In September 2015, news reports noted that India had pitched with the United States (US) for a root zone server to be placed within the country.1
This news has been received with responses ranging from bewilderment over suspicion to enthusiasm. With India now having the second-largest number of Internet users in the world, it would only be correct for India to get a root server, supporters argue. But some couldn’t help but wonder whether this was merely a ploy to increase government surveillance. And in any case, others have asked, if India already has multiple mirrors of the root, why make any changes to the current system?
The Indian government, for its part, has clarified repeatedly that its quest for a root server to be placed within India is predominantly so as to considerably strengthen and increase ICANN’s commitment to India; this in turn would aid India in becoming an effective contributor in the global Internet governance structure, its weight more closely aligned with its share of users. In addition, India believes that having a root server will contribute to in-country capacity building on critical information infrastructure as well as prompting ‘a major technological upgradation within the country’ and significant new investments in India’s Internet. Officials have argued that this would make for a stronger Internet in India and for the world.2
What to make of India’s request for a root server to be placed in the country in the light of such contradictory claims? In order to fully understand the significance and potential impact of India’s stance, a deeper understanding of the root zone, its functioning and its management, as well as of India’s historical positions on related issues is essential. In this paper, we aim to aid such understanding in several steps, each adding a layer of information necessary to come to a complete assessment of India’s demand.
In the first section, we3 start with the basics and take a detailed look at how the root zone and root servers are organised and function, so as to better understand: how feasible is India’s request from a technical perspective and what needs to change in the current system for it to be accommodated? With this sound technical understanding in the back of our minds, we will then go into the management of the root zone in the second section of the paper, to further understand the context in which India’s desire for a root server to be placed in the country comes from. What are its politico-strategic roots and aims?
It is by piecing together these different perspectives that we hope to come to a full appreciation of the weight, import and potential consequences of India’s bid for a root server.
Reconfiguring the root: understanding India’s request for a root server from a technical perspective
To start with, let us better understand India’s position from a technical perspective. Would it be technically possible at all to accommodate India’s request? And what exactly would need to change in the current system? To answer, we will begin by examining how the root zone and servers are organised and function.
The DNS and the root
At present, there are thirteen root servers in the world, named A to M and spread across four countries. Ten of those are in the US while there is one each in the Netherlands, Sweden and Japan. The thirteen root servers are further operated by twelve independent organisations. These are listed in Table 14 below.
||University of Southern California (ISI)
||University of Maryland
||NASA (Ames Research Center)
||Internet Systems Consortium, Inc.
||US Department of Defense (NIC)
||US Army (Research Lab)
What do these root servers actually do? To understand this in detail, we will need to take a little detour.
The Internet is essentially a global network of interconnected computers communicating with each other.5 While humans identify and communicate with each other using names, computers identify and communicate each other using unique numeric addresses called Internet Protocol (IP) addresses. Obviously, it is far easier for humans to use and remember names rather than the long IP addresses. The Internet’s Domain Name System (DNS) therefore translates the domain names that we humans type into the IP addresses that computers recognise. For example, users would typically remember the domain name ‘www.internetdemocracy.in’ far more easily than the IP address, ‘220.127.116.11’. The DNS, thus, simply exists to make things easier for the human handling the computer.6
The root servers7 are, then, literally the servers at the root of the DNS hierarchy. They contain all the information that makes up the root zone, which is the top-most level of the DNS hierarchy.8 The root zone basically consists of a file that contains the names and the numeric IP addresses for all the Top Level Domains (TLDs) including the Generic Top Level Domains (gTLDs) such as .com, .net or .org and all the Country Code Top Level Domains (ccTLDs) such as .in or .uk. 9
The root servers primary function is to publish the root zone file to other DNS servers and clients on the Internet. This file describes where the authoritative servers for the DNS top-level domains (TLD) are located and how to reach them.10 Root servers are thus the Internet’s equivalent of a phone book, which maintains a directory of domain names and their corresponding IP addresses for computers to connect to each other because, as mentioned before, it is simply an easier process for the people handling the computers.
