How DNS Works and Why Only 13 Root Servers Exist

When browsing the web, users type domain names instead of IP addresses, similar to looking up a phone number in a contacts list. DNS (Domain Name System) translates these human‑readable names into IP addresses so browsers can connect to the correct web server.

DNS Hierarchy

Domain names are separated by dots, indicating hierarchical levels. The root domain sits at the top, followed by top‑level domains (e.g., com), and then the authoritative domain (e.g., server.com). The structure resembles a tree:

Root DNS server

Top‑level domain DNS server (com)

Authoritative DNS server (server.com)

Clients do not query the root server directly; they query a local DNS server, which then performs a recursive lookup.

Step‑by‑Step Resolution Example

The client sends a DNS query for www.server.com to its local DNS server.

If the local server’s cache lacks the answer, it asks a root server for the .com TLD server address.

The root server points the local server to the .com TLD server.

The local server queries the TLD server for the authoritative server of server.com.

The TLD server returns the authoritative server’s address.

The local server asks the authoritative server for the IP of www.server.com.

The authoritative server replies with the IP address.

The local server returns the IP to the client, which then connects to the target server.

Caching at the browser, operating system, and local DNS server reduces the need for repeated lookups.

Why Only 13 Root Servers?

There are 13 IPv4 root server addresses (A‑M). Each address represents a set of anycasted servers, not a single physical machine. Anycast allows multiple servers worldwide to share the same IP, improving resilience.

Historical constraints, such as the 512‑byte limit for DNS messages (RFC 1035) to avoid IP fragmentation, meant that a DNS response could only contain information for up to 13 root servers, so the standard settled on that number.

Can the U.S. Shut Down China’s Internet?

Although the primary root server is located in the United States, China operates many mirrored root servers that synchronize data from the primary servers. Even if the U.S. removed the .cn zone from the primary root, China’s mirrors could retain the records, preventing a nationwide outage for Chinese users. Only foreign users relying on the removed zone would be affected.

Historically, the U.S. has disabled the .iq domain for Iraq, effectively removing Iraq’s presence from the global DNS.

Thus, the architecture and distribution of root servers make it unlikely that a single country can completely cut off another nation’s Internet access.