
Mammatus: Use DNS NS failover to create HA Web Service. - tricknik
http://mammatus.thimbl.net/this-website
======
forkqueue
The main issue with using DNS for failover is that the name servers of many
major ISPs don't respect TTL values, particularly those under 3600 seconds.

As such, when a failover occurs a site will be unavailable for many viewers
for several hours and possibly even days, making the solution anything but
highly available.

~~~
andrewtj
_The main issue with using DNS for failover is that the name servers of many
major ISPs don't respect TTL values, particularly those under 3600 seconds._

I've seen this repeated in many places but never with any concrete examples.
This leads me to wonder just how widespread the practice is — can you
substantiate the claim?

~~~
abthomson
I don't know much about ISP DNS configurations, but the problem extends to
clients as well. For example, until Java 1.6, the default TTL for DNS lookups
was forever.

~~~
andrewtj
That's beyond the scope of my question — my concern is solely resolvers
extending TTLs.

------
paraschopra
Here is a recent blog post we wrote: [http://visualwebsiteoptimizer.com/split-
testing-blog/maximum...](http://visualwebsiteoptimizer.com/split-testing-
blog/maximum-theoretical-downtime-for-a-website-30-minutes/)

In a nutshell, IE doesn't respect TTL and caches DNS for 30 minutes.

~~~
tricknik
Hi paraschopra. What does it do when the request using the cached DNS fails?
In conversations with security experts researching DNS re-binding attacks,
I've heard that pinning is dropped after one failed request, as techniques
like sending multiple A records for a domain depend on this. Also see my
comments to forkqueue.

~~~
paraschopra
In my experience it doesn't request DNS again if request fails. Waits till TTL
expires. Multiple A records are useful if you have all servers exactly
synchronized (as request can go to any server) plus on the moment of server
failing it will still doesn't help as IE will keep reconnecting to same IP.

Though I haven't tested multiple A records.

~~~
tricknik
Thanks, I'll look into this more. In the case of Mammatus response, the TTL
would already be expired, so the only problem would be if it pinned for longer
and didn't request again on failure.

------
humanite
highly interesting !!