So, when you type in ‘internetdemocracy.in’ in your browser, it sends a request to the computer’s resolver asking for the IP address of the website you’re looking for. The resolver in turn sends this ‘DNS query’ to their Internet Service Provider (ISP) or local DNS server, which in turn asks a root server to find out the authoritative servers. The root server provides a list of authoritative servers for .in first, which in turn provides a list of authoritative servers for ‘internetdemocracy.in’. The DNS server then asks the ‘internetdemocracy.in’ server for the IP address where the website content is stored and relays it back to your browser via your computer’s resolver and that is how you get to see the website where you can find this paper.11
Roots and mirrors
As mentioned above, the root servers, with their central role in the functioning of the Internet, are not distributed evenly around the world. But while there are only thirteen root servers, there are many more duplicate root servers – 567 as of March 2016, to be exact12 – and these are distributed all over the world. The B-root server still exists only in its original location, Los Angeles, operated by the Information Sciences Institute. But the remaining twelve root servers exist in multiple locations around the world, strengthening network resilience and adding to load balancing across wide geographic areas.
These duplicates, commonly referred to as instances or mirrors, are maintained through a technique called anycasting, which allows multiple instances of a server in different locations to share and be available at a single IP address.13
And so while there is no root server in India at present, there are already nine instances present here. There are three J-root instances - one in Delhi, one in Mumbai and one in Gorakhpur. There are two L-root instances, one in Mumbai and one in Kolkata. The National Internet Exchange of India (NIXI) has sponsored three root server instances, one I-root in Mumbai, one K-root at Delhi and an F-Root in Chennai, and further, there is also a D-root instance in Mumbai.14
Could it be argued, as some have, that India’s request for a root server is, from a technical perspective, superfluous, because India already has root server instances in the country?
Technical specialists have argued that there is no ‘real difference’ between an anycast root server and an original root server, since anycasting enables all root servers to become ‘anycast’ instances, including the ‘original’ root server. Moreover, all anycast instances behave identically and have the same status within the DNS. In other words, technically, they perform exactly the same function of answering the DNS query that an original server would. On that basis, some argue, why would India really need to have a root server, instead of mere instances?
And in a strictly technical sense, an instance and an original root server are indeed the same. Twelve of the thirteen root server operators use the ‘anycast’ mechanism to distribute their services across many physical servers. In every case, the servers in each set (known as an ‘anycast cloud’) are exactly identical in their functional behaviour, providing exactly the same DNS service. In fact the only technical difference between servers run by different operators (in different anycast clouds) is the IP address on which they operate. All root servers, instances or original, are thus identical, performing the same function of resolving DNS queries with a list of authoritative name servers for the TLDs.15
The root server operators
Stressing the technical similarity between a root server and an instance is, however, only half the story. It disregards the crucial role that the root server operators play in the functioning of the Internet.
The root server operators have under their control not a single server, but a root server ‘letter’, which corresponds to a whole set of anycast servers which share the designated IP address.16 Together, they ensure that the operations of the root zone are always accurate, available, reliable and secure. In addition, one of the root zone operators, called VeriSign, also implements the changes to the authoritative root zone file of the DNS, and then distributes it to the other root server operators. This role is known as that of the root zone file maintainer. 17
However, there is a need to work on the challenges in running the current instances, such as lack of interconnection of nodes between the instances here, which leads to ‘query’ traffic still going to instances abroad to get resolved, causing slower response time from the DNS.19 It could therefore be argued that, if India is to effectively exploit the advantages of a root server being placed and operated here, India would do well to focus on getting more instances placed within the country and on working efficiently first. Moreover, having more instances running effectively within the country arguably will also help India to prove that it is technically capable of having and managing a root server since, as explained in the previous section, technically they are the same.
