Using DNS for low cost Failover

It could make exceptional sense to make use of your dns host for load balancing and failure tolerance by using round robin and DNS Failover. This could save the substantial expense of dedicated load balancing hardware or machines to run load balancing software or scripts. And of course, the load balancer itself is an extra point of failure that could be avoided by having this logic handled by your DNS provider.

For one domain, just list a set of IP addresses in the DNS records, each for different redundant machines. Traffic is spread across this list of servers using a round robin approach. Combine this with DNS Failover which checks to see if the machines at each IP are working and redirects if necessary. Essentially, if a machine goes down, it can just get dropped from the round robin list. The round robin feature is fairly standard among DNS providers, but failover is less common.

Easydns.com offers it as a beta feature (http://support.easydns.com/Failoverfaq.php#2).

DNSmadeEasy.com offers it as a main feature.

Since each request can go to any IP address, it is important to consider how to manage information that needs to remain available from one request to another, for example, a user's photograph collection or a large customer information system. This could be achieved by having a pool of web machines connect to a common database or file system which could themselves be mirrored for redundancy.

Some important issues not addressed by DNS load balancing:

(1) Only IP addresses can be distributed, not ports (although ports can be checked for failover).

(2) Delay before a failover can take place (up to 15 minutes with easydns.com. 2-4 minutes with DNSmadeEasy.com).

(3) IP addresses can be cached in other DNS servers, redirecting users to a bad IP for minutes, hours or days.

(4) Only even distribution is supported. It will not work well with a powerful main machine and a small backup machine equally sharing a workload. It will not support traffic being distributed to machines with the best geographic location.

Here are EasyDNS' comments on the subject:

How do I specify whether I want to just monitor or failover a host if I have both enabled?
If you simply omit the "Failover IP" field then a given check will be treated as a Host Monitor. The "Failover IP" field must be filled in for a check to be treated as DNS failover
How are false positives avoided?
If the central node detects a failure, it then connects to between 4 and 6 "remote monitors" deployed at various locations around the internet and runs the same test from those remote monitors. In the case of failover DNS all remote monitors must agree that the server being monitored is unreachable, down or otherwise in a failure condition. If any remote monitors can successfully reach the target server the failure is treated as a false positive.
How often is my server checked?
We are presently checking every 15 minutes. It is not possible to change this interval for indivdual domains. This is a feature we are planning on rolling out as wescale the service.
How come I just can't "ping" my server for checking?
We are looking at adding a "ping" method but for the most part, many datacenters and firewalls disable all forms of ICMP echo requests making "ping" unusable as a reliable method of testing server availability, plus, a server may be "pingable" but it's services could be failing.
What is the difference between "Auto Restore" and "Manual Rollback" for Failover DNS?
Auto rollback means when the target server appears to be back online or available, our systsem will automatically restore its DNS entry to its original IP address. This is not always desirable. For example, you may need to undertake some data consolidation, perhaps for an order taking system that took new orders on the stand-by server during an outage that needs to be imported to the original server once its back up. In those cases you would use "Manual Rollback" and when the original system is back up, you will be notified.