DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Configure DNS Failover with a Template

Solution ID : SO120
Last Modified : 10/21/2023

Using DNS Failover with a template allows you to use a single failover record for multiple domains that share the same configuration. This is accomplished by setting up a template with a record set for the domains and setting up failover within the template. You can then apply the template to multiple domains.


1. Select the Advanced menu and click on “Templates”


2. Click Add Template

Give the template an identifiable name. You can choose to base your template on the configuration of an existing domain, to do this select a domain name from the drop menu and click ok. Otherwise, click ok to continue.


3. Finalize the template creation by clicking on the OK button.


4. Add an A record Under the A records section, click the + icon to add a new A record.


5. Enter your desired record values.


6. Create a Contact List

Now we will set up a contact list for notification of the failover event.
Select the “Config” menu and click on “Contact Lists”.


Click on the plus sign (+) to add a new contact list


Give the contact list an identifiable name and enter the email addresses you would like included in the list, one per line. Groups are discussed in a tutorial here, however, if you are the only user for your account your contact list should be part of the default group. Otherwise, it should be part of whatever group is set up to have management permissions for the domain.
Then click “Submit”


7. Adding Failover to the Template A Record

Now we will configure DNS Failover on the template, Select the Advanced menu and click on “Templates”


Select your template from the drop-down menu.

Under the “SM / FO” column next to the A record with the IP of 1.2.3.4, click “off” to edit the configuration.


Enable System Monitoring and DN Failover by checking the boxes.
 

  • Monitoring Notifications: Enable System Monitoring and/or DNS Failover by checking the boxes. These can be used independently of one another if you wish.
  • System Description: Once provided, this will be included in the notification you receive so you know which system the notification is for.
  • Notification Contact: Select your contact list to be notified of IP statuses or changes – We select the one we created. The default notification is to the “Account Owner” which is the email address on file for the account (you can view this under the Config – Users menu).
  • Maximum Number of Emails: Select an amount you would like to receive regarding each system monitoring and/or failover event.
  • Sensitivity: The “sensitivity” option in DNS Failover allows you to specify different numbers of checks the monitoring locations will make against the IP. High Sensitivity means fewer checks, three checks are made in immediate succession of one another to confirm the status of the server. Medium Sensitivity (which is the default) performs six immediate checks. Low Sensitivity performs nine immediate checks. The lower the sensitivity level, the more confirmations the monitoring servers will make.
  • Protocol: Configure a port and protocol to monitor based on what criteria you want to confirm is reachable on your server. In the example here we are configuring the primary IP address of 1.1.1.1 to be monitored on HTTP port 80 and failing over to the IP address 2.2.2.2 if the primary is not available.
  • FQDN: Enter the fully qualified domain name of the system you are monitoring. This is the full hostname of the monitored system.
  • File to query: (This is optional)
    We have also added a file and string to query for in the HTTP configuration (this is only example data), these fields are optional with an HTTP or HTTPS configuration. The system will query http://1.2.3.4:80/index.html and look for the string of UP in the first 2KB of text on that page. All these criteria must be met for the IP to be considered online. In addition, the web server must reply with a 200 response code.
  • DNS Failover: (This is optional)
    We have also enabled the “Turn off auto-failover after first failure” feature with a checkmark. This means that DNS Failover will not revert traffic back to the primary IP address automatically.
     


For your information, below is the list of networks our monitoring services will check your primary IP address from:

  • 208.94.147.0/24
  • 208.94.150.0/24
  • 208.94.151.0/24
  • 96.45.91.0/24
  • 96.45.92.0/24
  • 96.45.93.0/24


8. Apply the Template to a Domain

Now we apply the template to the domain(s), Select Managed DNS


Select a domain from either the “Recently Updated Domains” box, or start typing the domain name in the text box on the “Select Domain” tab.


Click on the “Settings” tab.

Select your template from the drop-down menu and click Save.