Best CNAME TTL strategy for fallover switching

failover domain-name-system cname-record ttl a-record

Assuming that the apex A record for example.com. was pointing at a broken IP address, most companies I know would change the A record and skip the www change entirely:

  • Most admins would rather not have their website broken for users who key in the name of the website without the www prefix.
  • This goes double for admins who don't trust their webapp devs to consistently use www.example.com over example.com. (hint: most of us don't)

Moving on to your linked example, you're comparing apples and oranges. Apex DNS records in web hosting scenarios are a massive pain because of the well-known apex CNAME problem. There are only two correct choices in this circumstance: either the apex A record is changed as necessary to point it at a valid IP, or you forgo having an apex record entirely. Anything between the two is half-baked and inconsistent.

All of this is somewhat beside the point though: if you are relying on manual record changes to handle high availability for your service, you are doing something wrong. The IP address the web browser hits should be a load balancer, an anycast address, a CDN, or a webhosting provider who can provide this high availability if your own server farms cannot. Multiple address records can also work if you're confident that the primary applications consuming them follow follow RFC 6724 guidelines (i.e. most popular web browsers), but many applications are lazy and simply use the first address record returned.

For the sake of the argument, let's examine Google's CNAME chain on its own merits without putting it into the context of your original problem. This will look familiar, as it's the text of my original answer:

Record type is inconsequential here. If the record needs to be changed frequently, it should have a very low TTL. If it doesn't need to be changed frequently, it stands to reason that it doesn't need a low TTL and you can use whatever you're comfortable with.

No one (other than Google) can really comment on why Google wants ghs.l.google.com IN A to have a lower TTL than the CNAME records pointing at it. You can't draw any conclusions without understanding their larger design, and the design is what dictates your moving parts.


I agree.

As long as the "real servers" have stable IP addresses the A records should have long TTLs. Keep the TTL on the CNAME records low to enable fast switching to another real server in case of failure or whatever.

Related

Better way to do [linux] system & environment validation?
nginx logs to syslog - connection refused
What trouble will I have when running a SAN past its support lifetime?
Details on the utility `memhog` in Linux environment?
How to get a list of sites in IIS 7.5 binded to a certain ssl certificate using command line
Removing failing drive from LVM volume group ... and recovering partial data from an incomplete LV (with a missing PV)
Nodejs : Depends: rlwrap but it is not installable
Network folder marked offline and will not go back online when accesssed by hostname
How to know when to properly use iSCSI, NFS or SMB?
Nagios alert based on scheduled MySQL queries results
restarting apache http server without interrupting http downloads
Single sign on with Apache and LDAP