Go Premium for a chance to win a PS4. Enter to Win


Multiple DNS or routes to Exchange

Posted on 2010-09-15
Medium Priority
Last Modified: 2012-05-10
I have a network with 3 sites, two secondary sites and our Head Office site. Each site has its own internet connection which is its default gateway to the internet, but also has a separate high speed wireless WAN link back to Head Office. Our Exchange server is hosted at our Head Office.

From time to time our wireless WAN link goes down. Even though all of our offices still have internet, our secondary sites lose connection to our Exchange server because it is configured to go over our WAN link. Outlook is configured to fail over to RPC over HTTPS but it still resolves our Exchange server to an internal IP which it can not reach.

Is it possible to configure Outlook/Exchange/DNS to fail over to an external IP if the internal IP is not available? Like having 2 MX records for Exchange, one internal and one external?
Question by:Encrypted1024
  • 3
  • 3
LVL 10

Expert Comment

ID: 33688897
First I would look into why the wireless fails from time to time, but if that's not an option, why don't you just use an external DNS record for exchange permanently? It would be better rather than fail over every time there's a problem.

Open your firewall to allow incoming connections on port 25 to your exchange server on your head office and only allow your two branches to come in; then change your DNS entries to point to the external IP.

I'd use this at least until I figure out what's wrong with the Wireless link.

If you have multiple DNS entries it will just round robin local and external IPs, DNS is not smart enough to realize one dns entry doesn't respond, also, you'd have to worry about flushing dns caches on local machines,.. just my 2 cents
LVL 32

Expert Comment

ID: 33690969
i would work on the wireless link

i would also compare the speed of the wireless link with the internet connection
it may be better to just have your users configured for Outlook Anywhere in the branch offices thru the Internet all the time
LVL 10

Author Comment

ID: 33692470
I have been working on the wireless issue. It is over many kilometres and has several hops. It is fairly reliable but two or three times a year it konks out for various reasons. Once a power supply died on a repeater AP 50 ft up an antenna pole, once a storm blew the antenna a couple millimetres off and lost connection. Things happen. Email is essential for our organization and if it is down for several hours it is quite disruptive.
As for speed the wireless is over 20 times faster than our internet feed at the secondary offices and our main bonded T1 at Head Office is metred so we save thousands of dollars per month by pushing as much traffic through the wireless as possible.  
I have considered permanent outlook anywhere but it would push all of the traffic out through the internet. The flip side is that there is no redundancy with that configuration either. The beuty of WAN and internet is the redundancy.
As for an external address for Exchange, how do you do that? If I just make a dns entry for mail.mydomain.com, it will always point at my internal IP of my exchange server because internal clients always query my DNS. If they move their PC's out of my network they will query an ISP DNS and it would work, but if the clients are still inside my network, it won't right?
If I point it at the External IP, it will always go out the internet.
You see the dilema?
 Maybe it is not possible without some fancy router configurations.
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

LVL 10

Expert Comment

ID: 33692823
You would just create an x record in your local dns server pointing at the Internet ip of you exchange server.

About the fancy router configuration you could implement GLBP if you have a router for the wireless and another one for the ISP. Weight traffic to the wireless and implement load balancing depending on destination IP. Both routers must support GLBP.

Second best option would be HSRP or VRRP if you have 2 routers, 1 for Wireless and one for ISP.

You could set your default gateway to be your WLAN, If that link fails they will auto switch to your ISP if you configure tracking, preemption and priorities

What's your network topology?
LVL 10

Author Comment

ID: 33693192
If I created an X record pointing at my external mail server IP, it would just route all of my mail out through the internet though right?
I am wondering if there is a way to have a primary and secondary entry for my internal Exchange server the same way you would use a primary and backup MX record. Mail gets sent to the primary address unless it is unavailable, then starts sending to the higher weighted record until the primary becomes available again.
I am not sure if this is possible internally but I believe that is how MX records work externally.
As for the router situation, our WAN topology is not exactly the same at each site. The remote sites have Cisco 1800 series router with one interface connected to the WAN and one to the ISP. Our Side of the WAN, as well as some of the hop sites have Cisco Layer 3 switches. I know I could set up a VPN through the internet and use routing to accoplish my goal. That is a bunch of work and would require adding a router at Head Office to support the VPN and routing protocols. A good idea though, but we will call the routing topology change "Plan B".
I am mostly just looking for somthing easy right now. I am prepared for the answer to be:
"No you can't do this".
LVL 10

Accepted Solution

ddiazp earned 1500 total points
ID: 33693369
I'm not aware of 'primary' and 'backup' DNS records.

What you can do is this:

Set up your clients with 2 DNS servers. The primary DNS Server will be pointed across the WLAN and will point to your head office DNS server. This Server will have the local IP entry you need.

Then configure your branch's DNS server as the secondary DNS Server. This server will have the external IP of Exchange.

Now set up your records with a low TTL, perhaps 5 minutes.

What happens is now when clients send email they ask your  head office DNS for the local IP of Exchange. If the wireless goes down then clients will attempt to contact your secondary DNS server which is internal and sends them across the internet to your exchange's IP.

Because the TTL is low, the entries will be stored on cache for 5 minutes; your ISP bandwidth will be kept at a minimum, and once the Wireless comes back up, clients will start using their primary DNS server again.

I think it's an excellent way.
LVL 10

Author Closing Comment

ID: 33694144
That is an interesting work around. I think it would work. I think in the end I will likely just reconfigure my routing to accomplish my goal. Thanks for the help.

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question