The DNS protocol is one of the most important component on the internet. This logical layer allows computer to find websites and services, and its performance has a direct impact on the user experience.
Because of the distribution of internet users on the map, it is critical to have real-time synchronized data to avoid internet fragmentation. However, due to the decentralized nature of DNS, this condition is rendered difficult by the long DNS propagation times which are still common today. Maintaining a large DNS network in perfect sync and with minimum update time is one of the most important challenges towards a unified internet.
OpenTLD’s AnyCast Cloud DNS is one of the largest and most resilient network of its kind. With over 465 million DNS requests per day, it supports 8% of all the domains on the internet and helps millions of people find their content quickly and safely.
To support such high number of domains managed by OpenTLD, it is critical to develop scalable ways to push zone updates throughout its entire DNS infrastructure, without the need to continuously upload massive zone files.
OpenTLD plans to have over 15 AnyCast locations in 2014, in order to get closer to the internet users and deliver faster response time and a better quality of service.
Through the use of a unique architecture and proprietary technology, we are able to send DNS zone updates throughout the world in 15 seconds or less.
What is AnyCast?
AnyCast means that several DNS servers announce (share) the same IP address simultaneously and from different physical locations via BGP4 routing. While internet users and resolvers see only 4 servers and 4 IP addresses, there are in fact dozens of DNS servers around the world. These servers are organized in nodes (or clusters), which contains 5 machines that allow both BGP and out-of-band (management) traffic. Through those, people around the world automatically connect to the server that is closest to them, and receive a response
Because AnyCast servers are identical, they also offer an effective way to prevent against DDoS attacks, which are automatically distributed between the different locations.
Why is AnyCast better than Primary / Secondary DNS?
In the traditional Primary / Secondary Server DNS setup, each server has a unique IP address, which can easily be targeted and abused, for example by a DDoS type of attack.
The redundancy of such architecture is much weaker than with AnyCast, and this is why most Registries are moving towards a fully AnyCast solution.
Name servers and Routers operations
For the operation of its name servers OpenTLD tries to stick very closely to the guidelines of operating a root server as defined and described in RFC2870, although that was written in the pre-AnyCast era. These aspects are therefore translated and seen from an anycast perspective.
We also operates routers according to BCP126 / RFC4786 (where applicable). The BCP126 is the “Best Current Practice” released by the Internet Engineering Task Force.
Costs of anycast
Despite competition among DNS service providers the recurring costs of anycasting are high. The pricing of common suppliers reflect this, but especially reflect paying for their unsold capacities.
• Independency. Having own AS numbers and own dedicated anycast IP space prevents OpenTLD from administrative and operational trouble (read: suffering malfunctioning name servers in the root-zone because suppliers were unwilling to dedicate IP addresses, while updating the root is still not an very easy process).
• Flexibility. Having an own anycast allows OpenTLD to configure partially the way the registry requires, without having to negotiate and/or coordinate with external suppliers.
If any supplier interrupt their service, for whatever reason, OpenTLD can denounce its AS there, and start announce it elsewhere, including its assigned prefixes.
• Security. Operating a proprietary anycast would mean no other parties have access to DNS servers. Contrary to the undesired situation where a DNS provider would disallow access to servers serving the zones we operate.
• Scalability. Having an own autonomous anycast means OpenTLD can easily add nodes where markets require; this helps keep up with these specific demands.
• Control. Above aspects summarized is the desired benefit of control, best described in below diagram: