Hello Juan
Yes, that is correct. In an Anycast setup, when a DNS request is made by a user, it is routed to the “nearest” DNS server based on the routing protocol’s definition of distance (usually the shortest path). The response will come from this same server. This is one of the key benefits of Anycast, as it allows for load distribution and can help reduce latency.
Yes, using Anycast can indeed help mitigate the effects of a DDoS attack, in a somewhat indirect way. When a DDoS attack occurs, it is typically directed at a single IP address. In an Anycast setup, this traffic would be distributed among multiple servers depending on the source of each of the attackers, reducing the load on any single server and increasing the chances that the servers can handle the attack without going down. However, this is a kind of “brute force” method of dealing with DoS. If he DoS attack is intense enough, and distributed enough, it can still be successful against multiple servers using a single anycast address.
The main purpose of anycast is load balancing and reducing latency. Resiliance against DDoS attacks is a benefit but it is not foolproof, and should not be used as the sole defence against such attacks.
I hope this has been helpful!
Laz