Save yourself from a disaster #6: Redundancy of DNS

This is the sixth part of the series Save yourself from a disaster: Redundancy on a budget.

How can we make sure our website is always available and not going down when a node is offline?

We could do mainly 2 things:

  • Secondary DNS
  • Manual Switch

This guide won’t cover everything, it won’t be a comprehensive guide, and the steps that are shown need to be carefully reviewed and tested in your development/pre-production environment. I don’t take any responsibility for any damage, interruption of service nor leak/loss of data for the use of the instructions in the ebook (nor from any external website I’ve mentioned).

DNS Round-Robin

This is not really a practical solution because whenever one server is down the traffic will still be routed to that server, and your customers will be affected. If you have 2 records A pointing to 2 different servers you could potentially lose 50% of your traffic.

In case you need to remove (manually) quickly the unresponsive server, you need to take into account the DNS TTL. If it is set to a high value (like 24h or – even worse – a week) you cannot do anything to change that, other than wait. There are pro and cons for setting either a low or high TTL.

Usually, the DNS propagation time is around 24 hours, but it could also be around 72 hours, this is because ISP can override the TTL you have specified and the time for your changes to propagate can be longer than expected.

Secondary DNS

By having multiple nameservers you can have a fallback in case your DNS provider is having issues (very unlikely but possible).

Generally, you need to maintain manually the records aligned between the two providers. Sometimes the DNS provider will give you the ability to manage those records by pulling the data from your primary provider or by giving you API access so you can do it programmatically.

The RFC 1035 (Domain Names – Implementation And Specification), in fact, proposes to have more than nameserver configured.

First of all, you need to verify that your registrar has got a nice and good DNS management panel. Some services that are offering such functionality are for example FreeDNS (premium version ~$5/year), DNSMadeEasy, and many more. Cloudflare can act as Secondary DNS but the setup seems quite long, DNSimple has out-of-the-box integration with it (but you cannot use any of the functionality offered by CF – which makes it a bit of a loss).

I went with PremiumDNS which claims that it “keeps your website running, even when flooded with traffic. It secures the very deepest level of the Domain Name System (DNS), preventing Distributed Denial of Service (DDoS) attacks, and giving you 100% uptime, guaranteed.”
Great point is that you can buy it even for 3rd party domain.

You can check the nameservers by running:

dig +short NS

Inspecting TTLs

PremiumDNS has a TTL on the NS records of 30m, so you can be unavailable roughly for that amount of time (only if the ISP is not overriding the TTL). Cloudflare has a TTL on the NS records of 6 hours.

Manual Switch

When everything goes south, sometimes happens to have issues with DNS, and you know you are going to be affected for too long, the last resort is to change manually the authoritative name servers registered on the domain (you could do that via your registrar) and point them to a fallback DNS (you could set up an offline clone of your records in Cloudflare).

The next post will be about Billing Impact, Stay Tuned.

Check out the whole version of this post in the ebook.