Anycast DNS helps business create scale and redundancy for large query loads and ensures continuity of service during peak traffic periods. It helps cut down on latency and bandwidth costs, improves load time for users, and improves availability. Any online property that requires 100% uptime and limited lag time should utilise anycast DNS
It’s important to understand the different types of DNS out there. The three main types of DNS offered can be classified as unicast DNS (Standard among Registrars), multicast DNS and Anycast DNS. They all work slightly differently:
uses a one-to-one association, where each destination address is uniquely identified as a single receiver endpoint. Traditional DNS deployments are configured with unicast addresses.
Unicast DNS uses a one to one association
uses a one-to-unique many association, where datagrams are routed from a single sender to multiple selected endpoints in a single transmission, using a multicast group address. A common use of multicast is streaming audio, where the audio is published via multicast addressing and clients pick up the routed stream as a channel.
Multicast DNS uses a one-to-unique many association
Anycast DNS works by using routing protocols such as Border Gateway Protocol (BGP) to send DNS queries to a preferred DNS server or group of DNS servers (for example: a group of DNS servers managed by a load balancer). This can optimize DNS communications by obtaining DNS responses from a DNS server that is closest to a client.
With Anycast, servers that exist in multiple geographical locations each advertise a single, identical IP address to their local gateway (router). When a DNS client initiates a query to the Anycast address, the available routes are evaluated, and the DNS query is sent to the preferred location. In general, this is the closest location based on network topology. See the following example.
Figure 1: Four DNS servers located at different sites on a network each announce the same Anycast IP address (black arrows) to the network. A DNS client device sends out a request to the Anycast IP address. Network devices analyze the available routes and send the client’s DNS query to the nearest location (blue arrow).
Summary of the Benefits of Anycast DNS
Improved Reliability – Anycast improves reliability of DNS through the placement of multiple geographically dispersed servers at the same IP address. The redundancy of these DNS servers makes the service more highly available and reliable.
Improved Performance – Packets destined for Anycast DNS servers will be routed to the “nearest” server in the topology. This helps ensure that DNS clients are querying their local servers first before using remote servers based upon routing and topology.
Enhanced Security – Geographically dispersed DNS servers that operate using the same IP address makes the DNS service more resilient to DoS and/or DDoS attacks because its much tougher to launch attacks on hosts that use duplicated IP address schemes that reside in different parts of the network.
Protection against DDoS attacks – Successfully launched DoS and/or DDoS attacks will typically be localized and only affect a portion of the entire Anycast DNS group.
Increased Availability – A DNS Anycast server that becomes unavailable due to failure or routine maintenance will have very little impact on name resolution service because the service routes are withdrawn from the routing tables. Routing will divert this traffic to new alternate best path servers in the Anycast group.
Brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, Anycast DNS services, SSL Management, domain name brokerage and dispute management and brand security consultation services.