The DNS is often called the phone book of the Internet. It is the system that translates IP addresses into human readable names that you can easily type into your web browser. If we follow this analogy, imagine if there was only one copy of the book in which your website was listed. Anyone who wanted to find your website would first have to travel to where that book was located to get your details. That’s a lot of unnecessary travelling!
Now imagine what would happen if that one book was compromised, damaged or destroyed. Your web presence would continue to exist but no one would be able to find it.
In simple terms, this is the situation you are in if you have just one name server answering queries for your domain. It’s fine for users who are close to that server, but for everyone else, it takes longer for them to be directed to your web presence. In the event of maintenance, a software glitch or a DDoS attack, your domain becomes unreachable.
1. How does Anycast DNS work?
Anycast DNS is a simple and extremely effective way to ensure users can always find your domain. Instead of having just one name server answering DNS queries for your domain, you get multiple instances of that name server distributed all over the world. This means that if one name server is unavailable, the system automatically reroutes DNS queries to another one. Anycast DNS uses intelligent network design to ensure that every DNS query is always answered by the best available name server. When the anycast network has a good global footprint, this guarantees low latency for all users no matter where in the world they connect.
2. How does Anycast DNS help my domain?
Let’s look at a concrete example of Anycast DNS in action. For this, we will use Netnod’s network which is identified on the Internet using the Autonomous System Number (ASN) 8674. Figure 1 shows the situation if Netnod had only one name server answering DNS queries for Netnod’s domains. This setup is called unicast as there is one server in one location answering all DNS queries. This means that queries coming from further away take longer to be answered. If that server goes down for any reason, either because of a DDoS attack or any kind of outage, the queries for Netnod’s domain won’t be answered. Netnod will still have a presence on the Internet, but users won’t be able to find it.
Figure 1: Queries answered by a unicast DNS setup.
Now compare the situation with an Anycast DNS setup. In Figure 2, we see two name servers answering queries for Netnod’s domain. Figure 3 shows that this enables queries to be directed to the closest available server. If one of these servers goes down (Figure 4), traffic is simply redirected to another server (Figure 5). This means queries for Netnod’s domain are always answered.
Figures 2-5: Queries answered by an Anycast DNS setup.
This example shows an Anycast network of just two servers. Imagine the same scenario but with 30 or 40 name servers. Netnod’s Anycast DNS network, one of the biggest available, has name servers answering DNS queries in more than 80 locations across the world.
3. Who uses Anycast?
Anycast is used by Top Level Domains (TLDs) and enterprise networks with customers connecting to their services from all over the globe. These organisations rely on Anycast DNS to ensure their services are always available and not affected by outages associated with a single point of failure or DDoS attack.
Anycast is also used by DNS root zone operators, such as Netnod, who operate one of the 13 root name servers. The root name servers are the entry points to the Domain Name System (DNS) and are a critical part of the Internet’s infrastructure. By using Anycast DNS, the root name servers are present at more than 1,500 locations around the world.
4. Why use an Anycast DNS platform?
Adding a reliable anycast network to your existing DNS solution is simple. A good DNS provider will walk you through the steps to ensure your domain is always available through Anycast DNS.
This means that, with no CAPEX costs on your side, you can:
i) Ensure redundancy and resilience
Anycast allows for multiple instances of a name server to be distributed across the world. If one anycast instance is unavailable, the system automatically reroutes queries to the best available location. Using anycast is one of the best things you can do to protect your business from DDoS attack.
ii) Reduce latency
The distributed nature of an anycast network means users’ queries are routed to the closest available instance of a name server. This gives significantly improved response times.
iii) Simplify your DNS management and save money
There is no need to configure each location separately. A good Anycast DNS provider ensures that your data is seamlessly copied across all global instances of your name server.
5. Netnod’s Anycast DNS service
Netnod has been providing Anycast DNS services for more than 20 years. We are trusted to run one of the world’s 13 DNS root name servers (i.root-servers.net) and to provide DNS services to some of the biggest TLDs on the Internet. With one of the largest global footprints available, our anycast platform ensures 100% uptime and handles several hundred million DNS queries per day. Find out more here.
You can arrange a consultation with one of Netnod’s DNS experts here.