• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

Multiple DNS or routes to Exchange

I have a network with 3 sites, two secondary sites and our Head Office site. Each site has its own internet connection which is its default gateway to the internet, but also has a separate high speed wireless WAN link back to Head Office. Our Exchange server is hosted at our Head Office.

From time to time our wireless WAN link goes down. Even though all of our offices still have internet, our secondary sites lose connection to our Exchange server because it is configured to go over our WAN link. Outlook is configured to fail over to RPC over HTTPS but it still resolves our Exchange server to an internal IP which it can not reach.

Is it possible to configure Outlook/Exchange/DNS to fail over to an external IP if the internal IP is not available? Like having 2 MX records for Exchange, one internal and one external?
  • 3
  • 3
1 Solution
First I would look into why the wireless fails from time to time, but if that's not an option, why don't you just use an external DNS record for exchange permanently? It would be better rather than fail over every time there's a problem.

Open your firewall to allow incoming connections on port 25 to your exchange server on your head office and only allow your two branches to come in; then change your DNS entries to point to the external IP.

I'd use this at least until I figure out what's wrong with the Wireless link.

If you have multiple DNS entries it will just round robin local and external IPs, DNS is not smart enough to realize one dns entry doesn't respond, also, you'd have to worry about flushing dns caches on local machines,.. just my 2 cents
i would work on the wireless link

i would also compare the speed of the wireless link with the internet connection
it may be better to just have your users configured for Outlook Anywhere in the branch offices thru the Internet all the time
Encrypted1024Author Commented:
I have been working on the wireless issue. It is over many kilometres and has several hops. It is fairly reliable but two or three times a year it konks out for various reasons. Once a power supply died on a repeater AP 50 ft up an antenna pole, once a storm blew the antenna a couple millimetres off and lost connection. Things happen. Email is essential for our organization and if it is down for several hours it is quite disruptive.
As for speed the wireless is over 20 times faster than our internet feed at the secondary offices and our main bonded T1 at Head Office is metred so we save thousands of dollars per month by pushing as much traffic through the wireless as possible.  
I have considered permanent outlook anywhere but it would push all of the traffic out through the internet. The flip side is that there is no redundancy with that configuration either. The beuty of WAN and internet is the redundancy.
As for an external address for Exchange, how do you do that? If I just make a dns entry for mail.mydomain.com, it will always point at my internal IP of my exchange server because internal clients always query my DNS. If they move their PC's out of my network they will query an ISP DNS and it would work, but if the clients are still inside my network, it won't right?
If I point it at the External IP, it will always go out the internet.
You see the dilema?
 Maybe it is not possible without some fancy router configurations.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

You would just create an x record in your local dns server pointing at the Internet ip of you exchange server.

About the fancy router configuration you could implement GLBP if you have a router for the wireless and another one for the ISP. Weight traffic to the wireless and implement load balancing depending on destination IP. Both routers must support GLBP.

Second best option would be HSRP or VRRP if you have 2 routers, 1 for Wireless and one for ISP.

You could set your default gateway to be your WLAN, If that link fails they will auto switch to your ISP if you configure tracking, preemption and priorities

What's your network topology?
Encrypted1024Author Commented:
If I created an X record pointing at my external mail server IP, it would just route all of my mail out through the internet though right?
I am wondering if there is a way to have a primary and secondary entry for my internal Exchange server the same way you would use a primary and backup MX record. Mail gets sent to the primary address unless it is unavailable, then starts sending to the higher weighted record until the primary becomes available again.
I am not sure if this is possible internally but I believe that is how MX records work externally.
As for the router situation, our WAN topology is not exactly the same at each site. The remote sites have Cisco 1800 series router with one interface connected to the WAN and one to the ISP. Our Side of the WAN, as well as some of the hop sites have Cisco Layer 3 switches. I know I could set up a VPN through the internet and use routing to accoplish my goal. That is a bunch of work and would require adding a router at Head Office to support the VPN and routing protocols. A good idea though, but we will call the routing topology change "Plan B".
I am mostly just looking for somthing easy right now. I am prepared for the answer to be:
"No you can't do this".
I'm not aware of 'primary' and 'backup' DNS records.

What you can do is this:

Set up your clients with 2 DNS servers. The primary DNS Server will be pointed across the WLAN and will point to your head office DNS server. This Server will have the local IP entry you need.

Then configure your branch's DNS server as the secondary DNS Server. This server will have the external IP of Exchange.

Now set up your records with a low TTL, perhaps 5 minutes.

What happens is now when clients send email they ask your  head office DNS for the local IP of Exchange. If the wireless goes down then clients will attempt to contact your secondary DNS server which is internal and sends them across the internet to your exchange's IP.

Because the TTL is low, the entries will be stored on cache for 5 minutes; your ISP bandwidth will be kept at a minimum, and once the Wireless comes back up, clients will start using their primary DNS server again.

I think it's an excellent way.
Encrypted1024Author Commented:
That is an interesting work around. I think it would work. I think in the end I will likely just reconfigure my routing to accomplish my goal. Thanks for the help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now