How Do You Architect a System without DNS Being a Single Point of Failure?

Problem scenario
You want to design a system without a single point of failure. How can you ensure a DNS is not a single point of failure?

Have multiple authoritative DNS servers. To read more, see Networkworld or Medium. We observe that one tradeoff is there is not a single source of truth, but the benefit is that you do not have a single point of failure.

Use an external DNS provider with protection from DDoS such as Route53. External DNS providers can be useful if your data center is down. You can still communicate with customers in the event of a major outage.

Stay on top of certificate renewal issues (taken from ). One source expects digital certificates to have a life-span of no more than three months. For renewing certificates, see this posting.

Use short TTL durations so DNS will not keep routing traffic to an IP address (citation

Use Anycast to shorten the DNS resolution time (according to

To read about avoiding an SPOF with DNS, read these postings:

Leave a comment

Your email address will not be published. Required fields are marked *