Do you administer your domain name system (DNS)?
CIRA Anycast DNS is a secondary Anycast DNS service that has a global footprint, and an unparalleled presence inside Canada and close to Canadian population hubs and connected to well-peered internet exchange points (IXP). This architecture improves performance, increases resilience and helps to mitigate DDoS attacks.
CIRA Anycast DNS servers are located in Canada and in global Internet hubs, and managed to provide a 100 per cent up time service level agreement (SLA). Each node is built with fully redundant, load-balanced, state-of-the-art equipment to improve capacity, latency, security and up-time.
Because of the nature of anycast technology, if a nameserver in an anycast cloud goes down, it is automatically removed from the routing tables to add redundancy and fault tolerance. With Anycast the highest level of redundancy is achieved with two separate clouds. When compared to unicast redundancy, it is like replacing two unicast nameservers with two anycast clouds, with each cloud using independent hardware, multiple transit providers, and a direction connection to a well peered IXP. This protects against a routing problem or transit network outage from bringing down your DNS.
Fully redundant, load-balanced, state-of-the-art equipment in every node helps improve capacity, latency, security and up-time.
Increase resiliency to DDoS attacks with the extra query capacity and bandwidth of the CIRA Anycast DNS cloud. To the world, the cloud appears as a single IP address. In reality it is a network of geographically distributed nameservers. An anycast cloud is much more resilient to a DDoS attack than single unicast servers because it uses geo-location to specify what server answers a query and because the network has the combined capacity and bandwidth of all the servers. With anycast, the impact of an attack is isolated to the name server closest to the source(s) of the attack.
Additionally, the Anycast architecture has redundancy at both the nodes and across two clouds. The net result is DDoS attacks that originate off-shore are soaked up by the international nodes to mitigate the risk that hackers can bring down your website and services. As a second layer of protection, Canadian traffic that is peered will still continue to receive query answers.
The latency of DNS lookups is important for your website because long latency can translate into lost customers and revenue. To ensure a good user experience and fast access to your website, Anycast places your nameservers close to, or quickly accessible from the nameservers querying them. Additionally, Anycast nameservers are in locations with good access to the Internet such as Internet Exchange Points (IXPs). Anycast technology automatically routes DNS queries to the geographically closest nameserver to reduce latency for your visitors.
Backed by the expertise of CIRA
Anycast is backed by the proven experience of .CA, and leverages the same anycast infrastructure and expertise used to provide uninterrupted DNS resolution for more than 2 million .CA domains.
CIRA Anycast DNS is monitored 24 hours a day by CIRA’s networking and DNS experts to keep the system running and help mitigate attacks.