← Docs
Recipe

Recipe: DNS failover policy

Configure Meridian to switch resolvers when your primary upstream becomes unreachable or returns SERVFAIL.

Prerequisites

  • Meridian agent v2.4+ installed on the gateway host
  • At least two upstream DNS resolvers (primary + fallback)
  • Health-check endpoint reachable from the agent

Step 1 — Define resolver pool

Add your resolvers to the pool. The agent probes each in order.

resolvers:
  - addr: 1.1.1.1:53
    role: primary
  - addr: 9.9.9.9:53
    role: fallback
  - addr: 8.8.8.8:53
    role: fallback

Step 2 — Set health policy

Configure probe interval, failure threshold, and recovery grace period.

health:
  probe_interval: 5s
  failure_threshold: 3
  recovery_grace: 30s
  probe_type: soa_query
  probe_target: .

Step 3 — Apply and verify

Restart the agent and tail the health log to confirm failover triggers correctly.

$ meridian-agent apply policy.yaml
$ meridian-agent logs --follow --component health

Gotchas

  • NAT gateways may mask upstream unreachability — use SOA probes, not ICMP.
  • Recovery grace prevents flapping when a resolver returns intermittently.
  • Always keep at least one fallback outside your primary ASN.
← All recipesNext: Load balancing →