name server queries are received and from where they come. This is essential to enable us to take account of the ever increasing demand for name server resources caused by the ever rising use of the Internet. The number of queries to be handled by DENIC's name servers has more than tripled over the last five years. Currently, they receive more than seven billions per day, with peaks of 125,000 per second. The .de name server locations are directly connected to the world's largest Internet exchanges. This translates into the shortest possible response times for users, wherever they are.
Anycast: Central Hub for Billions of Queries from All over the World
The majority of DENIC's name servers is grouped in six Anycast clusters, as they are called. The servers of each cluster are distributed across several locations, which may be anywhere in the world.
Anycast is a routing and addressing method in which several globally dispersed servers can be reached by the same IP address. A single IP address routes to a whole group of servers and selects one respectively, for instance to resolve the inquired name. The special benefit of this routing method is that the "shortest", that is, the most efficient route is chosen in each individual case. This means, a name server request addressed to an Anycast cluster is always answered by the server of the cluster that can be reached best under the prevailing conditions at that specific point in time.
The concept of multiple – redundant – geographically dispersed name server locations with one single IP address offers greater availability and increased reliability. The failure of one server of an Anycast cluster has no noticeable impact on the name resolution service as provided to the user. The data traffic will simply be re-routed to another server of the cluster, that is, the one that can be reached best under the given circumstances.
Since 2010, DENIC offers its anycast services to third-party TLD operators.
Name Server Locations (Anycast Clouds) for .de
|Host Name||IP Address||Location(s)|
|a.nic.de||22.214.171.124||Amsterdam, Beijing, Berlin, Hong Kong, Los Angeles, Stockholm, Vienna|
|a.nic.de||2001:678:2::53||Amsterdam, Beijing, Berlin, Frankfurt/Main, Hong Kong, Los Angeles, Miami, Moscow, Sao Paulo, Seoul, Stockholm, Vienna|
|ca. 50 additional locations worldwide|
|z.nic.de||126.96.36.199||Frankfurt/Main, Miami, Moscow, Sao Paulo, Seoul|
Added Security by Complementary Name Service
Since 2012, the Domain Name System (DNS) for .de has become even more secure. This has been achieved by a complementary name service based on the infrastructure of an independent impartial third-party provider. DENIC makes use of their extensive Anycast infrastructure to complement its own worldwide name server network. This additional backup considerably enhances stability and performance of the .de zone: By integrating some 50 more locations spread all over the world, DENIC can respond to the most different operational situations with much greater flexibility. As an extra benefit, the integration of the external services in DENIC's Anycast architecture provides for a significant capacity and performance increase of the name service for .de.