D-Zone Technology Explained

Do you administer your Domain Name System (DNS)?

D-Zone is a secondary Anycast DNS service that has a global footprint, and an unparalleled presence inside Canada and close to Canadian population hubs. This architecture improves performance, increases resilience and helps to mitigate DDoS attacks. 

  • Fully redundant, load balanced state-of-the-art equipment in 12 nodes around the globe
  • Eight nodes running coast-to-coast in Canada, close to population centers.
  • Two anycast clouds provides a second layer of redundancy
  • Monitored and managed 24x7 to respond to any issues, including mitigating any active DDoS attacks impacting the DNS
  • Provisioned by an industry leading web portal or by REST API
  • 100% up-time SLA
  • Support for IPv6, DNSSEC, and TSIG
  • 24x7 support

See our service offerings and contact us to get D-Zone working for your organization. 

  • Reliability

    High Reliability

    D-Zone Anycast DNS servers are located in Canada and in global Internet hubs, and managed to provide a 100 per cent up time service level agreement (SLA). Each node is built with fully redundant, load-balanced, state-of-the-art equipment to improve capacity, latency, security and up-time.
    Because of the nature of anycast technology, if a nameserver in an anycast cloud goes down, it is automatically removed from the routing tables to add redundancy and fault tolerance. With D-Zone the highest level of redundancy is achieved with two separate clouds. When compared to unicast redundancy, it is like replacing two unicast nameservers with two anycast clouds, with each cloud using independent hardware, multiple transit providers, and a direction connection to a well peered IXP. This protects against a routing problem or transit network outage from bringing down your DNS.
    Fully redundant, load-balanced, state-of-the-art equipment in every node helps improve capacity, latency, security and up-time.


  • DDos

    DDoS Protection

    Increase resiliency to DDoS attacks with the extra query capacity and bandwidth of the D-Zone Anycast DNS cloud. To the world, the cloud appears as a single IP address. In reality it is a network of geographically distributed nameservers. An anycast cloud is much more resilient to a DDoS attack than single unicast servers because it uses geo-location to specify what server answers a query and because the network has the combined capacity and bandwidth of all the servers. With anycast, the impact of an attack is isolated to the name server closest to the source(s) of the attack.
    Additionally, the D-Zone architecture has redundancy at both the nodes and across two clouds. The net result is DDoS attacks that originate off-shore are soaked up by the international nodes to mitigate the risk that hackers can bring down your website and services. As a second layer of protection, Canadian traffic that is peered will still continue to receive query answers.


  • Max Performance

    Max Performance

    The latency of DNS lookups is important for your website because long latency can translate into lost customers and revenue. To ensure a good user experience and fast access to your website, D-Zone places your nameservers close to, or quickly accessible from the nameservers querying them. Additionally, D-Zone nameservers are in locations with good access to the Internet such as Internet Exchange Points (IXPs). Anycast technology automatically routes DNS queries to the geographically closest nameserver to reduce latency for your visitors.


  • Backed by expertise of CIRA

    Backed by the expertise of CIRA

    D-Zone is backed by the proven experience of .CA, and leverages the same anycast infrastructure and expertise used to provide uninterrupted DNS resolution for more than 2 million .CA domains.
    D-Zone Anycast DNS is monitored 24 hours a day by CIRA’s networking and DNS experts to keep the system running and help mitigate attacks.

    D-Zone Global Anycast Nodes