Anycast DNS protection

Protection for the most essential service.

The Domain Name System, or DNS, is one of the fundamental technologies of the Internet. It makes it possible for your web browser to find any website, and for your email app to find the server that stores your mail. It's a critical infrastructure service that's open to attack. If a web host's DNS goes away, so do all its websites.

Most providers are vulnerable.

You might be surprised to learn that most web hosts have only a minimal DNS network, consisting of a few servers. In a Distributed Denial of Service attack, or DDoS, that small DNS network is highly vulnerable. There is no scenario where its DNS service, and therefore its hosted websites, email, and other services, will survive. Attacks typically last from a few hours to a few days.

In most networks, all requests during a DDoS go to a single physical server at one location. Attack traffic (in red) overwhelms the server, which can't respond to legitimate users.

Safety in numbers.

Korax has added Anycast DNS to all hosting packages. Anycast is the best way to protect from the impact of an attack against the DNS. An Anycast DNS server is actually a cloud of many physical servers located around the world. Each receives requests only from its local geographic region, so its traffic is lower, substantially reducing the effect of an attack. DNS lookups are also faster, because requests are answered from a location physically closest to the end-user.

From the outside, the Anycast DNS cloud looks like a single server, but consists of many servers distributed globally. The impact of an attack is significantly reduced. Website visitors get a response from a server physically close to them, enhancing performance.