There would be a root, or multiple roots, which would respond to requests to locate who should be asked about a domain, for example if you want to know the ip address for world.std.com the conversation goes roughly:
(To Root Server): Where is the COM server? (From Root Server): SOMEHOST (TO SOMEHOST): Where is the STD.COM server? (From SOMEHOST): 192.137.74.112 (TO 192.74.137.112): WHAT IS WORLD.STD.COM's IP ADDRESS (A RECORD)? (FROM 192.74.137.112): 192.74.137.5
Not quite right. It actually goes like this on the wire:
(To Root Server): WHAT IS WORLD.STD.COM <http://world.std.com/>'s IP ADDRESS (A RECORD)? (From Root Server): I don't know, but SOMEHOST is the one to ask about COM (TO SOMEHOST): WHAT IS WORLD.STD.COM <http://world.std.com/>'s IP ADDRESS (A RECORD)? (From SOMEHOST): I don't know, but 192.74.137.112 is the one to ask about STD.COM (TO 192.74.137.112): WHAT IS WORLD.STD.COM <http://world.std.com/>'s IP ADDRESS (A RECORD)? (FROM 192.74.137.112): 192.74.137.5 Or the DNSSEC option: (To Root Server): WHAT IS WORLD.STD.COM <http://world.std.com/>'s IP ADDRESS (A RECORD)? (From Root Server): I don't know, but SOMEHOST is the one to ask about COM, and you can trust SOMEONE if it signs with COM-Key. Signed with ROOT-Key. (TO SOMEHOST): WHAT IS WORLD.STD.COM <http://world.std.com/>'s IP ADDRESS (A RECORD)? (From SOMEHOST): I don't know, but 192.74.137.112 is the one to ask about STD.COM, and and you can't tell whether you are really talking to 192.74.137.112 since it's not signed. Signed with COM-Key. (TO 192.74.137.112): WHAT IS WORLD.STD.COM <http://world.std.com/>'s IP ADDRESS (A RECORD)? (FROM 192.74.137.112): 192.74.137.5. Rubens