To complement HermanB answer, and provide another viewpoint touching on other topics:
Each zone maps a portion of the DNS name space, holding the relative info in a text file
No need here to specify how each zone is handled, and in fact many are not in "text file". This is irrelevant to users (clients of the DNS system), they ask an authoritative nameserver and get back a reply. How that reply is computed on the nameserver, and what sources are used for that are mostly hidden and plenty as well.
In short, the content can be as well in a database, or computed dynamically on request, like changing the reply for geo-located load-balancing depending on the IP address of the source or some other data in the DNS packet, like with the EDNS Client Subnet extension.
I understood that there are, among others, two types of zones: primary zones and secondary zones
Again, that is mostly not exactly it or at least not anymore.
When DNS started, things were simple. All setup were like, for a given zone, one nameserver was primary and other nameservers were secondary (you can find as well master/slave terminology but this is currently considered ill-advised to use), which means the data was really only at the primary server and the secondary ones used internal DNS requests (AXFR and IXFR queries, and then also DNS Notify for the primary to trigger faster synchronization) to get the data.
Even then, for clients, it made almost never a difference (if everything was running correctly of course, if some primary -> secondary path was broken, the zone contents served would start to differ). So in that sense there is no "primary" or "secondary" zone. There is a zone, hosted in different nameservers and in the past there were primary and secondary nameservers.
But note again this is an implementation detail. How a "constellation" of nameservers are configured, so that they all have the same data and all reply the same for a given zone is an hidden part of the thing, clients do not have to know that and most often won't know. The above setup is probably now not the one used anymore, where people use off band means to synchronize content, like for example with DB replication, or disk based replication with rsync
or equivalent, or even DNS update messages.
You may want to consult the RFC on DNS terminology at https://www.rfc-editor.org/rfc/rfc8499 which lists and defines a lot of terms, after extended work by multiple parties (and a new version is being drafted).
You will see no definition for "primary zone" (because as explained above this is not a real thing in the DNS) but you will find definitions for "primary server".
What it is not is the fact that it seems that we can have only one DNS server on which we can have the primary zone file;
Based on the above paragraph you should see now that this sentence is incorrect.
Any zone is served by multiple nameservers and each zone is supposed to have at any time a copy (or a way to get this copy) of the zone. For external clients, DNS users, there are no differences between these nameservers, they all reply the same.
if we can have only one server hosting the primary zone, for example the primary zone for “com”, how it is possible that there are multiple providers that can be able to register domains “.com” i.e. can be able to modify the “com” primary zone ?
Here you are coming to the edge of the DNS: DNS is about publishing data and querying for it. It says (almost) nothing about how this data is created and updated. Anyone is free to run its nameserver authoritative for any given zone (but of course without consequences until some parent specifically delegates things to this nameserver) and as such is free to decide what is in this zone.
When the domain name industry started and begin to grow, in the eighties and nineties, the following was already done:
- TLDs were planned, either ccTLDs (one per country), or gTLDs for "everyone"
- when already running, each TLD had a registry, the single owner of it, making it work and also deciding its policies, that is who can register names in it, and how.
At that times, .COM
for example was run by Network Solutions
and there were no registrars. Anyone was able to go to Network Solutions and pay $70 for a 2 years period of a given domain name.
Later it was decided that it should be broken, hence the registry/registrar model was introduced. The registry remains the runner of the zone, taking care of having authoritative nameservers replying for all domains in the zone.
It then works only with some specific companies, called registrars, which are accredited and are able to send commands (register, update, renew, delete, etc.) to the registry on behalf of end clients. This was using at that time a protocol called RRP, and is currently done almost everywhere (but not absolutely everywhere, for example not in .DE) with a protocol called EPP.
The registry decides on the rules, both technical (characters allowed in name, length, reserved names, etc.), financial (prices of domain names, either global or per types like premiums, and/or per operations, including promotions, etc.) and legal (eligibility requirements, if anyone can get any name or not, etc.). So that determines which names can end up being registered and hence published in the DNS (except for names registered without namesevers or with nameservers but on hold for various reaons, in which cases nothing is published in the DNS for that name). And then registrars have to use the appropriate method to send commands conforming to the above rules to the registry, and in turn accept end clients requests, bill them, etc.
Note that, with some exceptions, domains are not free (as in beer) so the registry bills registrars per domain name, and in turn registrars bill end clients per domain name.
In the past, ICANN regulations prohibited a single company to be both registry and registrar for obvious danger of non competitive behavior (which is why after Network Solutions was bought by Verisign, Verisign has to sell of the registrar part of it to be again Network Solutions, and Verisign keeping the role of registry for com/net/org - and after that .ORG TLD was re-assigned to another operator), but this is now lifted. Also in the ccTLD world there are not always registrars (especially in smaller TLDs), and sometimes even if there are, the registry also acts as a registrar (.DE being a canonical example of that).
How it is possible that there are “13 servers” that holds the same root primary zone?
There is nothing special here, considering all the above. Any zone can be served by multiple nameservers. 13 is only a (kind of) magical number due to the way packets are constructed and the desire to fit things in less than 512 bytes.
It is only a logical value anyway, because now all of them are using IP anycast, so there are thousands of "POPs", and each one is also not a single box but multiple ones (again each provider doing its own mix there).
And the zone is not special nor hidden in any way, you can download it from IANA website, or even use the DNS AXFR query on some of the 13 logical nameservers that accept it to retrieve the full zone.
You can even run it locally, and there may be even good reasons for that, look at https://www.rfc-editor.org/rfc/rfc8806 "Running a Root Server Local to a Resolver": "[..] resolvers can greatly decrease the round-
trip time and prevent observation of requests by serving a copy of
the full root zone on the same server, such as on a loopback address
or in the resolver software."