ANY dns service (dyndns.com, zoneedit.com, xname.org, etc) which can run in slave mode.

Then, use some EC2 instance — probably your load balancers — as a powerdns master. I chose powerdns because, after looking at just about every DNS server and library I could find, it's the closest to a pluggable/scriptable server.

Mainly, it has a 'pipe' API, in which it communicates via stdin/stdout with a simple, tab-delimited format. It's not entirely documented, but I was able to get the SOA field working by using spaces to delimit the actual SOA data.

This will not perform incredibly well, but it doesn't have to. All it really has to do is implement AXFR, and maybe do some local resolution for your other EC2 instances.

Of course, you have to tell them (somehow) if the master changes, and it may take a bit longer for those changes to propagate. But it means that you can do pretty much anything with your DNS. It also means that rather than learn a whole new API for your entire DNS implementation, you only have to learn it for the one operation of updating the master IP address — could be as simple as a single POST.

This is the kind of deviation from standards which make life difficult in large paradigm shifts like this. I'm sure that whoever implemented this thought to themselves "a DNS entry worth hard coding is not likely to ever change anyway…" However now that we're moving into the compute-as-a-service era the above statement no longer holds anywhere near true.

I expect that this will eventually be addressed as services like EC2 become more widespread in use especially now that JAVA is going OSS. (This is exactly the kind of "bug" fixing that OSS is exceptionally well suited to deal with)

networkaddress.cache.ttl (default: -1)

networkaddress.cache.negative.ttl (default: 10)

The infinite cache was added to stop long lived applets getting access to hosts behind a firewall through DNS abuse, but it stays in apps too. really old jvms (1.2 and maybe 1.3) saved negative dns entries forever. this is bad news as a temporary outage of a DNS server would never be recovered from.

TTLs -they are there for a reason, and it is the duty of client side apps to remember them.

I wonder if proxies have similar behaviour? Interesting thought…

Actually I'm quite optimistic about using the DNS failover in this way. What I'm now less sure about is using S3 as the backup, to store home directories, etc. Loading in all the volatile data (eg. html files, php, etc) from S3 to the EC2 seems to take hours — far too long to make it viable as a switch-on-and-go backup Though each time I test it, it seems to get faster… which is at least encouraging!