I'm looking for some advice on how to create a failover mechanism for DNS and CDN, especially since relying on main providers like Cloudflare, AWS, Azure, and GCP can be risky during attacks. Given that these services tend to be a core part of our infrastructure, how can we architect a system that minimizes the risk of a single point of failure, particularly at the DNS level? Has anyone tried implementing a multi-cloud DNS setup? Also, any tips on affordable CDNs for primary and secondary usage? On top of that, what are the options for using non-standard DNS records, like having an Alias at the root of a domain?
1 Answer
To set up a strong failover system, my suggestion is to run your own primary and secondary DNS servers, perhaps one on AWS and another on Azure. This way, both would have the Start of Authority (SoA) records, and you could implement zone transfers between them. Just remember that your registrar isn’t authoritative; it just registers your domain and points to your DNS servers. DNS queries would automatically resolve from the root down, so you won't have to rely heavily on Cloudflare or AWS Routed 53 for that part. Plus, this setup could help manage configurations better.
That’s a solid plan! Just keep in mind that some Cloudflare features may not work perfectly if you're not using their DNS. Implementing root aliases can also get tricky since you’ll need compatible DNS software like BIND to support those configurations. Ideally, you want users to access your site via "mydomain.com" and not just "www.mydomain.com," which adds to the complexity.