But while running an increasing number of instances, and running them smoothly and efficiently, may provide important capacity, it also important to remember that it will, in the end, never be the same as running an actual root server – and so the perfect preparation does not exist. The level of control, as well as insight into data, that the latter entails will simply always be much greater.20 It deserves to be noted that the root server operators do not take part in editorial decisions about the content of the root zone, except to advise IANA on strictly technical matters. But each operating organisation determines how many locations their root IP address will be served from, what those locations are, what hardware and software will be installed in each location, and how that will be maintained.21 Root server operators also have access to data regarding query traffic that hosts of instances do not possess. Such data can be helpful to determine where additional instances would be of value within a country.22
It is worthwhile to point out here that, at present, just like the majority of the root servers are in the US, most root server operators are too. Thus, if a root server is indeed placed in India, it is essential that the root server operator be an Indian entity as well, if India’s bid is to have the impact that the government is hoping for.
With this, we are starting to touch on the politico-strategic importance of the root zone and root servers. In section two of this paper, we will go into this in more detail. But first, there are two more additional technical matters that deserve our attention.
Surveillance and the root
A first additional set of technical questions regarding India’s request to have a root server placed within the country has to do with surveillance. Following the Snowden revelations in particular, a belief gained credence in some quarters that one of the reasons the US was able to conduct such mass surveillance was because several of the root servers are located in that country. In India, too, concerns have been raised that an important reason why India would want to have a root server within the country was related to surveillance.
Two different but related arguments can be heard in this respect. One is that having a root server on Indian soil would aid interception by Indian authorities. However, it is critically important to understand that Internet traffic as such does not pass through a root server; only the DNS query and response does.23 There is, thus, a need to distinguish between query traffic and content traffic – they are not one and the same. If query traffic is intercepted, it can ‘reveal that a particular user (identified only by their IP address) is issuing queries for particular domain names’. While this may be interesting and valuable metadata for investigators in some cases, it is limited.24
This is even more so because it is, in fact, possible to do a DNS lookup without actually accessing the site you are querying – just like you can look up a number in a telephone book without actually making a call. While access following a DNS query may be a reasonable assumption, it is not necessarily a correct one.
Furthermore, not all DNS queries actually go all the way to the root servers. Domains that have recently been queried are stored in a ‘cache’ both at the level of the resolvers and by intermediate servers; if the answer for the query is in the cache, the resolver, or the intermediate server, can provide it without having to ask another server. In practice, only a tiny fraction of DNS queries are, thus, actually resolved at the root.
The second is that having a root server would ensure traffic would remain in India. This belief was again repeated in recent news reports on this issue.25 But while a root server might indeed increase the likelihood of DNS query being resolved within India’s borders, there is no guarantee.26 The Internet is configured in such a way that traffic by default goes to the fastest hop, i.e. it goes to the server which will give it the shortest response time. For that reason, if there are a sufficient number of root server instances within India’s boundaries, more traffic might stay within the country, but especially at the borders, one cannot be sure. The fastest hop may well be in a neighbouring country.27
Though it is theoretically possible for an ISP to manipulate the DNS resolver to regulate traffic to local root servers, practically this is also very difficult, to ensure since individual users can change the DNS resolver to use another root server as well.28
While the placement of a root server in India might, thus, increase opportunities for India authorities to conduct surveillance, the effectiveness of these particular efforts would, in other words, be limited at best.
Moving or cloning?
Finally, one more crucial technical question is left: if India were to have a root zone server of its own, what change to the current structure would that require in practice?
There would be two possibilities: one is that an existing root server would be moved. The second possibility is to create a fourteenth server. Seeing that any existing operator would likely be loath to see a change in the current arrangement, the second option would probably be the more realistic one. But is this technically feasible?
To be able to answer this, it is important to first understand why there have only been thirteen root servers so far. The IP addresses of the root servers should fit in a single packet in order to avoid the overhead of sending multiple messages between servers. This also helps in efficient networking and better performance. However, a single packet, using Ipv4, is limited to 512 bytes. Since each IPv4 address requires 32 bytes, having 13 servers uses 416 bytes, leaving upto 96 bytes for protocol information.29 While an additional one or two servers could be accommodated if the message format could be reorganised so that the protocol information would take up less space, this has not yet been attempted.30
In addition, the new IPv6 addresses are not limited by these constraints. Theoretically, this provides another possibility for establishing new root servers in the future. However, as IPv6 is not yet universally used, doing so brings with it a whole host of new technical concerns, mostly related to the question of universal accessibility: as a new root server would need to use the IPv6 protocol, it may not be recognised by all computers in the world,31 putting at risk the operation of the Internet as we know it.
