This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

adguard

Using DNS to Gracefully Switch Network Services

Assume the service domain name is example.domain, the original server IP is A, and the new server IP is B after migration or IP change. To keep users unaware, we can use DNS to gracefully switch network services.

  1. Original state: example.domain resolves to IP A.
  2. Transition state: example.domain resolves to both IP A and B.
  3. New state: example.domain resolves to IP B; IP A is removed.

Note: When users receive two resolved addresses, the client picks one to connect to; if that fails, it tries the others, ensuring service availability.

Since DNS responses are cached, the transition state must last long enough for all caches to expire.

I’m migrating a DNS service, so I can accelerate the switch by adding “DNS rewrites” during the transition.

Rewrite rules for server A:

Server A rewrite

Rewrite rules for server B:

Server B rewrite

The expanded migration steps are:

  1. Original state: example.domain resolves to IP A.
  2. Transition state: in DNS A, example.domain is rewritten to A and B; in DNS B, it is rewritten to B.
  3. New state: example.domain resolves to IP B; IP A is removed.

Clients still querying DNS A receive both addresses.

  • With 50 % probability they pick DNS A.
  • With 50 % probability they switch to DNS B.
    • If DNS B fails, they fall back to DNS A.
    • If DNS B is healthy, they see only B and stay on DNS B.

This gradually reduces load on DNS A without abruptly terminating it, achieving a smoother migration.