Using a low TTL to help prevent extended periods of downtime

domain-name-systemfailoverttl

Is it feasible to set my domain's TTL to a very low value (a couple of minutes) so that, if my main host goes down for an extended period of time, I can update the DNS records in my main host to point to my secondary host's IP, thus directing new visitors — once the DNS propogation is finished — to my secondary host's servers? Or is this not even possible, perhaps even stupid? I'm just trying to figure out an inexpensive way to prevent downtime.

If it is possible, how low is too low for a TTL?

Best Answer

Low TTLs only work so far, as some DNS resolvers don't honor TTLs below certain, completely arbitrary levels. Even if you set your TTLs to 5 minutes, it can still take up to 48 hours for the change to fully flush from DNS caches on the Internet. What makes this problem worse is that Malware authors use this very trick to change where their command-and-control servers are kept (this is called "fast flux DNS" link), so a countermeasure for this is to not honor TTLs below a certain level.

It is possible to do what you want, and by the standards it should be completely workable, but it is not reliable.

Related Solutions

Web-server – Alternatives to DNS round robin

DNS round robin is not recommended because:

1- Different servers may not be exposed to the same amount of requests. So, they will be loaded in an unevenly manner.

2- DNS load balancing does not take into account the server availability. The server DNs record will remain and may be used in case of failure.

3- DNS caching will make it even worse. You don't have control over the DNS caches of your clients and any intermediate DNS server in between. If you plan to make your TTL value samller, it may not work as expected. Look at this post. The accepted answer says that Many DNS server do not honor your TTL.

The recommended solution is to install a load balancer like HAProxy along with a high availability solution like heartbeat. This setup should be installed on two machines. If one goes down, the other will take over the VIP (by heartbeat). The running machine will take care of checking backend servers health and distributing the load (by haproxy).

EDIT:

If you want the servers to work in active-passive mode, you don't need a load balancer. You can install heartbeat with pacemaker to monitor the system resources such as apache, mysql, etc. The cluster can be configured to keep only one active server.

Linux – Is it possible to setup a DNS resolver that ignores the TTL

IMHO unreliability of the server is not a problem for the clients to solve! DNS has sufficient built-in provisions for redundancy, back-up name servers etc.

The hostmaster sets the TTL, which is an instruction that you may cache this record at most TTL seconds.

If you're allowed to do a zone transfer you may run as slave of that faulty zone, which may have a longer expiry then the TTL of the records in that zone.

Caching records longer then their TTL is generally considered a bad idea. Caching records shorter then their TTL allows is according to standards, therefore bind has a max-cache-ttl option and not the reverse.

Unbound does though:

cache-min-ttl:

          Time  to  live  minimum  for  RRsets  and messages in the cache.
          Default is 0.  If the the minimum kicks in, the data  is  cached
          for longer than the domain owner intended, and thus less queries
          are made to look up the data.  Zero makes sure the data  in  the
          cache is as the domain owner intended, higher values, especially
          more than an hour or so, can lead to trouble as the data in  the
          cache does not match up with the actual data any more.

Best Answer

Related Solutions

Web-server – Alternatives to DNS round robin

Linux – Is it possible to setup a DNS resolver that ignores the TTL

Related Topic