FAQ
ORSN | Open Root Server Network
ORSN
Q:

Why should I/we use the ORSN?

A:

ORSN is an independent DNS network that works with the same information like the ICANN root server network. This independence of outside influences offers security against manipulation.

Q:

How can I as a company use the ORSN?

A:

The ORSN offers up to 13 root DNS servers. An initialization file running on these servers provides the basis for further name resolution. ISC BIND calls this file "root.hint" or "named.root". This initialization file has to be updated afterwards, so that the ORSN servers can answer to queries. This file can be downloaded here: Link

Q:

Can a private internet user use the ORSN?

A:

Yes. There is no problem, if you manage your own DNS server. A local installation, such as BIND or an OS-specific program, is all you need. Please visit this page.

Q:

I don't own a DNS server and my internet service provider doesn't support ORSN. Nevertheless I want to send my DNS queries to the ORSN.

A:

In the near future the ORSN will take some public DNS server in operation. These free DNS servers already existed in the previous version of the ORSN from 2002 to 2008 and will send all their DNS queries to the ORSN root servers in future. With this solution you use ORSN indirectly.

Q:

What do we as a company have to consider, when we want to take an ORSN root server into operation?

A:

Although DNS root servers use less system resources, there are higher requirements for the hardware and the infrastructure. The servers have to work for the ORSN dedicated. A game or a web server is not the requested environment. A DNS root server should always use its system resources exclusively . even in times of high load. For reasons of safety it is not permitted that a DNS-independent software gives access to these servers. This is the more important reason, when running an ORSN server. Many internet users depend on the correctness of delivered DNS queries. A manipulation of DNS queries can lead to dire consequences, such as DNS redirection.

The network infrastructure should be able to transport all DNS queries and responses lossless . even with a high UDP throughput to the ORSN root servers. For this reason it is completely impossible to use an ADSL or SDSL connection. Queries to DNS servers can reach up to five-digit packets per second.

Q:

Is there a subscriber list that informs regularly about changes? Can I address wishes and suggestions to the team?

A:

Yes. The first step is the contact form on this website. Furthermore we use a community mailing list (CML), where interested persons can subscribe. You find the registration form here:
https://community.orsn.org"

Q:

How can I support the ORSN without being a "technician"?

A:

In future the ORSN lives from being used. There will be more users, when the community sees, that the ORSN operates stable. Everyone who uses the ORSN and tells others her/his experience, helps and supports us. Like in ORSNv1 we will give companies and private users the opportunity to register to ORSN. There will be ORSN logos to use, for example as a small advertisement on your homepage.

The most important aspect is that you talk about the ORSN, that you bring it to everyone's attention and that you explain why there are alternatives like the ORSN.


Q:

What about the availability of the DNS servers and their zone data?

A:

In the first version of ORSN in the years 2002-2008 we downloaded the root zone daily via ftp from the IANA servers. Then this file was fragmented and transfered to a SQL database. There we checked whether a TLD was missing and if it had to be replaced by a "basis definition". In this way the ORSN TLD database was locked. We trusted in the data given by IANA. At that time the ORSN could have been confused very easily by giving it a modificated or compromised root zone file.

In the ORSN 2013 we use a different proceeding. A reference database has a complete list of all available top level domains. At a starting point all TLD servers will automatically be asked for their TLD definitions. Does a TLD own 10 nameservers, then all these nameservers will be asked. About 330 top level domains will be determined at that procedure and about 1730 nameservers will be queried. The resulting data redundancy contains about 10.500 nameserver delegations each pass. The whole procedure takes five minutes. All redundant entries in these 10.500 definitions will be verified and sorted out. With this raw data a new root zone can be compiled if required. At times we have trouble to connect to some TLD nameserver, but apart from this, we have the ability to build a complete root zone. So there is always at least one nameserver responding and giving us information about its DNS zone. Therefore we use "libbind" version 6, which is queried in a way that the functions run on a TLD server itself.

A great advantage of this procedure is that the TLD registries act in their own interest. Why should a TLD like .VE remote itself from the internet? Whatever IANA and ICANN publish, their zone data have no impact on the ORSN.


Q:

What about the availability of the DNS servers and their zone data?

A:

All ORSN root servers are checked for operability constantly by a software that we developed ourselves. This "ORSN root management daemon" runs on every ORSN root server and it has an upstanding SSL secured connection to a central ORSN management system. Each daemon sends the basis data of its instance to the management system. Furthermore all ORSN root servers monitor all other daemons. Even if the central management system has a restricted connection to a ORSN instance, then it can evaluate the level of malfunction and decide whether it has to inform the ORSN root operators. The monitoring is based on DNS queries and zone checks, for example the serial number. In this way all other ORSN root servers would report a malfunction of a ORSN instance to the central management system. At worst an ORSN root server instance could be sent a shutdown, or other measures could be taken.

Compared with "ORSNv1" all ORSN root servers run with a master zone that never expires, if there is no connection to the ORSN authority DNS server for a long time. In other words, all ORSN root servers are independent instances and "L.ORSN-SERVERS.EU" is equivalent to "A.ORSN-SERVERS.EU" for example.


Q:

Are DNS queries saved on the ORSN servers?

A:

No. All ORSN root servers are running without query logs. The public nameserver, that are offered to the ORSN project, should be configured equally. But the ORSN cannot influence this part of configuration.

Q:

Supporting ORSN the DNSSEC?

A:

No! And it will never support because it's "SnakeOil". For more information visit Wikipedia (Root-Key, DDOS-Amplification)



General Information
ORSN Documentation
Project Members

Join ORSN
Support
FAQ

Technical Information
Server Map
Top Level Domains
Public Nameserver
WHOIS Database

Sponsors
Press
Documents & Logos

Contact Team
Mailing List

ORSN Root CA (SSL)
ORSN PGP PubkeyORSN PGP Public Key
Truecrypt 7.1aTrueCrypt 7.1a


SystemstatusTools
Sitemap Contact us SSL System Status


© Copyright 2002, 2015 by ORSN
Open Root Server Network
All rights reserved.

The following SLDs are
provided by ORSN:

orsn.org | orsn.net | orsn.eu
orsn.de and orsn-servers.eu

All other domains
(e.g. orsn-servers.net | .com)
are not provided by this project.

Notice: Please don't use Internet Explorer on this site ;-)

Language
DE | EN

Your namespace
ICANN


Powered by FreeBSD



Project |  Members |  Join |  Support |  FAQ |  Servers |  Map |  TLDs |  Pub DNS |  WHOIS |  Sponsors |  Press |  Documents |  Contact |  Impressum |  Mailing