DNS that propagates
in seconds, not hours.
Cloudflare anycast + Google Cloud DNS infrastructure. DMARC, DKIM, DNSSEC and DDoS protection — fully managed. From Tsh. 19,500/month, pay with M-Pesa or CRDB.
DNS changes live in seconds — not tomorrow.
Traditional shared hosting DNS can take 24–48 hours to propagate. Our anycast infrastructure pushes changes to 310+ cities simultaneously. When you need to act fast, your DNS keeps up.
Enterprise DNS. Managed for you.
Built on Cloudflare and Google Cloud DNS — the same infrastructure used by the world's largest banks, governments, and technology companies.
Propagation in seconds, not hours
Powered by Google Cloud DNS anycast infrastructure and Cloudflare's 310+ city network. DNS changes go live globally in under 60 seconds on Secure plans — critical for incident response and migrations.
Unmetered DDoS protection — always on
Every plan includes unmetered DDoS mitigation at the DNS layer. Attacks are absorbed before they reach your infrastructure. No bandwidth caps, no extra charges during an attack.
Email security: SPF, DKIM, DMARC
We set up and maintain the three standards that stop criminals impersonating your organisation over email. Business Email Compromise costs Tanzanian businesses millions annually — these records prevent it.
Nairobi edge — fastest in East Africa
Cloudflare has a presence in Nairobi, Kenya. Tanzanian users resolve your domains in under 20ms — 3–5× faster than DNS hosted on European or US infrastructure.
Anycast global routing
DNS queries are automatically routed to the nearest data centre worldwide. No single point of failure, no region-specific outages. The same resilience Google uses for its own infrastructure.
Geo routing & failover
Route users to the nearest server based on geography, or automatically failover to a backup when your primary goes down. Available on Secure and Enterprise plans.
Bot mitigation — tiers that match your risk
From simple bot blocking on Basic, to sophisticated bot analytics and anomaly detection on Enterprise. Financial institutions get custom CAPTCHAs and advanced threat response.
DNS health monitoring & reporting
Monthly health reports on Business and above catch misconfigured records, expiring SPF entries, and missing DMARC policies before they cause deliverability problems or security gaps.
All record types — full API control
A, AAAA, MX, CNAME, TXT, NS, SRV, CAA, PTR — every record type, managed through a clean portal or our REST API. Role-based access control lets you delegate safely to team members.
What organisations use managed DNS for.
Unlimited and unmetered DDoS mitigation
Stop attacks on your DNS by relying on our network, which has 23× more capacity than the largest DDoS attacks ever recorded. Your DNS stays up no matter what is thrown at it.
Prevent email phishing
Easily configure email security DNS records — SPF, DKIM, and DMARC — to stop phishers from sending emails from your domain. Protects your customers, your brand, and your staff.
Advanced DNS analytics
Get in-depth, real-time analytics for the health of your DNS traffic — query volumes, response times, anomaly detection, and security event logs — all from a single dashboard.
Stop criminals sending email as you.
Business Email Compromise (BEC) fraud costs organisations millions annually. SPF, DKIM, and DMARC are the DNS-based controls that stop it. We configure them correctly and keep them healthy.
Tells receiving servers which mail servers are authorised to send on behalf of your domain. The first line of defence against email spoofing.
Cryptographically signs every email you send. Receiving servers verify the signature to confirm the message has not been tampered with in transit.
Ties SPF and DKIM together. Instructs receiving servers to quarantine or reject emails that fail — and sends you daily reports on who is sending as your domain.
Cryptographically signs your DNS zone. Prevents attackers from hijacking your DNS records to redirect your customers to fake websites or intercept their data.
For financial institutions: Regulators increasingly require DMARC in enforcement mode (p=reject). Our DNS Secure and Enterprise plans include full DMARC enforcement setup, ongoing monitoring, and quarterly audit reports.
Simple, transparent DNS plans.
Pay in Tanzanian Shilling with M-Pesa, Selcom, or CRDB. No hidden fees. Switch plans any time.
