grandkaiser

It's a little stronger than that. The country gets the final say on where the root zones point to when it comes to their assigned country code. Many countries employ private organizations to handle their TLD. They aren't supposed to be paid for that though. (But it 1000% happens under the table)

To answer your other question: most likely, www.cakefarts.com is now accessible from cakefarts.com for one of three reasons:

1. Your web browser automatically checks the A record "www" if "cakefarts.com" doesn't have an A record. A records are the records in a DNS server that says "this domain goes here"
2. The site cakefarts.com put their website on cakefarts.com and placed a CNAME record called "www" that points to cakefarts.com
3. cakefarts.com has an APEX record that points to www.cakefarts.com

For the 'record', www is just a really common record name. There's nothing special about it. You could have dudebro.cakefarts.com or wwwwwww.cakefarts.com. It's up to the domain owner.

Btw, .com is owned by the US Department of COMmerce. .org is owned by a non-profit organization called "Public Internet Registry"

Also, if you're genuinely interested in this field, first you should enter the world of enterprise network engineering. Get Security +, CCNA, and PCNSA. With those certs in hand (and knowledge in your brain), apply to jobs as a network support engineer. Do the work for a few years. Learn BIND. Learn Infoblox. Focus on learning DHCP and subnetting. Learn DNSSEC & IPv6. Experiment with a Pi Hole. Set up a home lab. Apply to jobs with DNS. Start living the good life. This takes about 10 years if you learn fast and are good at interviews.

Ah, thanks for the info! I have no idea how Lemmy stuff works. I only became aware of Lemmy last month.

An alternative DNS root is where someone other than IANA sets up a root zone. At the end of the day, root zone authority is technically not "hard coded". It's a terrible idea to set up an alt root or to use one for these reasons:

1. Security. This is the biggest one. DNSSEC works via setting up Trust Anchors with the root zone and chaining down the tree all the way to the recursive DNS server. DNSSEC doesn't work if anyone in there doesn't have a trust anchor for the root zone. Additionally, if that root zone is untrustworthy, you can effectively have DNS poisoning happen at the root level. Imagine having two google.com's based on which root zone (and therefore walking two separate trees) you ask.
2. It encourages dividing the internet. The two largest Alt zones are Russia's (RNDNS) and China's (.chn). RNDNS exists as a continuity plan in case the rest of the world decides to cut them off of the internet. China's is part of a hare-brained plan to "reinvent the internet under IPv9" (an idiotic plan that sounds even more crazy than Iran's supposed "quantum computer")
3. Pointing to a different root zone can cause a lot of headaches for diagnosing DNS issues when they aren't coming down from the same root zone. It can cause different answers (and a parallel tree).

To answer your second question, they are not good for acting as a way to mitigate DNS failures. No domain servers are going to be asking them in the first place, meaning no one can get there even if it does have the "correct" answer. If all 13 root servers went down simultaneously, the results would be catastrophic. But that's also why they're physically located around the world in many different countries in heavily secure facilities with many High-Availability servers (clone servers that instantly take over if there's a failure, the ultimate "hot" server)

You wouldn't want to have a DNS server ask two root zones anyway. If it can't reach the root zones, then that needs to be addressed. You can't just ask a "less secure" server in case the primary doesn't work. That's just begging for a security breach via cutting off access to the primary root zones so that they "fail over" to the less secure ones.

So here's the thing about TLD's, ownership of them is determined by IANA (Internet Assigned Numbers Authority). They're basically my career's gods. If they tell me to jump, I ask "how high". They control the DNS root zone. Effectively, that's the actual top-level of ALL domains. If they decide to remove a TLD or reassign it, all you can do is lodge a complaint straight to their shredder. They're owned and operated by ICANN, a non-profit organization.

Back in 2013, Mali allowed a private Netherlands company to "manage" (rent) their TLD, .ML Recently, that company (Freenom) got sued by Meta. Even though I don't really like Meta, as a network engineer, I don't like Freenom even more. They turn a blind eye to bad actors on the internet, refuse to investigate hackers/scammers/DDOSers, and generally refuse to play ball. They are a huge pain in the ass. Due to the lawsuit, IANA reassigned ML to Mali since they asked for it. At the end of the day you "cant" sell a country-level TLD. Mali was renting it to Freenom under the table. This happens a lot and IANA usually just looks the other way. .io for example is the freakin' Indian Ocean.

So yeah, Mali didn't "snatch" it. They just asked IANA to reassign it and there isn't shit Freenom can do about it since they never "really" owned it in the first place.

Because it's the least-likely position to be staffed by a company. It's the "least important" person to have.... until it breaks. Often a company relies on routing-switching engineers to do DNS instead of hiring a dedicated DDI engineer (DNS, DHCP, IPAM). It saves money in the short term, but when shit hits the fan... no one knows how to fix it because DNS is really easy until it's not. DNS is super simple at a basic level. But it goes way deeper than most people realize.

Hi, professional DNS engineer here! if anyone has any questions about the inner workings of DNS or top level domains, ask away! (THIS IS MY MOMENT)

Yeah, thats the reality of much of politics. Headlines make up most people's world view.

They have. Why do you think they are currently trying to make open source illegal?

We are in an ice age right now.