Cloudflare down? What are your options?
Spotify, X/Twitter and ChatGPT all went down recently in an outage that lasted for hours. That’s because of problems with a service many websites use – Cloudflare. (Oh, and if you’re still having issues, here’s the current status of Cloudflare.) This outage would have had a major financial impact on all kinds of businesses using Cloudflare where they were unable to trade or service their customers, and all because they didn’t have any DNS redundancy plan in place.
Not sure if you have one either? Let’s do some discovery.
What is DNS redundancy?
With DNS redundancy, you design your Domain Name System with backups so it continues working even if one DNS server or provider fails. This avoids single points of failure, like what a lot of the internet experienced with the Cloudflare outage. Having a backup DNS is important, especially for e-commerce. That’s because if your DNS server or provider goes down, your domain becomes unreachable, even if everything else is fine.
What are the benefits of DNS redundancy?
Well, first, you get more uptime! Plus, having multiple DNS servers in different regions reduces latency and protects against DDoS and provider outages. And the knock-on benefits are obvious – customers will be more satisfied with your services because you won’t be inconveniencing them with downtime. This means more sales and increased loyalty.
Ways to get DNS redundancy
The easiest way to reduce your risk when a service like Cloudflare goes down is to have multiple authoritative DNS Servers. Best practice is to have at least two, located in different data centres and on different networks or ASNs, ideally using anycast for global resiliency.
Multi-Provider DNS
Here, you use two independent DNS providers, let’s say Cloudflare and Route53, to give you provider-level redundancy with geo-distributed anycast networks, faster failover and a high SLA. However, you will need to keep DNS zone records synchronised, but some vendors automate this. (We can tell you which ones.)
Anycast DNS
This is where many global nodes share the same IP address for faster query response worldwide and built-in routing resilience. It offers automatic traffic rerouting on node failure, and you’ll find that most modern DNS providers use anycast.
Hidden Primary & Secondaries
The next method is to maintain a hidden primary DNS server. Then, multiple public secondary servers transfer the zone via AXFR/IXFR. This setup is good for large enterprises and situations where you have custom DNS logic or need more security, so your primary DNS is not exposed.
Redundant DNS resolvers
Lastly, you have client-side, where, for internal networks or servers, you can configure multiple resolvers. This does not replace authoritative redundancy but improves resolution reliability.
What not to do
Just remember that it’s not real redundancy if you’re using multiple servers at the same provider only, putting all DNS servers in the same subnet or forgetting to replicate your zone changes. Also, relying on a single network, ASN or cloud provider is a recipe for disaster, generally, like what a lot of the world saw with Cloudflare in November.
Need help understanding your DNS exposure? Get in touch today.
