In this episode of PING, APNIC’s Chief Scientist, Geoff Huston, discusses the root zone of the DNS, and some emerging concerns in how much it costs to service query load at the root.

In the absence of cacheing, all queries in the DNS (except ones the DNS system you ask is locally authoritative for anyway) have to be sent through the root of the DNS, to find the right nameserver to ask for the specific information. Thanks to cacheing, this system doesn't drown in the load of every worldwide query, all the time, going through the root. But, even taking cacheing into account there is an astronomical amount of query seen at the root, and it has two interesting qualities

Firstly, its growing significantly faster than the normal rate of growth of the Internet. We're basically at small incremental growth overall in new users, but query load at the root increases significantly faster, even after some more unexpected loads have been reduced.

Secondly, almost all of the queries demand the answer "No, that doesn't exist" and the fact most traffic to the root hunts the answer NO means that the nature of distributed DNS cacheing of negative answers isn't addressing the fundamental burden here.

Geoff thinks we may be ignoring some recent developments in proving the contents of a zone, the ZONEMD record which is a DNSSEC signed check on the entire zone contents, and emerging systems to download the root zone, and localise all the queries sent onwards into a copy of the root held in the resolver.

Basically, "can we do better" -And Geoff thinks, we very probably can.

Read more about the economics of the root zone and ZONEMD at the APNIC Blog and on the web:

• The Root of the DNS (Geoff Huston, APNIC Blog March 2025)
• ZoneMD: Message digest for DNS Zones RFC8976 (IETF RFC)