DNS Anycast Nodes Deployment Guide

This guide outlines the requirements and step-by-step instructions for hosting a DNS anycast node, including network and operational details.

Introduction

DNS Anycast program operates a resilient, distributed anycast DNS service to improve the stability and speed of the DNS infrastructure within our served regions. By hosting a node, your organization directly contributes to internet reliability and local DNS performance.

Network Requirements

To host an AFRINIC NS2 and a DotArpa DNS anycast nodes, your organisation must provide:

  • Internet Connectivity: The node must have reliable network connectivity suitable for DNS traffic and BGP peering.
  • BGP Capability: You can peer with AFRINIC using BGP or allow our team to coordinate BGP peering with your network team.
  • Network Segmentation: Two separate networks/interfaces are required:
    • Management Network: Used for out-of-band management, monitoring, and remote access by our team.
    • Peering Network: Used for BGP peering and anycast DNS traffic.

Virtual Machine Requirements

  • OVA Deployment: The DNS nodes is distributed as a pre-configured OVA file. Your virtualization environment (VMware, PROXMOX, etc.) must support OVA import.

  • Resources: Minimum resources required:

    • 2 vCPUs

    • 2 GB RAM

    • 10 GB disk

  • Network Interfaces:

    • NIC 1: Management network (assign a management IP)

    • NIC 2: Peering network (for BGP and anycast DNS traffic)

Deployment

  1. Download the OVA File
    Our team will provide the OVA file for download.

  2. Deploy the VM

    • Import the OVA into your virtualisation platform.

    • Allocate the required resources (see above).

    • Attach two network interfaces:

      • NIC 1: Management network

      • NIC 2: Peering network

anycast

  1. Assign IP Addresses

    • Assign a management IP to NIC 1, accessible by our NOC team.

    • Assign an appropriate peering IP to NIC 2, for BGP sessions and anycast service.

  2. Configure ACLs

    • If your management network uses ACLs or firewalls, please permit access to our range that will be provided.

    • Access should be limited to the management interface (NIC 1) only.

  3. Provisioning & Activation
    Our team will:

    • Connect to the management interface

    • Perform initial configuration and security checks

    • Coordinate BGP peering and anycast prefix advertisement

    • Activate monitoring and support procedures

Anycast Prefixes

We advertise the following prefixes from the nodes:

 NS2 NodeDotARPA DNS Node (c.in-arpa)
OriginAS37177AS37181
IPv4 Prefixes196.216.168.0/24196.216.169.0/24
IPv6 Prefixes2001:43f8:120::/482001:43f8:110::/48

Operational Responsibilities

Host Organisation

  • Provide stable infrastructure, power, and network access for the VM.

  • Maintain reasonable uptime (ideally 24/7 availability).

  • Notify our team of planned outages or infrastructure changes.

  • Allow our Team for remote management as required.

 

AFRINIC

  • Maintain and update node software and configuration.

  • Monitor node health and performance.

  • Coordinate with your technical contact for troubleshooting and upgrades.

  • Ensure all operational procedures follow best practices for DNS and security.