anycast dns protection
On the Internet, anycast is usually implemented by using BGP to simultaneously announce the same destination IP address range from many different places on the Internet. This results in packets addressed to destination addresses in this range being routed to the "nearest" point on the net announcing the given destination IP address.
For a DNS root servers, anycast provides a service where by clients send requests to the service address and the network delivers that request to at least one, preferably the closest, instance in the root servers anycastgroup.
The Anycast scheme has two major benefits:
- servers automatically spread the impact of an attack amongst themselves
- no local disaster can disrupt the operation of the root server as a whole