Denver DNS PoP: what it means for resilience and routing

TL;DR: A Denver point of presence has been added to DNS Made Easy and Constellix DNS, bringing the network to 24 global DNS PoPs and 550 Gbps of total peer capacity, with reported Colorado speed improvement from 18.78 ms to 15.39 ms, according to DigiCert. The governance lesson is that routing resilience and availability are operational identity-adjacent concerns, because DNS remains a control plane dependency for access, trust, and service reachability.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

• The current deployment at 910 Telecom in Denver marks the 24th global DNS PoP and adds 10 Gbps of peering to its AS16552 network.
• Colorado DNS speeds improved from an average of 18.78ms before installation to 15.39ms after the Denver PoP was added.

Questions worth separating out

Q: How should security teams account for DNS in identity resilience planning?

A: Security teams should treat DNS as a dependency of identity, not a separate infrastructure concern.

Q: When does DNS performance become an access and trust problem?

A: DNS becomes an access and trust problem when latency or routing instability delays authentication, verification, or service connection long enough to affect user and application outcomes.

Q: What breaks when a single DNS region carries too much traffic?

A: A single overloaded DNS region can create a hidden bottleneck for identity and application delivery.

Practitioner guidance

• Map DNS dependencies to identity services Identify which authentication, federation, certificate, and SaaS access flows depend on external DNS resolution, then document the regional failure points that could interrupt them.
• Test regional failover paths for lookup-heavy services Simulate a DNS PoP outage or regional congestion event and confirm that access, validation, and service routing continue without manual intervention.
• Review peering and capacity assumptions regularly Track whether DNS traffic growth, geographic expansion, and user concentration are outpacing the current peering and routing design.

What's in the full announcement

DigiCert's full blog post covers the operational detail this post intentionally leaves for the source:

• Local performance comparison data for the Denver deployment versus other PoP regions
• The company’s explanation of how the new Denver site fits into its broader North American footprint
• Specific peering and routing details behind the 550 Gbps AS16552 network capacity
• The published speed visuals and regional coverage context used to support the deployment

👉 Read DigiCert's blog post on the Denver DNS point of presence →

Denver DNS PoP: what it means for resilience and routing?

Explore further

View Full Forum →  |  NHI Foundation Course →