The root servers process a very large number of requests, a significant part of it caused by faulty software or network configuration causes. A filtering at the DNA level does not take place because it would spend because of the simplicity of a DNS request more resources, to answer as all requests.
According to RFC 2870, each root server to the triple peak can work around the most contaminated root server. This means that a root server may use during normal operation, only a third of its maximum capacity. If two-thirds of the root server should be able to answer the still operational third of the questions.
The attack with the greatest effect on the root servers was held on 21 October 2002. A DDoS was 75 minutes with a total of 900 Mb / s (1.8 Mpkts / s) on all 13 root servers. All the root servers were running though, as the upstream firewall rejected the attack traffic, but were about nine root servers through the flooded lines or not at all difficult to reach. Root server lookups were significantly delays by caching, however, there was no interference among users. Triggered by the DDoS attack, the reaction was accelerated by anycast.
Another attack took place on 15 February 2006, several days after the server name of a non-ICANN-called top-level domain had been attacked. The DDoS attack was carried out as a DNS Amplification Attack, thereby multiplying the volume of data which had come about. Two of only three root servers were attacked for 15 minutes not available.
On 6 February 2007, another DDoS attack on the root servers and simultaneously on several TLD name servers. Two root servers were not available.
Root servers are operated by different institutions. The Internet Corporation for Names and Assigned Numbers (ICANN) coordinates the operation.
Virtually every computer connected to the Internet is given a name server assigned to the unique names such as “xyz.org” may (the domain) to translate technical numbers (the IP address). If the name server for any information requested TLD (in this case “org”), he refers to the root server. There, for “org” authoritative name servers are queried. In the org name servers in turn are responsible for “xyz.org” authoritative name server asks for and then finally the IP address of “xyz.org”. Thus the name server that chain does not go through every time from scratch, it stores the responses for some time.
Rectifications to the root zone is first received by ICANN as part of the IANA functions to technical correctness, then to the U.S Department of Commerce forwarded. This VeriSign instructed to publish the change of zone. All root servers synchronize their database of redundant distribution servers from VeriSign. In the past, the root servers synchronized twice daily directly from the A-root, but this was abandoned in order to eliminate this single point of failure.