> 2
Raise 2 NS-servers (on each of the fronts), each of which gives one A-record, looking "into itself" (in the ip of the current front).
When the web server crashes, extinguish the dns server too.
A percentage of 5% of users will fall off anyway (those who have TTL in the cache ignored), but unlike stupid RR, there is still some kind of fault tolerance here (ns-servers are sorted out until at least some response is received).
> 1. How the browser works with 2 A records?
Most browsers "take" the first A-record it comes across and treat it as if it were the only one.
Smarter browsers choose the next A-record if it was not possible to establish a tcp connection with the server from the first record (but they will honestly display all sorts of 502/444/etc from the first record).

You just don’t have enough VRRP between 2 servers, so that if one of the servers is unavailable, the second server takes its IP address. In this case, the site will be available for 2 A records.
Unfortunately, even the latest Chrome caches only the first available IP address from those received from DNS. And if the IP address becomes unavailable, the browser does not re-resolve to obtain other IP addresses. For this reason, you need to transfer IP to the second server.
TTL in one minute is very strong. The load on NS servers will be excessive. With a working VRRP, you won't need that TTL.
A similar VRRP service between data centers is available, for example, from Selectel

https://habrahabr.ru/company/ivi/blog/237349/
These guys claim that everything is sad with DNS balancing.
And offer anycast.