Skip to content
07 principle

Rollback Without Fear

When something goes wrong — and it will — the recovery path should be as structured as the deployment path. Rolling back a DNS change should never involve guesswork, manual console edits, or hoping you remember what the record used to be.

A deployment rollback should show the operator exactly what will happen before it happens:

  • Which items will be reversed (and how — delete, restore, or recreate)
  • Which records were modified by later deployments (cascading risk)
  • Which records were changed outside the tool (external drift)
  • Which items can’t be rolled back (insufficient state captured)

Confirm, and every item is reversed in the correct order with a full audit trail. Individual record rollback should also be available from the audit log for surgical corrections.