Home / server / Questions / 1058899
In Process
user1034912
Asked: 2021-03-31 19:42:34 +0800 CST

Can I setup DNS in such a way that if one IP address fails, it uses the other IP?

  • 772

I intend to create a SaaS with two Load Balancers. If one load balancer goes down, 'MySaaSApp.com' will point to the other load balancer. Can such be accomplished through DNS Records alone? Thanks!

domain-name-system load-balancing fault-tolerance

2 Answers

  1. No. Or not in general.

    The DNS does load balancing by default, not fail over. If you have multiple data for a given name and record type, applications are supposed to use all of that data. But since they are sets, not lists, there is no guarantee of order. And records are cached, so through all this applications do not have an "immediate" way to fail over from a broken case to a working one.

    But they are exceptions. MX records are ordered through a priority field, so applications (that is SMTP clients or MUA/MTAs) are expected to automatically switch to second record if first one fails, and so on. But this is because it is backed in the specifications of the MX record, and because it has a specific piece of information in the record, the priority.

    Same for SRV records that allows to put in place load balancing and fail over... as long as applications are developed to use those records, which for example is not the case with web browsers, for some now historical reasons, which ought to be solved in the future with the new HTTPS and SVCB record types.

    Load balancers in hot/hot or hot/cold configurations have specific protocols to resolve those issues. You typically use either IP anycast with some clever BGP routing, or some "virtual" IP address that is floating between various systems, which needs to be synchronized to make sure the IP address is claimed only by one at any single point in time. Look at VRRP for example, or at https://www.haproxy.com/blog/failover-and-worst-case-management-with-haproxy/ for an example when using HAProxy.

    • 2

  2. To counter Patrick’s answer ; although the DNS protocol has no native fail over mechanism quite a few DNS providers do support changing DNS records by among others tying a health check to a record.

    Then you can configure that example.com resolves to example.com 60 IN A 10.0.0.1 as long as a web requests to https://10.0.0.1/healthcheck result in a 200 response.

    When it doesn’t; then fall back to example.com 60 IN A 10.9.8.1 or similar.

    Note that DNS records must come with a time-to-live TTL value (60 seconds in the example above) that governs how long resolvers should cache the record. The shorter the TTL the faster cached records expire and the faster the failover should occur but also the more load on your name server and some additional latency.
    And be aware that not every resolver properly honors TTL records meaning that in case of fail over some of your users will be resolving to the old IP-address for much longer then you design for...

    See for example https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values-failover.html

    • 0