Anycast DNS: What, Why and How
What is Anycast DNS and How Does it Work?
The Domain Name System (DNS) is a global infrastructure that translates human readable hostnames (such as www.example.com) into machine readable IP addresses (such as 188.8.131.52). This happens via DNS requests, which are submitted by browsers and network devices to DNS servers. Anycast DNS enables automatic routing of DNS clients to the optimal DNS server.
Unicast vs. Anycast DNS Routing
- In unicast DNS routing, the DNS resolver, a component on the DNS server responsible for finding the authoritative DNS record for the requested hostname, can obtain a list of multiple DNS name servers. It tries the first one on the list, waits until it responds or there is a timeout, and then tries the next on the list. This can create high latency.
- In anycast DNS routing, resolvers are configured with a single anycast address for every group of name servers. This virtually eliminates the latency -the timeout delays that would occur when a resolver would have to query a non-responsive nameserver do not occur, because anycast routing automatically removes unreachable points of presence from consideration. With anycast, he DNS resolver is always routed to the nearest and highest performing DNS server.
What is Anycast?
Anycast is a network routing method in which a client connects to a single address, but may be routed to one of several destinations. Routing is determined by one of two schemes. In a Network Layer Anycast scheme, the router selects a destination optimal for the user and content provider, based on number of hops. In an Application Layer Anycast scheme, the router may also take into account additional calculations, such as server availability, time to response, number of connections, and so on. Anycast is commonly used by Content Delivery Networks (CDN) to route users to Points of Presence (PoP).
Unicast vs. Multicast vs. Broadcast vs. Anycast vs. Geocast
The Internet Protocol allows five addressing methods, one of which is anycast:
- Unicast—one-to-one association between a sender and destination
- Broadcast—one-to-all association, packets are routed to all possible endpoints on the broadcast network
- Multicast—one-to-many-of-many or many-to-many-of-many association. One transmission of packets is routed to multiple recipients—a subset of all accessible nodes.
- Anycast—one-to-one-of-many association; packets are routed to one member of a group of recipients identified by the same address, selected by an algorithm.
- Geocast—a specialized form of multicast, packets delivered to a group of destinations identified by their geographical locations.
How Does Anycast Work?
When a network request is made to an IP address associated with an anycast network, the network distributes the request between different destinations by looking for the path with minimal network hops between client and server.
Anycast makes a network extremely resilient. Traffic automatically finds the best path, so even if entire data centers go offline, requests are automatically routed to the next-nearest data center, and users experience only a small reduction in performance.
IPv4 Anycast Support
Internet Protocol Version 4 (IPv4) is the previous version of Internet Protocol. A newer version, IPv6, was introduced as far back as 1998. As far as anycast support goes:
- IPv4 does not support anycast
- IPv6 does support anycast, but IPv6 is still used by under 20% of devices on the Internet
Because most devices on the Internet still use IPv4, the common workaround is to use the Border Gateway Protocol (BGP). The technique is to give multiple hosts the same unicast address, and let clients think they are communicating using unicast, but in the background, route packets with anycast using BGP.
The problem is that if the destination changes in mid-connection—called a PoP switch—the connection could be dropped. Therefore BGP/unicast routing is not safe to use with the Transmission Control Protocol (TCP). It is however okay to use with connectionless network transport protocol, like the Unified Datagram Protocol (UDP).
This makes DNS a natural use case for anycast, because DNS is based on UDP, so it can be safely used with BGP-based anycast routing.
6 Benefits of Anycast DNS
Anycast DNS has substantial benefits, both for end users and content providers or website owners. Here are 6 benefits of anycast DNS compared to traditional unicast routing:
- Automatic load balancing—anycast load balances queries between DNS servers, especially if all routes have equal cost.
- Enhanced DNS security and DDoS attack mitigation—in the event of a Distributed Denial of Service (DDoS) attack against DNS servers, anycast routing will dampen its effect, because attack traffic will be distributed across the entire network.
- Improved network latency—because anycast automatically picks the DNS server that is closest in terms of network hops, users experience lower latency for any web address they need to resolve via DNS (and does not already exist in local cache).
- Improved network availability and DNS high availability—anycast dramatically increases the uptime and availability of any network services that depend on DNS.
- Improved network reliability—anycast DNS ensures that DNS services are instantly failed over, even if one of more of a group of DNS servers fail.
- Simplified DNS configuration for clients—anycast DNS simplifies configuration of client DNS resolvers, making it possible to use the same name server IP addresses for all DNS client resolvers, with no need for DHCP templates, imaging or static multi-IP configurations.
NS1—A Next-Generation Anycast DNS Service
NS1 is a next-generation DNS platform which can be used as a service, or deployed on-premises. NS1 complements the benefits of anycast by offering additional traffic routing and management capabilities.
For example, while anycast can route users to the DNS server nearest to the user in terms of network hops, NS1 comes in one step earlier and helps provide an optimal DNS answer for the current user. For example, if there are several Content Delivery Networks (CDN) available, each accessed as a pool of anycast servers, NS1 can help select the optimal CDN for the current user.
NS1 can decide where to steer traffic based on:
- Geolocation—NS1 obtains geographical metadata about every DNS resource, determines user location via geo-IP, and performs proximity-based routing for every user request.
- Load, capacity and cost—NS1 determines internal traffic parameters for each resource such as load, capacity and number of current connections, or even the cost (this is a cost you provide directly to NS1 via its API) of the resource.
- Bandwidth and connectivity—NS1 performs regular health checks on resources to check availability, bandwidth and network latency, and uses this data to route users to the most responsive available resource.
Even more important, NS1 provides fast propagation—it operates a global anycasted network that can propagate DNS changes in seconds, instead of hours or days in traditional setups.
Get a free trial of NS1 to test drive a fully anycasted, next-generation DNS platform.