Is there a way to add another redundant DNS along with CloudFlare?

My question stems from the recent incident with Cloudflare on July 2nd deploying bad software on their systems and causing downtime to their clients, including us. https://blog.Cloudflare.com/Cloudflare-outage/

Is there a way to have Cloudflare manage our DNS, but on top or along with it to have a redundant nameserver on standby in case Cloudflare goes down again? Or some kind of solution that adds redundancy outside of the Cloudflare network but will work while we have our service still on Cloudflare?
I’m open to anything along these lines.

The only thing that pops into mind is to have an external observer app monitor the state of our setup and if there is a major issue like the recent one with Cloudflare, just have the registrar DNS servers changed with a standby DNS server maintained by us through the registrar API. That standby DNS server would provide some fail-safe records that allow our project to be reached, while lacking the CDN and traffic load-balancing capabilites of Cloudflare.

Would this be a possible and even preferred solution to my question? What would be the drawbacks?

Thank you,

Alex

To answer your main question…no. And redundant DNS wouldn’t help because Cloudflare’s DNS didn’t go down – visitors were still getting DNS responses for Cloudflare domains. And here’s more information:

I think I haven’t explained what I want to do very clearly: I know Cloudflare’s DNS service didn’t go down, but my service did go down because of what happened with their WAF. And your suggestion from the other post to trust that this won’t happen again is unacceptable. I do not doubt that they are extremely motivated, and generally am very satisfied with their service, but want to make sure that there is zero chance of this happening again. And that zero chance will not come from trusting their high motivation level.

What I aim to achieve is to temporarily take Cloudflare out from the DNS authority and replace them with a DNS server that replies with a different set of records that will allow my service to operate, circumventing Cloudflare entirely for a set amount of time. Or some other solution that would return a similar outcome.

There might be an option of using Cloudflare as a secondary DNS, see https://www.cloudflare.com/dns/

I did not say that. Please do not misquote me.

You can export your DNS settings from Cloudflare and maintain a secondary DNS server. Switching to this would require making a change at your registrar to the NS you maintain.

sdayman, I’m sorry about that, it was not my intention. And we do like CF a lot, but we too are willing to put in the effort in order to make sure that our own service is better.

This might be an option, having a secondary DNS which resolves directly to our servers in a specific datacenter. This way part of the requests would get the right answer even if something is happening with CF.

Another option might be to set up own NS servers around the world that forward requests to Cloudflare designated NS servers, and only when there is an issue with CF, replace the replies of our own NS servers with a zone file that resolves requests to a specific datacenter. But I don’t know if Cloudflare will work if the NS servers set on a domain are changed after validation, or if this has any implication as far as the Cloudflare ToS go.

For the most part we are into Cloudflare for the load balancing, WAF, CDN and Argo, not the DNS part, but the DNS is the driving component.

You would need to have these in reserve and make the change at the registrar at the time you define… in the future we may support alternate scenarios on certain plans, but with the current config/requirements having both nameservers in place or changing the nameservers out permanently would not work.

Thank you for clearing this up! I guess we’re stuck with the future alternate scenarios, haha!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.