Submit a ticket My Tickets
Login  Sign up

How to Configure Failover with IP Filters


This tutorial will walk you through the process of configuring Failover for IP Filter-enabled records. For example purposes, we will be using an A record, but the same steps would apply for any applicable record (A, AAAA, CNAME, or ANAME). 

Note: Visit our Create an IP Filter guide if you need help setting up a filter for your domain.

Common Use Cases for DNS Failover

Failover is most commonly used for redundancy and preventive measures for domains. This is especially useful for mission-critical services or organizations that rely on the internet for revenue, visibility, and functionality.


  • A  domain has already been added to your Constellix account
  • GeoIP Services have been enabled for your account
  • At least one IP Filter rule and World Default record has been created for your Domain
  • You have already created a Sonar health check
  • You have created a contact for your domain (for receiving notifications)

How to Configure Failover For Records With IP Filters 

1. Navigate to Managed DNS > Domains

After logging in to the Constellix DNS dashboard, select Managed DNS on the left-hand side menu to expand options and then click Domains.

2. Select Domain 

From the domains list, click on the domain you want to add the Failover record to.

Note: Options shown may vary depending on the current configurations set for your domain.

3. Edit World Default Record

After selecting the domain that needs the Failover configuration, you will be taken to the Records page. Check the box beside the World default A Record (or whichever record type you chose) and click the gray pencil icon to edit the record.

4. Enter Values and Select Record Mode

You should now see the Add A Record pop-up window. Fill out the following values and select Failover for Record Mode, then choose your desired failover method:

A. Name: Enter the hostname for the record. To set the record for the root domain (@), leave this field blank.

B. TTL: Time to live (measured in seconds) determines how long a record is cached in nameservers. Visit our What is TTL resource for more information and best practices for TTLs.

Note: For failover configurations, we recommend adjusting the TTL to a maximum value of 300 seconds in order to prevent end-user disruptions.

C. Record Mode: This mode enables you to configure Failover, Record Pools, or Round Robin with Failover. Visit our Records Mode page for more details on these settings.

There are three Failover settings to choose from. You will also want to designate a contact for failover alerts:

Normal: If your primary host (the first resource listed in your failover configuration) is unavailable, your traffic will be directed to the next host listed. If the primary host and the first alternative resource are down, traffic will be sent to the third host, and so on. Traffic will automatically be sent back to your primary resource once it is available again. 

Off on Any Failover Event: For this option, if your primary resource goes down, traffic will be directed to the next healthy resource listed in your configuration, and stay at the alternative resource until you turn Failover back on manually. This option is useful if you want to be able to troubleshoot your primary resource or make changes to it before it goes live again.   

One Way: With One Way Failover, your traffic is sent down the list (according to the health of the resources) and stops at the last resource listed. Returning traffic to the primary host would need to be done manually. 

D. Contact Notify: Select the contact list that will receive Failover notifications. If you need help with this step, see our Create a Contact tutorial.

E.  Drop Query for selected IP Filter: Selecting this option will instruct Constellix nameservers to drop the query (you would not want this for your failover configuration).

F. Disable Record: With this feature, you are able to remove records from our nameservers without removing the record configuration in the Constellix DNS control panel. See our Disabling a Record tutorial for more information.

5. Add IP for Failover Configuration

Next, you will need to add the resources for your Failover Configuration and select the appropriate Sonar check. 

Note: The first endpoint should always be your primary resource.

F. IP: Add the IP, starting with your primary. Click Add Another IP to add additional resources.

G. Sonar Check: Select the Sonar Check you would like to use for monitoring your resources.

H. Enabled: This allows you to disable endpoints in your Failover configuration at any time (useful for planned maintenance or updates).

Note: Once your Failover configuration is saved, the active column will have a green checkmark beside the host that is currently being returned. The Status column will denote whether a host is up or down. If your primary resource is active, the status will say n/a.

I. Notes: The note section lets you add important details and keywords so you can easily search for specific records later (optional, but recommended).

Save: Once you have entered all endpoints and have chosen Sonar checks for each, click the green Save and Close button to complete your configuration.

6. Edit Record with IP Filter Rule Enabled

Now you need to enable Failover for the record that has your IP filter rule enabled. From the DNS records page,  check the box beside the A Record (or whichever record type you chose) that has the IP Filter rule applied to it and click the gray pencil icon to edit the record.

Next, repeat steps 4 and 5.

Note: In order for your Failover configuration to take effect, you must review and apply changes.

7. Test Your Failover Configuration

Once you have reviewed and committed your changes, your failover configuration will instantly propagate to all of our nameservers. To verify that the record is live, you can query it through Mac’s Terminal or the Windows Command Prompt (or PowerShell). Alternatively, you can use our DNS Lookup Tool, which can be used anywhere, from any device. 

You can also see your configuration in the main Records area. If you click on the IP for the record with the IP Filter/Failover configuration, the IP (endpoint) that is being returned will be designated with an asterisk in the IP/Pool column.

Visit our website for more information on our services and features.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.