- All record types (A, AAAA, MX, CNAME, TXT, SRV, CAA)
- DNSSEC — free on all plans
- Unmetered DDoS protection
- Role-based account control
- Free managed ruleset
- Simple bot mitigation
- Global anycast network
- Ticket support
- Everything in Basic
- DKIM signing & SPF validation
- DMARC policy setup & monitoring
- Easy-to-detect bot mitigation
- Advanced Cloudflare rules
- Email spoofing protection
- Monthly DNS health report
- Priority tickets + chat support
- Everything in Business
- Sophisticated bot mitigation & analytics
- Geo-based DNS routing policies
- Failover DNS configuration
- Network prioritisation
- DMARC p=reject enforcement
- Quarterly security audit
- Tickets + chat, 8h SLA
- Everything in Secure
- Custom nameservers (ns1.yourorg.co.tz)
- Advanced bot analytics + anomaly detection
- Layer 3 DDoS protection (Magic Transit)
- 2,700+ Cloudflare rules & bulk redirects
- Custom CAPTCHAs & threat response
- Monthly compliance report
- Dedicated account manager
- 24/7 tickets + chat + phone
All plans include DNSSEC, all record types, unmetered DDoS protection, and Cloudflare anycast edge nodes.
Everything in every plan
| Feature | Basic | Business | Secure | Enterprise |
|---|---|---|---|---|
| Fast, easy-to-use DNS | ✓ | ✓ | ✓ | ✓ |
| Unmetered DDoS protection | ✓ | ✓ | ✓ | ✓ |
| Role-based account control | ✓ | ✓ | ✓ | ✓ |
| Free managed ruleset | ✓ | ✓ | ✓ | ✓ |
| DNSSEC | ✓ | ✓ | ✓ | ✓ |
| All DNS record types | ✓ | ✓ | ✓ | ✓ |
| Global anycast network | ✓ | ✓ | ✓ | ✓ |
| DKIM + SPF setup | — | ✓ | ✓ | ✓ |
| DMARC policy setup & monitoring | — | ✓ | ✓ | ✓ |
| Bot mitigation | Simple | Easy-to-detect | Sophisticated + analytics | Advanced + anomaly detection |
| Monthly DNS health report | — | ✓ | ✓ | ✓ |
| Geo-based DNS routing | — | — | ✓ | ✓ |
| Failover DNS | — | — | ✓ | ✓ |
| Network prioritisation | — | — | ✓ | ✓ |
| Quarterly security audit | — | — | ✓ | ✓ |
| DMARC p=reject enforcement | — | — | ✓ | ✓ |
| Custom nameservers | — | — | — | ✓ |
| Layer 3 DDoS (Magic Transit) | — | — | — | ✓ |
| Advanced bot analytics + CAPTCHAs | — | — | — | ✓ |
| Monthly compliance report | — | — | — | ✓ |
| 24/7 phone + chat + tickets | — | — | — | ✓ |
| Propagation speed | < 5 min | < 2 min | < 60 sec | Real-time |
| Uptime SLA | 99.9% | 99.95% | 99.99% | 99.99% + credits |
| Support SLA | 48h | 24h | 8h | 4h |
| Price / month (TZS) | 19,500 | 79,500 | 155,000 | Custom |
Trusted by financial institutions across Tanzania.
Organisations with real compliance and security requirements choose Sakurahost DNS.
“Our email impersonation incidents dropped to zero the month we migrated to Sakurahost DNS.”
Cooperative Bank of Tanzania's ICT team was dealing with email spoofing attacks targeting customers and staff. DNS was hosted on shared infrastructure with no DMARC policy and 24-hour propagation delays. After migrating to DNS Secure, full DMARC p=reject enforcement was active within 48 hours, and DNS changes now propagate globally in under 60 seconds.
“We needed DNS we could trust 24 hours a day. The automatic failover and monthly health reports give our operations team full confidence — DNS-related monitoring gaps are no longer a concern.”
“Our donation emails were landing in spam because our DKIM and DMARC records were misconfigured. Within a week of switching, email delivery jumped from 61% to 98%. That directly improved our fundraising.”
Need a custom quote for your organisation?
Financial institutions, government bodies, and large organisations often have specific compliance requirements. Our team can scope a plan that fits your infrastructure, regulatory obligations, and budget.
Call or WhatsApp: +255 753 930 000 · hello@sakuragroup.co.tz