CloudFloorDNS Blog

08-30-2023 – What is DNS Failover & does it work?

By: Eric McIntyre, CloudFloorDNS

What is DNS Failover and does it really work?

DNS Failover is cloud-based authoritative DNS & monitoring service that moves DNS records to a backup IP or CNAME when an outage occurs. Simply put, Failover utilizing DNS is a low cost, rapid deployment DNS & monitoring service that provides more uptime for any digital business

Failover services have been around a long time and they work well. It’s been a popular internet service offering for managed DNS providers since first debuted by TZO (Tzolkin corp) back in 2001 with the AutoFailover DNS service.

The components of a Failover solution

Failover is powered by two main components, global network monitoring coupled with a managed DNS platform. Failing over DNS simply can’t be accomplished properly without monitoring from multiple remote locations. The monitoring node’s must gather data to make intelligent decisions based on the protocol and responses from the host or IP being monitored.  The failover of DNS happens when more than one node detects an outage or unresponsive host or IP address. This outage triggers the failover rules,  automatically changing the hosts selected in the DNS zonefile to the CNAME or IP of the backup.  The diagram shown below shows how this is accomplished with a single web server.

How DNS Failover service works to failover DNS for a website

DNS Failover service will monitor and failover DNS when your Web Server goes offline

Failover services require a fast, reliable DNS with a very low TTL (typically 30 seconds) or DNS cache time. A low TTL allows recursive DNS servers around the globe to ensure a fresh lookup on the DNS record every 30 seconds.

When monitoring endpoints detect a “down” host and if more than two are down, the ruleset for that failover test is activated. In this HTTP web server example, DNS record for is moved to the backup IP set in the rules.

How DNS Failover is setup  – step by step:

  1. Determine what needs to be monitored – ie. What pain point is being solved? ISP down, or a server going down? This determines what to monitor and what protocol to use. In all cases, Monitor at the most granular level – for a WWW server, use HTTP/S as the monitoring protocol
  2. What DNS records do you want to failover? Moving a Web server? Failover the www subdomain and possibly the root domain, depending on your DNS setup
  3. Move DNS to CloudFloorDNS Anycast DNS platform – Anycast DNS network is fast, reliable and  provides a low TTL option for DNS failover. A low TTL allows DNS records to be more nimble  – other DNS servers will not to cache these records for more than 30 seconds
  4. Monitor the server, ISP or device from at least three or more locations globally.
  5. Set Notification up to send emails to your team on a failure – send SMS or email notifications
  6. Setup Failover rules to move DNS on failure – The failover ruleset edits the DNS hostnames and backup CNAME or IP.  Failover just one hostname or multiple hostnames/backup IP’s
  7. Determine the failover method – Failover and failback when the primary comes up, or Failover-StayOver where it will failover but manually failback

Can Failover help your online business add uptime?

Yes! Failover service is low cost at around $50/month and will immediately help protect against downtime from ISP outages, server failures, and power outages

ISP Failover – Failover for Two Internet Connections

ISP Failover changes the DNS for on-prem hosted servers and apps when the primary ISP goes down. Most businesses host some type of on-premise servers such as VPN, databases, remote desktop, etc. An ISP outage will take these on-prem servers offline and can cause massive disruption in day-to-day operations

Adding another ISP connection with an advanced firewall router will solve these issues, but these routers won’t move the authoritative DNS. Business routers/firewalls such as Sonicwall, Forinet, Juniper, Sophos, Barracuda, Checkpoint, Cisco will automatically failover the routing/hardware side of things, but DO NOT control or failover the authoritative DNS.

How does ISP failover work?

When the primary ISP goes down, the failover service detects, notifies and activates the failover ruleset to move selected subdomains to the backup ISP. The service can move one DNS record, or multiple records during an outage with no difference in price. Move VPN, WWW, FTP, OWA for example – all with one failover test!

ISP Failover monitors your ISP and moves DNS to a backup ISP

ISP Failover can monitor your primary ISP connection and when it fails, it can move your DNS to the backup IP segment on your secondary ISP

Failover with GEO Load Balancing (GSLB Failover)

Almost all global organizations have multiple office locations with VPN’s for network access. For example: Example corp has US, EU & APAC offices with VPN concentrator’s. Corp IT provides employees a single domain VPN.EXAMPLE.COM for VPN connectivity. Using GSLB services will geo load balance & failover VPN when any one or more of the node’s go down. Utilizing GEO DNS, the DNS response will send any user to the closest VPN concentrator. Connecting to the closest endpoint immediately lowers latency, increasing speed for faster network connectivity.  When one of the VPN nodes go down, failover will remove the node from the DNS load balancing group and add back in when it comes up again.

Monitoring & Failing over DNS adds server uptime  – at a low cost

Adding failover services provides a simple, low cost reliable way to keep online apps & servers available. Failover can be an easily deployed, low cost choice when it comes to disaster recovery on a budget. Since deployment is done via authoritative DNS, it can be activated in a very short time when compared to a hardware solution. Learn more about our CloudFloorDNS Failover solutions or contact us to get a quote