Anchor Points

Secure automatic frontend proxies that add an extra layer of protection to your infrastructure.

What are Anchor Points?

Anchor points are secure automatic frontend proxies that sit between your users and your origin servers. They provide an additional security layer by:

  • Hiding your origin server IP addresses from public DNS records
  • Providing automatic TLS/SSL encryption

Unlike traditional proxy solutions that require complex configuration, anchor points are designed to be simple and automatic. AnchorDNS handles the proxy setup, SSL certificate management, and configuration automatically.

How Anchor Points Work

When you create an anchor point, AnchorDNS:

  1. Automatically creates a DNS A record pointing to our proxy infrastructure
  2. Provisions and manages SSL/TLS certificates for your domain
  3. Configures secure routing to your origin server
  4. Monitors the health and status of both the proxy and your origin

Your DNS records point to the anchor point proxy servers, not directly to your origin. This means:

  • Your origin server IP addresses remain hidden
  • All traffic is automatically encrypted with TLS
  • Requests are securely proxied to your origin server

Creating an Anchor Point

To create an anchor point for your domain:

  1. Navigate to your domain in the AnchorDNS dashboard
  2. Click on the "Anchor Points" tab
  3. Click "Create Anchor Point"
  4. Enter the hostname (e.g., example.com or subdomain.example.com)
  5. Provide your origin server URL (where traffic should be proxied to)
  6. Optionally set a custom Host header for your origin
  7. Add a description for reference
  8. Click "Create" to deploy the anchor point

AnchorDNS will automatically:

  • Create the DNS record pointing to our proxy servers
  • Provision SSL certificates via Let's Encrypt
  • Configure the proxy to route traffic to your origin
  • Begin monitoring the health of both endpoints

DNS Verification

After creating an anchor point, AnchorDNS automatically verifies that DNS is properly configured. You can check the verification status at any time:

  1. Go to your domain's Anchor Points tab
  2. Find your anchor point in the list
  3. Check the DNS status indicator (verified, pending, or failed)
  4. Click "Verify DNS" to manually trigger a verification check

DNS verification ensures that:

  • The hostname resolves to the correct anchor point IP address
  • DNS propagation has completed
  • Traffic will be properly routed through the anchor point

SSL/TLS Certificates

AnchorDNS automatically manages SSL/TLS certificates for all anchor points:

  • Certificates are automatically provisioned using Let's Encrypt
  • Certificate renewal happens automatically before expiration
  • All traffic is encrypted end-to-end from user to anchor point
  • You can monitor certificate status and expiration in the dashboard

The certificate provisioning process is fully automatic. Once DNS verification succeeds, certificate issuance typically completes within a few minutes.

Best Practices

Follow these best practices when using anchor points:

  • Use descriptive names: Add clear descriptions to help team members understand what each anchor point is for
  • Verify DNS propagation: Allow time for DNS changes to propagate globally (typically 5-15 minutes, but can take up to 48 hours)
  • Test before production: Create anchor points for staging environments first to verify configuration
  • Monitor regularly: Check the DNS and certificate status periodically to ensure everything is working correctly
  • Use custom Host headers: If your origin server uses virtual hosts or requires a specific Host header, configure the custom_host setting

Troubleshooting

DNS Verification Failed

If DNS verification fails:

  • Wait a few minutes for DNS propagation and try "Verify DNS" again
  • Check that no conflicting DNS records exist for the hostname
  • Verify your domain's nameservers are correctly configured
  • Use a DNS lookup tool to confirm the hostname resolves to the correct IP

Origin Connection Issues

If the anchor point can't reach your origin:

  • Verify your origin URL is correct and accessible
  • Check that your origin server is online and responding
  • Ensure your origin accepts connections from the anchor point IPs
  • Verify any custom Host header requirements are properly configured

Security Considerations

Anchor points provide several security benefits:

  • Origin IP protection: Your origin server IP addresses are not exposed in public DNS records
  • Automatic TLS: All traffic between users and anchor points is encrypted
  • Access control: Configure your origin to only accept traffic from known anchor point IP addresses

For maximum security, configure your origin firewall to only accept connections from the anchor point IP addresses provided in your dashboard.