[sdnog] DNS Failover

Patrick Okui pokui at psg.com
Tue May 17 11:49:43 SAST 2016

Hi Manhal, all,

On 17 May 2016, at 8:00 EAT, Manhal Mohammed wrote:

> Hello SdNOGgers hope you are doing grate ^_^
> my question is about DNS fail over , i have DR site and want to make a 
> DNS failover but from reading, it seems like DNS failover is not 
> recommended , due to some considerations like  TTL  , and update time 
> so what are the better solutions to achieve failover between two 
> different data centers ? what if i want the DR site  to be reached via 
> my original IP addresses, or via a different  IP address ?

I assume you mean authoritative DNS (i.e one serving records for your 
domain name) not recursive (one you use to lookup records).

Firstly you can have as many DNS servers as you need, and they can be 
all over the world. SdNOG has four … this allows you to still serve 
the zone data even if one of the name servers goes down.

	~ ❯❯❯ dig sdnog.sd ns
	; <<>> DiG 9.8.3-P1 <<>> sdnog.sd ns
	;; global options: +cmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58050
	;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
	;sdnog.sd.			IN	NS
	sdnog.sd.		300	IN	NS	ns2.sudren.sd.
	sdnog.sd.		300	IN	NS	ns0.serendipity.org.za.
	sdnog.sd.		300	IN	NS	ns1.serendipity.org.za.
	sdnog.sd.		300	IN	NS	ns1.sudren.sd.
	;; Query time: 4420 msec
	;; WHEN: Tue May 17 12:33:08 2016
	;; MSG SIZE  rcvd: 123
	~ ❯❯❯

Secondly if say you have a web server that you want accessible from both 
places, you need to decide a few things:

1. Is the DR site used for access if the main one is off or only when 
the main one goes down?

2. How are you keeping the data in sync?

So ideally the different sites would have separate IP blocks. So if your 
answer to 1 is the DR site is only used if the main one goes down the 
easiest (using just DNS) would be to have records with short TTLs for 
the shared resource. Taking the example of a web server you could have.

	main-server             3600            IN      A     
	dr-server               3600            IN      A     
	website                 300             IN      CNAME           

When your main site goes down you’d change the CNAME to point to 
dr-server. Instead of a CNAME you can use the A record you want. In this 
case once you made the change of the CNAME it’d take at most 5 minutes 
(300 seconds) for everyone to notice the change. You typically want to 
have longer TTLs for the records that you don’t need to change that 

If your answer to 1 is you want both to be used at once, then you have 
to answer 2 carefully. What happens when someone edits data at the main 
site and someone else does the same at the DR site? If you’ve sorted 
out concurrency etc, then you can either do a load balancer (which 
should be outside both data centres and becomes your point of failure). 
In this case the A record for website would be the load balancer which 
then decides if it’s going to serve from the main site or the DR. Keep 
in mind what happens if the load balancer fails or is overwhelmed.

Alternatively (or additionally for the loadbalancer) you can use 
anycast. With any cast you can have an IP block (say a 
that you announce from both sites. The A record for “website” would 
be out of You’d then use 1.2.3/0/24 and for 
syncing data between the sites. (note that this is an 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20160517/6da61dc9/attachment.html>

More information about the sdnog mailing list