A new configuration under IPv4, i.e. a reorganisation of the message format to accommodate an additional server, would pose similar technical concerns regarding universal accessibility.32
While the possible adverse effects on the DNS of adding non-universal root servers, and possibilities to address related problems, are actively being explored in the YETI DNS Project, it is thus not likely that a fourteenth server will be established in the very near future.33 It may, however, become a possibility further down the road.
It deserves to be pointed out here that, if the US responded positively to India’s pitch, it did so with the qualification that this was indeed on the assumption that a fourteenth root server were to be established. India, on its part, though it is open to both options, has argued that ‘relocating one of the thirteen servers will go a long way in displaying confidence in India’s democratic credentials’.34
The political and strategic importance of the root servers and their management: Understanding the why of India’s request
What section 1 makes clear is the central importance of the root zone to the functioning of the Internet. But at least since the debates around the World Summit on the Information Society of 2005, India has been criticising the disproportionate influence of the US in particular over Internet governance35 – and the root zone has played a central role in these debates.
What section 1 makes clear is the central importance of the root zone to the functioning of the Internet. But at least since the debates around the World Summit on the Information Society of 2005, India has been criticising the disproportionate influence of the US in particular over Internet governance – and the root zone has played a central role in these debates.36
At present, ICANN processes change requests to the authoritative root zone file of the DNS and then forwards them to NTIA for approval. NTIA subsequently transmits the approved requests to VeriSign, which in turn implements the changes to and distribution of the authoritative root zone file of the DNS, based on a cooperative agreement with NTIA.37 The NTIA is thus the Root Zone Administrator while VeriSign is the Root Zone Maintainer.38 Through these arrangements, NTIA exercises regulatory authority over the root zone and is ultimately responsible in reviewing and approving whatever changes need to be implemented in the root zone file and by extension, in the root servers.39
For India, this arrangement has been unacceptable for more than ten years now, and has played a central role in India’s repeated demands for multilateral oversight or control in Internet governance since the time of the Working Group on Internet Governance (WGIG).40 Why should one government be allowed to take up this role on its own? With the Internet having become a global public resource, why not distribute this responsibility across governments instead?
While India’s concerns for long did not receive much of a hearing among many key figures in the global multistakeholder Internet governance structure, over the past two years or so, however, this has started to change – even if the solutions put forward are not exactly those India had earlier in mind.
With Edward Snowden’s revelations regarding the National Security Agency’s (NSA) expansive surveillance practice, there came a global loss of trust in the US government’s stewardship of the Internet, which led to increasing pressure to shift from US oversight to a more international system.41 Although a 1998 US Department of Commerce document stated that NTIA was ‘committed to a transition that will allow the private sector to take leadership for DNS management’ by the year 2000,42 more than a decade later still no steps to make the transition happen had been taken. In March 2014, NTIA finally announced that it will transition its ‘stewardship’ of IANA to a ‘global stakeholder community’.43 That transition process is currently underway.44 If the US Congress accepts the proposal currently on the table, NTIA will no longer have regulatory authority over the IANA functions, likely from September 2016 onwards. 45
Certainly, with the IANA transition, not all of India’s earlier concerns will be resolved. For now, ICANN continues to be incorporated in the US, meaning that the US can continue to execute considerable judicial, executive and legislative oversight over the organisation if it so desires.46 Moreover, it is also not yet clear what will happen with the cooperative agreement between VeriSign and NTIA, which currently governs the root zone management functions performed by VeriSign. Many, including the Indian government, believe that, following the transition, the coveted root zone maintainer role should instead be decided via a global tender through an open, fair, transparent and accountable process,47 possibly to be conducted by ICANN.
