I'm trying to implement a low-cost solution for website high availability. I'm looking for the downsides of the following scenario:
I have two servers with the same configuration, content, mysql replication (dual-master).
They are in different datacenters – let's call them serverA and serverB. Users use serverA – serverB is more like a backup.
Now, I want to use DNS failover, to switch users from serverA to serverB when serverA goes down.
My idea is that I setup DNS servers (bind/powerdns) on serverA and serverB – let's call them ns1.website.com and ns2.website.com (assuming I own website.com). Then I configure my domain to use them as its nameservers. Both DNS servers will return serverA IP as my website's IP. If serverA goes down I can (either manually or automatically from serverB) change configuration of serverB's DNS, to return IP of serverB as website's IP.
Of course the TTL will be low, as it's supposed to be in DNS failovers.
I know that it may take some time to switch to serverB (DNS ttl, time to detect serverA failure, serverB DNS reconfiguration etc), and that some small part of users won't use serverB anyway. And I'm OK with that. But what are other downsides of such an approach?
An alternative scenario is that ns1.website.com will return serverA IP as website's IP, and ns2.website.com will return serverB IP as website's IP. But AFAIK clients not always use primary nameserver and sometimes would use secondary one. So some small part of users would use serverB instead of serverA which is not quite what I'd like. Can you confirm that DNS clients behave like that and can you tell what percentage of clients would possibly use serverB instead of serverA (statistically)?
This one also has the downside that when serverA goes back up, it will be automatically used as website's primary server, which is also a bad situation (cold cache, mysql replication could fail in the meantime etc). So I'm adding it only as a theoretical alternative.
I was thinking about using some professional DNS failover companies but they charge for the number of DNS requests and the fees are very high (why?)
Best Answer
"Failover" is not a native DNS server capability; this must always be implemented at another layer.
That said, there are indeed two ways to perform it: georedundancy and -locality using anycasting (i.e. the IP returned depends on where the request comes from, or some other criterium), or ad hoc chnages to DNS data.
The latter is never as fast as the former, for the reasons you outlined.
That said, the latter is fairly simple to implement by yourself; all you need is authoritative servers that implement ddns updates.
Detect failure, update nameservers with nsupdate, and wait for TTL expiration.