0

Considering records like:

host.example.com as a CNAME to:

host01.example.com and host02.example.com

(on two separate records).

I want to set up those A records to be with a Failover routing policy.

Record Name      Type  Routing  Differentiator    Route traffic to
------------------------------------------------------------------
host.example.com CNAME Failover Primary         host01.example.com
host.example.com CNAME Failover Secondary       host02.example.com

If host01.example.com is down for whatever reason, I want requests to host.example.com to still be satisfied, but just pointing to host02.example.com. Is this the correct way to implement such a policy in Route 53? Or would there be a better solution?

Kahn
  • 115
  • 1
  • 7

1 Answers1

2

host.example.com as a CNAME to: host01.example.com and host02.example.com

That is not possible, as you can not have 2 CNAME records on the same name. (as you can not have a CNAME record to cohabit with any other records for that matter - except DNSSEC ones).

If host01.example.com is down for whatever reason, I want requests to host.example.com to still be satisfied, but just pointing to host02.example.com.

The DNS does not work like that. By default, it provides load balancing, not failover. You can have various partial ways by using short TTLs, dynamic DNS to change IP addresses quickly, DNS anycast, rotating IP addresses in response, or then more importantly handle the problem at the next layer where it makes sense like HTTPS or something else. All load-balancers provide fail-over mechanisms (but then you also have to find out how to have fail-over for the load-balancers themselves).

For "hard" DNS cases to handle, look at dnsdist, that you can put in front of some authoritative nameserver but which enables you far richer way to construct replies.

Patrick Mevzek
  • 9,921
  • 7
  • 32
  • 43
  • I see what you're saying. It seems strange that Route 53 would let me configure two CNAME records like that then and save the configuration. How would it know which to resolve to - just whichever is hit first? I wonder if this will be an issue. I think maybe it would make more sense for us to point to host01 through a cname, and just have that enabled as a failover. – Kahn Sep 30 '21 at 19:48
  • 1
    "How would it know which to resolve to - just whichever is hit first? " You will need to ask your DNS provider. 2 `CNAME` records on a given name is clearly against the DNS specification, so if anyone does that, only it can answer how it works, or if someone knows here and write another answer. Maybe failover is the core service provided here by your DNS provider but my answer is generic, as I think it might be dangerous to rely on non standard DNS things, at the very least it would make migration to another DNS provider more complicated. – Patrick Mevzek Sep 30 '21 at 19:54
  • Thanks Patrick - again if anyone is reading through these comments, to reiterate: this is through Route 53. – Kahn Sep 30 '21 at 19:56