What Is DNS Anycast and How Does It Work?

Written by Simon in Website + Online Presence

You may have heard of DNS anycast but aren't quite sure what it is or how it works. In this article, we'll take a look at what DNS anycast services are, how they operate, and some of the benefits they offer. By the end, you should have a much better understanding of what DNS anycast is and whether it might be right for you.

What is DNS Anycast?

DNS anycast is a technique to route traffic (like website visitors) to different destinations. This allows distribution between several copies of a website ensuring not only faster connections but also availability in case one copy is going down.

We will have a closer look at how this is working in a second. But first, let's briefly cover the use cases for DNS anycast services.

With this network routing technique, data can be sent to multiple destinations simultaneously. Anycast networks are often used for applications like content delivery and distributed denial-of-service (DDoS) mitigation, where reliability and performance are paramount.

How Does DNS Anycast Work?

In a traditional unicast network, data is sent from a single source to a single destination. An anycast network, on the other hand, uses special routes to send data from a single source to multiple destinations simultaneously. The source device simply broadcasts the data to all connected devices and lets the anycast protocol take care of the rest.

The main benefit of using an anycast network is that it can improve reliability and performance by providing multiple paths for data to take. If one path is congested or experiencing problems, the data can simply take another path to its destination. This can be especially helpful in cases where downtime is not an option, such as with mission-critical applications.

A term you will often hear in this context is redundancy. This means that a thing (e.g. your DNS zone or your website - depending on the complexity of the service) is replicated and provides either alternate access points (depending on the geolocation of visitors) or to provide fallback solutions in case your servers are suffering an outage (be it the nameservers storing your DNS zone or the server of your web hosting).

Who Uses DNS Anycast?

Anycast networks are used by a variety of organizations for different purposes. Content delivery networks (CDNs) like Akamai and Cloudflare use anycast to route traffic to servers around the world and deliver content faster. Security companies like Incapsula use anycast to protect websites from DDoS attacks by spreading incoming traffic across multiple servers. And major internet service providers (ISPs) use anycast to route traffic destined for popular websites like Google and Facebook.

Are DNS anycast services recommended for normal websites?

DNS anycast services are generally a good idea for any website. However, a rule of thumb is that the larger the website the more relevant it is to use DNS anycast service. There are suitable products for small sites and large sites alike.

Why it is recommended for normal websites too?

As DNS anycast can mitigate DDoS attacks on your website it is a great way to protect you and to ensure that your website is available at all times.

As DNS anycast can mitigate DDoS attacks on your website it is a great way to protect you and to ensure that your website is available at all times.

This is because it takes less time to resolve your domain. Instead of visitors two continents away having to check the DNS zone near you they get the proper route quicker.

Usually, this only makes a difference of a few milliseconds but if you are running a website with thousands of visitors a day this can make a huge difference - for small sites not really. Still the protective aspect remains.

Note: For repeated visits for a site DNS anycast usually makes no difference anymore, as at this point the used browser already has the route to your website cached. It doesn't need to look it up anymore.

How anycast services are regulated

Against popular believe, the internet is a quite strongly regulated place. For commercial entities offering services to the public there are quite a few rules they have to follow.

The same goes for DNS anycast providers too. They have to play by the book, just like everybody else.

A lot of these rules are common sense (like not being able to spoof IP addresses). But some of them are more obscure, like having to provide law enforcement access to data when requested or being required by ICANN (the organization that oversees DNS) to have a certain amount of capacity in each region.

The most important regulatory authority for domain issues is the ICANN (Internet Corporation for Assigned Names and Numbers). It sets the rules and makes sure that domain providers comply with them.

But with DNS Anycast, there's another party involved. You may not have heard of it, but it's the one you have to thank for making the Internet work as smoothly as it does. That party is called the Internet Engineering Task Force (IETF).

IETF is responsible for the protocols that make the internet work. They come up with new standards (like IPv6) and improve existing ones (like DNS).

When it comes to DNS anycast IETF has published a set of best practices. While these are not mandatory they are followed by most providers.

They are defining so-called RFCs (Request for Comments) which are then discussed, improved, and eventually become the standard that everybody uses.

For DNS Anycast there is a relevant is RFC 4786: Operation of anycast services.

This document is defining how anycast services should be operated and what providers have to take into account.

So when you are looking for a DNS anycast provider it needs to be made sure that they are following the best practices defined in this RFC - which to be honest the case for every well-known provider of this kind, so there is no need to worry really.

Are there any drawbacks with using DNS anycast?

There are only two possible drawbacks:

  • DNS anycast services usually come at an extra cost
  • There is extra effort to set it up compared to using your default DNS service

The first point is pretty obvious, because running an anycast service requires additional infrastructure and staff. So you have to pay for that.

How much this will be depends on the provider you are using. Some of them (like Cloudflare) even offer a free plan, but with limited features of course.

The second point is also quite logical. Since DNS anycast is a bit more complex to set up than a normal DNS service, it will take some time to get everything configured correctly.

Again, this totally depends on the provider you are using and how comfortable you are with such technical topics. Some of them (like AWS Route 53) offer a very user-friendly interface, while others (like Cloudflare) require a bit more knowledge to set everything up.

Conclusion

DNS anycast is a powerful tool that can improve reliability and performance by providing multiple paths for data to take. If one path is congested or experiencing problems, the data can simply take another path to its destination.

This can be especially helpful in cases where downtime is not an option, such as with mission-critical applications. Any business that relies on having a website up and running at all times should consider using DNS anycast to protect against downtime.

Recent posts

en_GBEN
de_DEDE en_GBEN