Why DNS Anycast is Important

September 11, 2020 by Jonas Lejon
Why DNS Anycast is Important

Domain Name System (DNS) is the term used to describe an interconnection of systems that are used to translate IP addresses of a website into readable format on the webpage and vice versa. However, DNS Anycast configuration is introduced to allow the DNS system perform optimally. In a DNS Anycast set up, you will find multiple servers sharing the same IP address. So users can send in their queries on any of those servers and get responses as quick as possible. Also, when a node is down, a nearby node picks up the functionality of the failed node to execute the process which is why this method is chosen among companies that value the availability of their network service. In this article, we will be looking at how this concept helps to improve the availability and reliability of the network.

Improved reliability

Reliability of DNS network is improved because the Anycast configuration allows multiple servers to be installed in multiple nodes of the network, which improves load balancing. Load balancing is a term used when processes are evenly shared between different nodes to improve the performance of the network. It is important to note that this load balancing technique is not known to the DNS servers. Also, each node broadcasts the same IP address, user traffic is evenly distributed among servers globally and the network independently handles the process itself using the BGP routing protocol. So when a node stops working, the node is cut off and the next node closest to it is used for the process because all the nodes are well interconnected to allow for seamless execution of processes. This means users of the network are assured of high reliability when using the network.

Resilience against DNS DDoS Attack

Distributed Denial Of Service (DDoS) attack is used by hackers to infiltrate the network of different companies whose network is not distributed. The attack tends to force the system to shut down by incapacitating the firewall security system built around the network. However, with Anycast DNS, the network configuration is set up in a way that when a link in one location fails, a backup link closer to it picks up the functionality of the failed link so that the users of the service do not have to experience any delay when their process is being executed. Also, at the time the initial link fails, the network engineers of the company would start looking for several solutions to bring this link back on track. Anycast DNS structure absorbs this attack as long as they can because they are built to handle large queries.

How a bot attack against a regular network (unicast) versus an attack against an Anycast network. The load is lower on all nodes and they can handle the attack easily:

Anycast network