Anycast DNS. Nearest node wins.

DNS queries are answered by the nearest healthy node on our anycast network. The same IP is announced from every point of presence — BGP routing handles the rest. Automatic failover, sub-millisecond resolution, no single point of failure.

Anycast
BGP routing
<1ms
Resolution
Auto
Failover
Global
Coverage
How It Works

BGP anycast routing

Anycast works by announcing the same IP address from multiple locations simultaneously. When a DNS resolver sends a query to that IP, the internet's BGP routing infrastructure directs the packet to the nearest node — "nearest" in terms of network hops, not geographic distance.

This happens at the network layer with no application-level redirection. The resolver doesn't know or care that the same IP exists in multiple locations. It simply gets a response from whichever node is closest on the network graph.

Each anycast node maintains a full copy of your zone data. Changes propagate to all nodes within seconds via our internal replication system. There are no stale records — every node serves the current version of your zone.

BGP Anycast Routing Same IP announced from multiple locations — BGP routes queries to the nearest node Client Tokyo, Japan Client London, UK Client Virginia, US 1 DNS QUERY All query the same IP 198.51.100.1 198.51.100.1 198.51.100.1 Internet — BGP Routing Routers select shortest AS path to destination IP 2 BGP SELECTION Shortest path wins 3 NEAREST NODE Routed by proximity Tokyo PoP 198.51.100.1 2ms response Frankfurt PoP 198.51.100.1 1ms response Virginia PoP 198.51.100.1 1ms response ALL NODES ANNOUNCE THE SAME IP ADDRESS Identical IP Every node announces 198.51.100.1 BGP Nearest Path Routers select fewest hops to destination Auto Failover Failed node withdrawn, traffic reroutes
Automatic Failover Failed node withdrawn from BGP — traffic reroutes to next nearest node BEFORE Client ACTIVE PATH Tokyo PoP 198.51.100.1 Healthy · serving traffic Frankfurt PoP 198.51.100.1 Healthy · standby THEN AFTER Client REROUTED Tokyo PoP 198.51.100.1 Failed · withdrawn from BGP Frankfurt PoP 198.51.100.1 Now serving traffic 0s Health check fails 3s BGP withdrawal 5s Routes converge <10s Traffic on new node No DNS propagation · no client retry · BGP reroutes transparently at the network layer

Automatic failover

Each node is continuously health-checked by our monitoring infrastructure. If a node fails (hardware fault, network issue, software crash), it's withdrawn from BGP within seconds. Traffic that was routing to that node automatically shifts to the next nearest healthy node.

This happens transparently. DNS resolvers don't retry or reconnect — the BGP withdrawal causes their next query to route to a different node. From the resolver's perspective, nothing changed except possibly a few milliseconds of additional latency.

When the failed node recovers and passes health checks, it's re-announced via BGP and begins serving traffic again. The system is self-healing with no manual intervention required.

Same IP. Every continent. Nearest node wins.

DDoS Absorption

Distributed DDoS absorption

Anycast provides natural DDoS resistance. Attack traffic aimed at the anycast IP is distributed across all nodes proportionally to the attacker's network proximity. No single node absorbs the full force of the attack.

A volumetric DNS flood from a botnet spread across 50 countries would be split across all of our anycast nodes, with each node handling only the traffic from nearby bots. This distribution means each node sees a fraction of the total attack volume.

Distributed DDoS Absorption Attack traffic split across all anycast nodes — no single node absorbs the full volume WITHOUT ANYCAST Bot · US Bot · DE Bot · JP Bot · BR 25 Gbps 25 Gbps 25 Gbps 25 Gbps Single Origin 203.0.113.10 100 Gbps total · OVERWHELMED OFFLINE VS WITH ANYCAST Bot · US Bot · DE Bot · JP Bot · BR 25 Gbps 25 Gbps 25 Gbps 25 Gbps Virginia PoP 198.51.100.1 25 Gbps · absorbed Frankfurt PoP 198.51.100.1 25 Gbps · absorbed Tokyo PoP 198.51.100.1 25 Gbps · absorbed São Paulo 198.51.100.1 25 Gbps · absorbed ALL ONLINE 100 Gbps on a single server All attack traffic hits one target Server overwhelmed, goes offline vs 25 Gbps per node · 4 nodes Each node absorbs only nearby traffic All nodes stay online, service unaffected Same IP on every node · BGP distributes attack traffic proportionally · no single point of failure
Performance

Global resolution performance

Zone updates propagate to all nodes within seconds via our internal replication protocol. When you add or modify a DNS record, all anycast nodes begin serving the updated record almost immediately.

Features
Nearest Node
Queries always route to the geographically nearest healthy node via BGP. No application-level redirection or GeoDNS hacks.
BGP
Auto Failover
Failed nodes are withdrawn from BGP within seconds. Traffic reroutes automatically to the next nearest healthy node with no manual intervention.
Seconds
DDoS Resistant
Attack traffic is distributed across all anycast nodes proportionally. No single node absorbs the full attack volume.
Distributed
Full Zone Sync
Every node maintains a complete copy of your zone. Changes propagate to all nodes within seconds via internal replication.
Synced
Health Monitoring
Continuous health checks on every node. Unhealthy nodes are automatically withdrawn from BGP and re-added on recovery.
24/7
99.9% DNS SLA
Anycast DNS resolution is covered by a 99.9% uptime SLA with automatic credits for any downtime.
SLA

Global DNS. Zero configuration.

Sub-millisecond resolution from every continent.

×
Click anywhere or press Esc to close