The Challenges of Hosting ccTLDs in 2025: Exploring Anycast and DDoS Protection

In the ever-evolving landscape of internet infrastructure, hosting country code top-level domains (ccTLDs) has become a complex yet vitally important issue. At the NPNOG 11 conference held in Nepal in June 2025, a discussion arose about the challenges faced by regional economies in hosting their ccTLDs. While some nations manage their ccTLD infrastructure in-house, others rely on outsourcing to larger operators. One significant hurdle for ccTLD hosting in 2025 is protecting against Distributed Denial-of-Service (DDoS) attacks, which demand extensive resources to mitigate successfully. Handling such threats requires not only a robust technical stack but also a geographically distributed server infrastructure to ensure online resilience.

To effectively host a ccTLD today, operators typically deploy servers across key global data hubs, such as Ashburn, Dallas, Palo Alto, Frankfurt, Amsterdam, Singapore, and Hong Kong. This geographical diversity is crucial because it provides resilience against large-scale DDoS attacks, ensuring minimal disruption in service. However, this brings into focus the role of anycast—a routing strategy that assigns multiple nodes to a single IP address—making it easier for users to connect to the nearest server. Despite its widespread application, deploying anycast for ccTLDs introduces its own set of challenges, including uneven routing performance due to the way Border Gateway Protocol (BGP) operates.

Understanding Anycast and BGP Path Selection

Anycast is designed to enhance performance and redundancy by offering access to multiple server nodes under the same IP address, but BGP’s path selection complicates its functionality. BGP favors routes based on neighbor relationships, assigning the highest preferences to customer routes and the lowest to upstream providers. This can cause inconsistencies, with network traffic sometimes directed to distant nodes instead of nearby ones. Network operators often attempt to address this with a combination of local and global upstream ISPs, BGP action communities, or a hybrid model of centralized and distributed nodes.

Despite these measures, evaluating anycast efficiency remains a challenge. Traditional methods, like analyzing routing tables, often fall short as they fail to account for actual latency and real-world routing conditions. As a result, latency measurements and traceroutes from various locations are typically used to determine which ccTLD nameservers are truly anycasted. For instance, using latency as an indicator of routing efficiency can reveal discrepancies, such as when one node displays minimal latency while another within the same region lags significantly.

The Current Landscape of Anycasted ccTLDs

In an experiment to evaluate the usage of anycast among ccTLD nameservers, 11 ccTLDs were revealed to use full anycast configurations, while 9 had no anycast setup. The majority, however—approximately 219 ccTLDs—utilized partial anycast, where some nameservers incorporated the technology while others did not. Interestingly, further analysis showed that many of these configurations made inconsistent use of anycast nodes, reflecting both the complexities and gaps in global routing behavior. Adding to this issue, certain ccTLDs could not be fully analyzed because their nameservers had ICMP disabled, limiting the ability to measure latencies accurately.

This finding emphasizes the importance of robust frameworks for deploying anycast efficiently, especially when considering the growing internet demands for speed, stability, and attack mitigation. Additional efforts, such as integrating DNS latency measurements alongside ICMP testing, could improve insights into ccTLD performance and reliability over diverse networks.

Why ccTLD Infrastructure Matters

The infrastructure supporting ccTLDs is critical not only for national internet sovereignty but also for ensuring seamless access to digital resources globally. With the rise of cyber threats like DDoS attacks, implementing resilient hosting strategies, such as leveraging anycast frameworks, is no longer optional—it’s a necessity. As demonstrated by the NPNOG 11 discussions and accompanying research, understanding the nuances of global routing and latency monitoring will be essential for operators aiming to enhance their ccTLD services in 2025 and beyond.

For network operators, policymakers, and enterprises, these insights are a call to action. Efforts must continue in refining hosting practices, collaborating on routing technology, and investing in extensive global infrastructure to ensure that the future of ccTLD hosting meets the demands of our increasingly interconnected world.