Advanced nameservers
Advanced nameservers included with Foundation DNS offer improved resiliency and more consistent nameserver assignment.
Consider the sections below for details about advanced nameservers, and refer to Set up advanced nameservers to learn how to enable this feature.
To increase resiliency, advanced nameserver IPs are advertised by only one of two anycast network groups.
The two groups consist of data centers that are geographically equally distributed.
United Kingdom example
| IPs | Group | Data centers |
|---|---|---|
108.162.198.1 | A | London and Edinburgh |
172.64.40.1 | B | Manchester |
162.159.60.1 | A | London and Edinburgh |
In DNS resolution, a resolver eventually acquires a list of all IPs where authoritative nameservers for a domain can be reached, and will then usually prefer the IP with the best resolution performance.
When, instead of advertising all IPs in all data centers, this group logic is applied, resiliency is improved because, if one of the data centers experiences a localized issue, the resolver can fall back to an IP advertised by the next closest data center.
Refer to our blog post ↗ for an in-depth explanation.
Zones using advanced nameservers are less exposed to incidents or software regression.
The dedicated release process means that only changes that have been in production for a while will reach advanced nameservers.
While standard Cloudflare nameservers are hosted under ns.cloudflare.com or secondary.cloudflare.com, advanced nameservers use different domains:
foundationdns.comfoundationdns.netfoundationdns.org
Using the different TLDs (.com, .net, and .org) and making these available only to enterprise accounts allows for better predictability and consistency in nameserver assignment.
There should also be less conflicts when guaranteeing that directly descending zones do not have the same nameserver set.
Descending zones example
Consider the domain example.com, and subdomains abc.example.com and 123.example.com:
abc.example.comand123.example.comdirectly descend fromexample.comand cannot have the same nameservers asexample.com.abc.example.comand123.example.comare sibling domains and can have the same nameservers.new.abc.example.comdirectly descends from bothabc.example.comandexample.com, and cannot have the same nameservers as them, but can have the same nameservers as123.example.com.