But with the IANA transition, India’s longstanding criticisms of the global Internet governance structure have started to get a hearing of a kind that that they had not received before. The transition itself represents an important shift in at least one core element of India’s previously expressed concerns. But a space for possible further future change seems to have finally been created as a well. While the pushback of legacy interests remains considerable, the possibility of an international incorporation for ICANN and an open tender for the root zone management functions are being seriously considered by a larger group of people than ever before.
Moreover, in the meantime, India’s Internet governance policy has seen an important, and pragmatic, shift of its own: since June 2015, India has finally embraced the multistakeholder approach to Internet governance. As the US has been a staunch supporter of this model, this is an important move by India to strengthen India-US relationships. But with this shift in policy, it has also become even more important for India to become a producer, rather than merely a consumer, of the Internet. After all, it is in this way that India will be able to develop the kind of broad Internet ecosystem, with intense involvement of a multitude of stakeholders, that will enable the country to pull its weight in multistakeholder fora of global Internet governance.48
Having a root server in India would contribute to achieving this goal of fostering the Internet governance ecosystem within India in multiple ways. Not only would there be more outreach and a stronger commitment from the global organisations involved in running the root servers to India, it would also aid to strengthen the multistakeholder community in the country. In particular, it would contribute to strengthening domestic multistakeholder processes as well as investment in technical excellence and general capacity building within India.49
In addition, the embrace of multistakeholderism in global Internet governance by India does not mean that it has let go of its earlier goal of a redistribution of Internet resources and a diversification of the Internet management structures. That commitment remains.50 The pitch for a root server to be placed in India has to be seen as one crucial way to continue to further that agenda – but now within a multistakeholder, rather than multilateral set-up.
Moreover, with India now having taken an active step to align its own Internet governance agenda much more closely with that of the US, it only seems appropriate that the US supports this request of its ally. In the words of an Indian government official: placing a root server in India will be ‘a great symbol of trust in Indo-US relations’.51 As noted before, ten of the existing root servers are currently located in the US. It remains to be seen now how committed the US itself is to a truly global multistakeholder Internet governance structure.
When India started to make known its desire for a root server to be placed within the country, this was met with a wide range of reactions. But as this paper has shown, from India’s perspective, the request is an eminently reasonable one.
It provides important continuity with India’s longstanding call for a more democratic distribution of Internet resources, as well as their control, around the world. At the same time, it is closely attuned to India’s interests in the environment of multistakeholder global Internet governance, which India’s government has now committed to embrace. Only when India increases its contributions to producing the Internet will the country really be able to have an influence that matches its user base. As we have explored in this paper, the placement of a root server within India would be an important way to forward this mission.
Moreover, the timing to put forward such a request might never have been better. With the IANA transition, an opening to push for a more democratic and equitable global Internet governance system, both in terms of management and distribution of resources seems to have emerged. In addition, India’s embrace of multistakeholderism has brought its policies on Internet governance in much closer alliance with those of the US – a powerful ally to have in this discussion, seeing that most of the existing root servers are located in that country.
What is important to make explicit, however, is that for India’s influence to really expand, it is essential that the root server operator, too, is an Indian entity. Not merely the material resources, but their management as well should be in Indian hands for this bid to really have significance.
On its own part, India would do well, in the meantime, to continuously strengthen its bid by expanding capacity within the country and improving effectiveness of existing operations. Seeing that the changes to the functioning of the DNS that are required when adding a root server bring with them a host of technical concerns, India should also contribute to efforts to explore the limits of the DNS as it stands and invest in explorations of possible alternatives. Finally, India would also do well to develop and implement a strong domestic system of ongoing broad multistakeholder consultation on the entire array of Internet governance issues, as an additional way to flag that it is serious about its commitment to an internationalised multistakeholder system of Internet governance and to build both capacity and trust within and beyond its borders.
Within the context of the IANA transition, a number of central elements of the current Internet governance structure have come up for a review for the first time in years. Questions as to what it means that the Internet is a global resource and how this should be reflected in governance structures have been an important, though perhaps still underplayed, aspect of these debates. With its pitch for a root server, India has made a bold move to once again push these debates one step further. The question now is whether the ‘global’ multistakeholder community is sufficiently ‘global’ in composition and outlook to actually live up to the challenge.