+Raíces

Project goals

The main goal of the +Raices project is the installation of anycast root server copies in various countries of the LACNIC region. By installing these servers at strategic locations throughout the region such as IXPs (Internet Exchange Points) and NAPs (Network Access Points), the project seeks to achieve greater resiliency for one of the Internet's most critical resources, the DNS. It provides redundancy and reduces vulnerability, allowing a better response in case of potential DDoS attacks or infrastructure failures that could render certain root servers inoperative.

LACNIC's Role

LACNIC's role is to coordinate with host organizations and those providing the root servers, as well as to promote these new root servers. In certain cases, LACNIC may sponsor the installation of a root server copy.

About the Project

This initiative is part of LACNIC's ongoing role as a promoter of regional Internet development. The +Raices project helps strengthen global Internet infrastructure and stability. In other words, it broadens the scope and improves the strength and response times of the DNS system (an essential part of Internet infrastructure) at both regional and global level. For this reason, LACNIC has signed the following agreements:

Structure

The Domain Name System (DNS) is based on a hierarchical tree-like structure in which millions of servers worldwide have part of the information needed to make the system work.
At the root of this system there is not one but thirteen servers performing this function, each of which is identified with the letters A to M. These thirteen servers share the same hierarchy, and none is subordinated to another. Ten are in the United States, two in Europe and one in Japan.

Anycast

Anycast has long been used to announce the same prefix from several different locations. The routing system can then identify which location is closest to each user. A few years ago, this technique began to be used to create root server "clones," thus overcoming the technical limitations that do not allow implementing new logical root servers.
Users only see the root server closest to them, not the original server or other copies. This increases the system's efficiency while providing greater security and stability. If for some reason an anycast copy of a root server fails, users will automatically start seeing other copies or other root servers.

How to participate in +RAICES

If you would like to host an anycast root server copy, please contact LACNIC at raices@lacnic.net. In order to better process your request, we recommend providing a brief description of your organization and how it connects to the Internet.

Installed copies

Copy City, Country Organization Role of LACNIC Operational Since
L Caracas, Venezuela REACCIUN Coordination February 2012
L Montevideo, Uruguay SECIU Coordination March 2012
L Quito, Ecuador AEPROVI/NAP Ecuador Funding and coordination March 2012
L San Salvador, El Salvador IX/SVNet Coordination August 2006
L Quito, Ecuador AEPROVI Coordination August 2012
L Bogotá, Colombia CCIT/NAP Colombia Funding and coordination October 2012
L Asunción, Paraguay COPACO Coordination June 2013
L Caracas, Venezuela REACCIUN/CENIT Coordination  February 2015
L Santiago, Chile Telefónica Coordination May 2015
L Santiago, Chile Telefónica Coordination May 2015
L Cochabamba, Bolivia COMTECO Funding and coordination September 2016
L Quito, Ecuador AEPROVI/NAP Ecuador Funding and coordination  February 2020
         
F Santiago, Chile NIC.CL Coordination and funding December 2005
F Buenos Aires, Argentina CABASE Coordination and funding August 2006
F Caracas, Venezuela CNTI Coordination and funding October 2006
F Panama City, Panama NIC.PA/ UTP Coordination and funding July 2007
F Quito, Ecuador AEPROVI Coordination and funding August 2007
F Sint Marteen OC-IX Coordination and funding July 2009
F Port-au-Prince, Haiti AHTIC Coordination and funding May 2010
F Montevideo, Uruguay ANTEL Coordination August 2015
         
K Montevideo, Uruguay LACNIC Funding and coordination January 2016
K Buenos Aires, Argentina ARIU Funding and coordination May 2017
K Panama, Panama CWP - Cable & Wireless Panama Funding and coordination May 2018
I Montevideo, Uruguay LACNIC Funding and coordination June 2016
I Asunción, Paraguay IXP.Py / NIC.Py Funding and coordination February 2018
I Mexico Transtelco Coordination  July 2018
I Guayaquil, Ecuador CEDIA Coordination September 2019
I Santo Domingo, Ecuador IXP Ecuador Funding and coordination January 2020
I Concepcion, Chile PIT Chile Funding and coordination April 2020
I Cochabamca, Bolivia Comteco Funding and coordination September 2020
I Monterrey, Mexico Transtelco Coordination October 2020
I Buenos Aires, Argentina ARIU Coordination November 2020
I Suriname Telesur Funding and coordination December 2020
I Guatemala IXP-GT Funding and coordination March 2021
I Lima, Peru PIT Peru Funding and coordination April 2021 
I Panamá, Panamá InteRed Coordination September 2022

 

Requirements

Dell PowerEdge servers with iDRAC interface v7 or above for remote administration. The server requires three network interfaces:

  • iDRAC interface
  • Gigabit Ethernet interface for system management
  • Gigabit Ethernet interface for production (anycast traffic)

IPv4 and IPv6 connectivity are both required. The host organization must provide:

  • A global IPv4 address (routable) for iDRAC; IPv6 is not required
  • For interface management, either an IPv6 address with NAT64/DNS64, or an IPv4 and an IPv6 address are required
  • The production interface also requires an IPv4 address (and eventually an IPv6 address), which may be private, to connect with the host institution's BGP neighbor

This BGP session will be used to announce the anycast prefixes, which for the K root server as follows:

  • 193.0.14.0/24
  • 2001:7FD::/48
  • ASN 25152

Supermicro PR-6018R-WRF servers with IPMI 2.0 interface are suggested for remote management:http://www.supermicro.com/products/system/1U/6018/SYS-6018R-WTR.cfm

The server requires three network interfaces:

  • IPMI interface
  • Gigabit Ethernet interface for system management
  • Gigabit Ethernet interface for production

IP addressing:

  • One public IPv4 address for the IPMI interface
  • One public IPv4 address for the management interface
  • One public /28 IPv4 prefix and preferably a /64 IPv6 prefix routed through the management interface
  • One IPv4 address (which may be private) for the operational interface to connect with the neighbor NBGP

Anycast prefixes announced together with the as-path are as follows:

  • 192.36.148.0/24   ^8674_29216$
  • 194.146.106.0/24  ^8674$
  • 194.146.107.0/24  ^8674$
  • 194.146.108.0/24  ^8674$
  • 2001:67c:1010::/48 ^8674_29216$
  • 2001:67c:1011::/48 ^8674_29216$
  • 2001:7fe::/33 ^8674_29216$

For the deployment of a L instance under the L-Single program, the purchase of L-Root appliance is required.

For additional information please visit http://www.dns.icann.org/lroot/ and http://www.dns.icann.org/lroot/faq/

Announced anycast prefixes:

  • 199.7.82.0/23
  • 199.7.83.0/24
  • 2001:500:3::/48
  • 2001:500:9e::/47
  • 2001:500:9f::/48
  • AS20144

There are no specifications regarding the type of servers to be used. ISC operates an open peering policy with the locations where they deploy F root server copies: https://www.isc.org/f-root/network-peering/. More information: https://www.isc.org/f-root/

Announced anycast prefixes:

  • 192.5.4.0/23
  • 192.5.4.0/24
  • 192.5.5.0/24
  • 2001:500:2E::/47
  • 2001:500:2E::/48
  • ASN3557

Report: Use of DNS Root Servers in Latin America