[tpg]

The simplest option I'm aware of is to point CloudFlare to your load balancer, and have it handle removal of failed backend nodes.

The only big downside is that on AWS you can't have an elastic IP associated with an elastic load balancer, so you either have to run your own HA haproxy/nginx/whatever cluster in EC2 in order to have a single IP to point CloudFlare to.

If you can live with a subdomain you can point that cname to an ELB.

Alternatively, CloudFlare's API is pretty reasonable, so you could home-brew health checks that de-register dead nodes from CloudFlare. Even a simple nagios check handler could do that.

[manigandham]

CloudFlare has CNAME flattening so you can still have the apex point to a CNAME and CF will automatically keep up to date with the correct IP using the TTLs and broadcast an A record correct to RFC standards.

https://support.cloudflare.com/hc/en-us/articles/200169056-C...

[derefr]

Do you know if CloudFlare's apex CNAME support works coupled to Route53's health-check-based RRDNS? I know that AWS's own DNS reflects the health-check-based changes to the round-robin pools instantaneously, but I have no idea what sort of TTLs they emit.

[manigandham]

Haven't used Route53 recently but those TTLs should be configurable by you. Obviously the lower the better to keep propagation time low for changes. CloudFlare has more info in the blog post [1] that says they do respect the TTLs that are given for records and then cache the value until expiration so I'm assuming they also send along the same TTL value of the original lookup.

There's no way to ensure the rest of the internet will handle it correctly though with all the proxies and DNS caches in the middle and low TTLs can also add latency to end-users who might have to constantly do a DNS lookup on new connections.

If you're using CloudFlare's full service (instead of just DNS), then it'll be seamless because their IPs don't change.

[1] https://blog.cloudflare.com/introducing-cname-flattening-rfc...