AnycastCDN Detection

What are Anycast CDNs?

Anycast Content Delivery Networks (CDNs) are distributed networks that use the same IP addresses across multiple geographic locations. When you query a DNS record that points to an anycast CDN, the IP address you receive may vary depending on your location, network conditions, and the CDN's traffic routing algorithms.

This variability is by design - CDNs route traffic to the nearest or best-performing server to provide optimal performance for end users. However, this frequent changing of IP addresses can trigger numerous false-positive notifications in monitoring systems.

How ZoneWatcher Detects CDNs

ZoneWatcher detects anycast CDNs by checking if the IP addresses in your DNS A and AAAA records belong to known CDN IP ranges. This detection only applies to zones monitored via Public DNS or AXFR Protocol providers, as these methods query DNS records from external perspectives.

The detection process works as follows:

When a DNS record is discovered or updated, ZoneWatcher extracts the IP address from A and AAAA records
The IP address is checked against maintained lists of IP ranges for each supported CDN provider
If the IP falls within a known CDN range, the record is flagged with the corresponding CDN identifier
IP range data is cached and refreshed periodically to ensure accuracy

Supported CDN Providers

ZoneWatcher currently detects the following CDN providers:

AWS CloudFront

AWS CloudFront is a content delivery network service that provides fast, secure, and reliable content delivery.

AWS Global Accelerator

AWS Global Accelerator is a global content delivery network service that provides fast, secure, and reliable content delivery.

AWS S3

AWS S3 is a cloud storage service that provides secure, durable, and highly available storage for data.

Azure Traffic Manager

Azure Traffic Manager is a DNS-based load balancing service that allows you to distribute traffic across multiple endpoints.

BunnyCDN

BunnyCDN is a content delivery network service that provides fast, secure, and reliable content delivery.

Cloudflare

Cloudflare is a global CDN network that provides fast, secure, and reliable content delivery.

Fastly

Fastly is a content delivery network service that provides fast, secure, and reliable content delivery.

Hostinger CDN

Hostinger is a web hosting service that provides fast, secure, and reliable content delivery.

Why Notifications Are Suppressed

Records identified as belonging to anycast CDNs are automatically excluded from change notifications to prevent alert fatigue. This is important because:

Frequent IP Changes: CDN IP addresses can change multiple times per day based on traffic routing, load balancing, and geographic optimization
Expected Behavior: These changes are normal CDN operations, not actual DNS configuration issues that require your attention
Reduced Noise: Suppressing these notifications allows you to focus on genuine DNS changes that may indicate problems or unauthorized modifications
Geographic Variance: Different DNS queries may return different IP addresses based on the query source location, creating artificial "changes"

Important: While IP address changes are suppressed for CDN records, you will still receive notifications for other types of changes, such as:

Changes to record names or subdomains
Changes from CDN IPs to non-CDN IPs (indicating a potential service migration)
Addition or removal of entire DNS records
Changes to other record types (MX, CNAME, TXT, etc.)

Viewing CDN Information

When viewing your DNS records in ZoneWatcher, records that have been identified as belonging to a CDN will display the CDN provider name in the record details. This helps you understand which records are being served through CDN infrastructure.

CDN detection is performed automatically and requires no configuration. If you believe a record is incorrectly identified as a CDN (or not identified when it should be), please contact support with the specific record details.