Kiss High-Availability with OpenBSD
foo.zone> As a solution, the CRON job responsible for the DNS failover also checks for the current week number of the year so that:
> In an odd week number, the first server is the default master
> In an even week number, the second server is the default master.
This is nice. Fixes the difficulty with cert issuance in a pretty low effort manner, and ensures the failover is exercised. I've dealt with failover systems that were very rarely exercised, which usually means a lot of excitement when it does happen.
It's hard to criticize low cost solutions like this; if they work, they work! If there was slightly more control over the network infrastructure, I'd choose to go with CARP as my failover mechanism. It is probably one of the best OpenBSD features.
CARP is nice[1], but you need to have two machines on a broadcast domain for that. That doesn't give you geo-redundancy, like this solution does.
[1] I use it with FreeBSD to have redundant internet routers.