DNS failover with Desec?

I’m considering using DNS failover for a subdomain. Basically, I would like to use multiple A records with a short TTL. When one of the A record IP’s fails, I would like to have it removed from the DNS (and on service resume added again).
This allows for a simple, mostly performing failover solution.

Is this possible with Desec?

No comment on whether DNS failover is a good concept or not…

But if all else fails, you could probably create a DDNS subdomain in either dedyn.io or using your own base domain (which needs to use deSEC nameservers of course) and update multiple A records using the REST API instead of the DynDNS update url.
See: Retrieving and Creating DNS Records — deSEC DNS API documentation

When one of your hosts goes up or down, you update with a new RRset of A records.

Subdomains of dedyn.io get the 60s TTL automatically. For your own (sub)domain you need to contact die deSEC team to allow the low TTL value.
Look for the minimum_ttl read-only value of your domain in the Domain Management — deSEC DNS API documentation and check its value using the API.

Depending on how often you expect changes to your A records you might want take the deSEC rate limits into consideration.

You will need to figure out monitoring your services and generating the appropriate REST API calls to do your updates.


1 Like

Hi @fiwswe ,
Thank you for your solution concept.
I was hoping for a more ready made solution. This means I will have to reconsider the setup, because monitoring is non trivial, and having monitoring failures combined with DNS failures is …