DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

How to Setup DNS Failover

Solution ID : SO228
Last Modified : 10/21/2023

Failover is a load balancing technique that configures DNS records to point to a backup IP or hostname in the event a primary resource becomes unavailable. The alternative resources are only utilized if the primary is down or becomes unhealthy. In Constellix, health checks are performed through our Sonar Performance Monitoring service, which continuously monitors the status of your resources. If a failure occurs, we will also verify the status of your backup endpoints before redirecting your traffic.

Failover can also be combined with GeoDNS services like Traffic Steering and IP Filters to create regional failover configurations.

Note: Visit our Regional Failover guide to learn more about combining Failover with GeoDNS services.

Common Use Cases for DNS Failover

Failover is most commonly used for redundancy and preventive measures for domains. This is especially useful for mission-critical services or organizations that rely on the Internet for revenue, visibility, and functionality.


1. Log into Constellix and go to the Sonar Dashboard

You can log in directly to Sonar from the Constellix homepage by selecting Sonar from the login dropdown menu.

Alternatively, if you are already logged on and are in the main Constellix dashboard, you can switch to the Sonar app by clicking on the App menu (grid icon) at the top left, and choose Sonar from the dropdown menu.

2. Select Sonar Check

Once in the Sonar app, click on the name of the check you want to use for your Failover configuration (previously made).

3. Clone Sonar Check

Click the Clone button in the upper right-hand corner of the check configuration window.

4. Change Host in Cloned Checks

In the cloned copy of the Sonar check, change the Host value (IP/FQDN) to match the first endpoint in your Failover configuration and click Save. Repeat this step for each endpoint.

5: Return to Constellix DNS App

Once all checks have been made for each endpoint, switch back to the Constellix DNS app by clicking Switch Apps at the bottom left-hand corner of the screen and selecting the option for DNS.

6. Select the Appropriate Domain

From the Constellix DNS dashboard, select your domain from the Recently Updated Domains list or search for the domain in the top-left search bar.

7. Select the Record That Needs Failover

After selecting the appropriate domain, you will be directed to the Records page. Tick the box for the record that requires a Failover configuration and then click on the pencil icon to edit the record.  For this example, we will be using an A record, but the steps are the same for AAAA, CNAME, or ANAME records.

8. Choose Failover Mode for the Record

After selecting the record you want to edit, the Edit Record window will appear. On the right-hand side of the pop-up window (under record mode), select the type of Failover you want to use.

Visit our guide on configuring Failover with Round Robin if you want to combine basic Failover with Round Robin load balancing.

There are three Failover settings to choose from. You will also want to designate a contact for failover alerts.

a) Normal: If your primary IP address (the first IP/resource listed in your failover configuration) is unavailable, your traffic will be directed to the next IP listed. If the primary IP and the first alternative resource is down, traffic will be sent to the third IP, and so on. Traffic will automatically be sent back to your primary IP once it is available again. 

b) Off on Any Failover Event: For this option, if your primary resource goes down, traffic will be directed to the next healthy resource listed in your configuration, and stays at the alternative resource until you turn Failover back on manually. This option is useful if you want to be able to troubleshoot your primary resource or make changes to it before it goes live again.   

c) One Way: With One Way Failover, your traffic is sent down the list (according to the health of the resources) and stops at the last resource listed. Returning traffic to the primary IP would need to be done manually.  

Note: For failover configurations, we recommend adjusting the TTL to a maximum value of 30 seconds in order to prevent end-user disruptions.

d) Contact Notify: Select the contact list that will receive Failover notifications. If you need help with this step, see our Create a Contact tutorial.

e) Disable Record: With this feature, you are able to remove records from our nameservers without removing the record configuration in the Constellix DNS control panel. See our Disabling a Record tutorial for more information.

9. Add Endpoints for Failover Configuration

Next, you will need to add the endpoints for your Failover Configuration and the appropriate Sonar check. Level designates which resource has priority. 

Note: The first endpoint should always be your primary resource.

a) IP: Add the endpoints, starting with your primary. Click Add Another IP to add additional resources.

b) Sonar Check: Select the Sonar Check you would like to use for monitoring your endpoints.

c) Enabled: This allows you to disable endpoints in your Failover configuration at any time (useful for planned maintenance or updates).

Note: Once your Failover configuration is saved, the active column will have a green checkmark beside the IP that is currently being returned. The Status column will denote whether an IP is up or down. If your primary IP is active, the status will say n/a.

d) Notes: The note section lets you add important details and keywords so you can easily search for specific records later (optional, but recommended).

e) Save: Once you have entered all endpoints and have chosen Sonar checks for each, click the green Save and Close button to complete your configuration.

Note: In order, for your Failover configuration to take effect, you must review and apply changes.

10. Test Your Failover Configuration

Once you have reviewed and committed your changes, your failover configuration will instantly propagate to all of our nameservers. To verify that the record you configured is live, you can query the record through Mac’s Terminal or the Windows Command Prompt (or PowerShell). Alternatively, you can use our DNS Lookup Tool, which can be used anywhere, from any device. 

You can also see your configuration in the main Records area. If you click on the IP/host for the record that has Failover configured, the IP (endpoint) that is being returned will be designated with an asterisk in the IP/Pool column.

Visit our website for more information on our services and features.