Hello everyone, Greetings from India. I hope lot of you have enjoyed APRICOT event at New Delhi. I wanted to bring an important issue. It's about DNS root servers in India. So anurag@laptop:~$ dig . ns +short i.root-servers.net. e.root-servers.net. j.root-servers.net. l.root-servers.net. k.root-servers.net. d.root-servers.net. h.root-servers.net. f.root-servers.net. m.root-servers.net. c.root-servers.net. a.root-servers.net. g.root-servers.net. b.root-servers.net. I can see India has 3 root servers hosting root zone - i, j & k in India which is good. So we can resolve the root zone i.e dot within India. Next, looking gTLD servers used by popular TLDs like com/net/org: anurag@laptop:~$ dig com. ns +short g.gtld-servers.net. f.gtld-servers.net. a.gtld-servers.net. h.gtld-servers.net. e.gtld-servers.net. d.gtld-servers.net. j.gtld-servers.net. i.gtld-servers.net. c.gtld-servers.net. m.gtld-servers.net. l.gtld-servers.net. k.gtld-servers.net. b.gtld-servers.net. None of these gTLD root servers are in India. I have tested routes to each of them from BSNL (AS9829), Tata Comm (AS4755 & AS6453), Airtel (AS9498) - all land up outside India - most of them in Europe and US, and couple of them in Singapore, and one in Australia. Why so? Please correct me if I am wrong on this analysis but this seems not efficient setup to me. Any damage on outside connectivity (which is common with Earthquakes or ships hitting submarine fiber, and eventually opposite route getting chocked with traffic) - can cause huge issues on sites which are hosted within India. And so this is how google.com is resolved in India: anurag@laptop:~$ dig google.com +trace ; <<>> DiG 9.7.1-P2 <<>> google.com +trace ;; global options: +cmd . 11352 IN NS i.root-servers.net. . 11352 IN NS e.root-servers.net. . 11352 IN NS j.root-servers.net. . 11352 IN NS l.root-servers.net. . 11352 IN NS k.root-servers.net. . 11352 IN NS d.root-servers.net. . 11352 IN NS h.root-servers.net. . 11352 IN NS f.root-servers.net. . 11352 IN NS m.root-servers.net. . 11352 IN NS c.root-servers.net. . 11352 IN NS a.root-servers.net. . 11352 IN NS g.root-servers.net. . 11352 IN NS b.root-servers.net. ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 57 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 491 bytes from 128.63.2.53#53(h.root-servers.net) in 264 ms - Hitting outside root server, but anyways alternate i,j,k are up in India so good overall. google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns3.google.com. google.com. 172800 IN NS ns4.google.com. ;; Received 164 bytes from 192.5.6.30#53(a.gtld-servers.net) in 315 ms - Hitting outside server and it will always hit outside since no server here. Problem. google.com. 300 IN A 173.194.36.3 google.com. 300 IN A 173.194.36.4 google.com. 300 IN A 173.194.36.0 google.com. 300 IN A 173.194.36.2 google.com. 300 IN A 173.194.36.8 google.com. 300 IN A 173.194.36.1 google.com. 300 IN A 173.194.36.5 google.com. 300 IN A 173.194.36.7 google.com. 300 IN A 173.194.36.6 google.com. 300 IN A 173.194.36.14 google.com. 300 IN A 173.194.36.9 ;; Received 204 bytes from 216.239.32.10#53(ns1.google.com) in 305 ms Also, looking at reverse DNS root servers: anurag@laptop:~$ dig in-addr.arpa. ns +short a.in-addr-servers.arpa. b.in-addr-servers.arpa. c.in-addr-servers.arpa. d.in-addr-servers.arpa. e.in-addr-servers.arpa. f.in-addr-servers.arpa. Again, none of these hosted in India. So for each email sent within any domains across India - during smtp check, rDNS is resolved from outside world? (SMTP auth. being one of mail roles of rDNS besides few others). I have collected data about paths from popular Indian backbones to each of these servers. If anyone interested, please let me know. *Sidenote: I know NANOG is primarily for North America but I really appreciate good replies and was wondering if someone can tell me if my understanding is wrong.* Very much interested in hearing comments from community on this. Thanks. -- Anurag Bhatia anuragbhatia.com or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected network! Twitter: @anurag_bhatia <https://twitter.com/#!/anurag_bhatia> Linkedin: http://linkedin.anuragbhatia.com