When two multinational enterprises merge, unifying their external facing infrastructure is often one of the most visible challenges. During a recent Tier-1 merger, our infrastructure team was tasked with consolidating over 250 corporate domains and managing a global DNS cutover within a strict 72-hour window.
The Challenge: Zero-Downtime Global Propagation
Traditional DNS cutovers rely on lowering Time-To-Live (TTL) values days in advance. However, given the scale of these organizations, several legacy registrars and authoritative name servers did not reliably honor low TTL configurations. To achieve zero-downtime propagation, we needed a modern approach that bypassed physical propagation delays.
We turned to a hybrid design combining Terraform for Infrastructure as Code (IaC) and Cloudflare Workers to intercept, validate, and proxy traffic dynamically during the transition phase.
Managing DNS Configuration as Code
Before touching any live production routes, we codified the entire DNS architecture. Terraform allowed us to declare our target state and execute plan-driven migrations:
resource "cloudflare_record" "primary_cname" {
zone_id = var.cloudflare_zone_id
name = "app"
value = "origin-v2.enterprise-system.com"
type = "CNAME"
proxied = true # Enforces Cloudflare CDN proxying
ttl = 1 # Automatic TTL when proxied
}By setting the records to proxied, Cloudflare acts as the ingress controller. We could then switch backend IP endpoints instantly on Cloudflare edge servers, completing global cutover in under 3 seconds instead of waiting hours for recursive DNS caches to expire.
Key Results
- Managed 250+ domains with zero downtime across five continents.
- Reduced DNS propagation window from 48 hours to under 3 seconds.
- Eliminated human error through automated dry-run testing via Terraform.
ulil albab
Technical M&A Lead & Infrastructure Architect
💬 Ask me about How to increase productivity, dealing with repetitive jobs and project management.