• DNSSEC Technology
  • DNS Anycast
  • DNS Standards

    • DNS Anycast

    DNS Anycast Technology

    Anycast is a network routing technique that allows multiple servers to share the same IP address. When users send queries to this address, the network automatically routes the request to the nearest or best-performing server. As a result, Anycast reduces response time, increases reliability, and optimizes performance for distributed services such as DNS, CDN, and global-scale systems.

    What is Anycast?

    Anycast is a special routing method in computer networks that enables multiple servers or network nodes to advertise and share a single IP address. When a packet is sent to an Anycast address, the routing system delivers it to the nearest or most optimal node based on routing protocol metrics (typically shortest network distance or lowest latency).

    Compared to other communication methods:

    • Unicast: one-to-one communication

    • Broadcast: one-to-all within a network

    • Multicast: one-to-many for a defined group

    Anycast sends to exactly one destination—but that destination is the “best” among a set of servers sharing the same IP. This improves performance, reduces latency, distributes load efficiently, and increases service availability.

    Anycast is widely used in globally distributed systems such as DNS, CDN, and latency-sensitive or high-availability services.

    1. Operating Mechanism

    On the Internet, Anycast is implemented using the Border Gateway Protocol (BGP), where multiple geographically distributed nodes simultaneously advertise the same IP prefix. As a result, packets destined for the Anycast address are routed automatically to the closest node, based on the routing policies of the global Internet.

    All hosts participating in the Anycast service are configured to share the same IP address.

    2. Application in DNS Systems

    Anycast is commonly used in distributed network applications, with DNS being a prominent example. DNS benefits significantly from Anycast due to the following advantages:

    • Clients, servers, and routers require no special software

    • No negative impact on existing network infrastructure

    • Efficient load balancing

    • High flexibility

    • Reduced latency

    • Distributed architecture enhances resilience against DoS attacks

    Two server instances A and B share the same Anycast IP address: 10.0.0.1

    When a client performs a DNS lookup:

    Router1 sees two paths to reach 10.0.0.1

    Router1 treats 10.0.0.1 as a single instance

    Router1 selects the shortest path based on standard unicast routing principles

    In this example, the best path goes through Router2 to instance A

    In reality, due to multiple routers and diverse network paths, clients in different geographical or network locations may reach different Anycast nodes (A or B), depending on which is closest.

    Anycast Deployment Model for the Vietnam National Domain Name Server System

    The Vietnam National Domain Name Server System currently includes 06 server clusters deployed domestically (Ho Chi Minh City, Hanoi and Da Nang)

    Additionally, there are 02 overseas clusters hosted on global Anycast DNS platforms, ensuring fast “.vn” DNS resolution for users worldwide through the nearest DNS server.

    To enhance security, high availability, data redundancy, and reduce DNS query latency for the “.vn” domain, VNNIC is targeting a full migration of domestic DNS clusters to Anycast technology. The proposed deployment model is as follows:

    DNS-ANYCAST Cluster Architecture

    System Components

    1. Anycast Router

      • Performs routing for the entire DNS-Anycast network

      • Runs dynamic routing (BGP)

      • Receives internal Anycast routes and advertises them to the Internet

    2. Firewall

      • Protects internal Anycast DNS servers

    3. DNS Servers

      • Receive and respond to DNS queries

      • Participate as Anycast nodes

    Operating Principle of DNS-Anycast Servers

    Each DNS server operates like a standard DNS authoritative server but is configured with two network interfaces:

    • Anycast IP interface
      Used for receiving and responding to DNS queries

    • Real (unicast) management IP interface
      Used for administrative access, data synchronization, and zone updates

    The management IP is crucial because DNS servers require stable, reliable connectivity for zone transfers, configuration management, and operational control.

    Multiple DNS-Anycast clusters are deployed at different locations and their Anycast prefixes are advertised across the Internet. Below is the Anycast deployment model for the Vietnam National Domain Name Server System via the VNIX network (Vietnam National Internet eXchange):