Multiple DNS or routes to Exchange
I have a network with 3 sites, two secondary sites and our Head Office site. Each site has its own internet connection which is its default gateway to the internet, but also has a separate high speed wireless WAN link back to Head Office. Our Exchange server is hosted at our Head Office.
From time to time our wireless WAN link goes down. Even though all of our offices still have internet, our secondary sites lose connection to our Exchange server because it is configured to go over our WAN link. Outlook is configured to fail over to RPC over HTTPS but it still resolves our Exchange server to an internal IP which it can not reach.
Is it possible to configure Outlook/Exchange/DNS to fail over to an external IP if the internal IP is not available? Like having 2 MX records for Exchange, one internal and one external?
From time to time our wireless WAN link goes down. Even though all of our offices still have internet, our secondary sites lose connection to our Exchange server because it is configured to go over our WAN link. Outlook is configured to fail over to RPC over HTTPS but it still resolves our Exchange server to an internal IP which it can not reach.
Is it possible to configure Outlook/Exchange/DNS to fail over to an external IP if the internal IP is not available? Like having 2 MX records for Exchange, one internal and one external?
i would work on the wireless link
i would also compare the speed of the wireless link with the internet connection
it may be better to just have your users configured for Outlook Anywhere in the branch offices thru the Internet all the time
i would also compare the speed of the wireless link with the internet connection
it may be better to just have your users configured for Outlook Anywhere in the branch offices thru the Internet all the time
ASKER
I have been working on the wireless issue. It is over many kilometres and has several hops. It is fairly reliable but two or three times a year it konks out for various reasons. Once a power supply died on a repeater AP 50 ft up an antenna pole, once a storm blew the antenna a couple millimetres off and lost connection. Things happen. Email is essential for our organization and if it is down for several hours it is quite disruptive.
As for speed the wireless is over 20 times faster than our internet feed at the secondary offices and our main bonded T1 at Head Office is metred so we save thousands of dollars per month by pushing as much traffic through the wireless as possible.
I have considered permanent outlook anywhere but it would push all of the traffic out through the internet. The flip side is that there is no redundancy with that configuration either. The beuty of WAN and internet is the redundancy.
As for an external address for Exchange, how do you do that? If I just make a dns entry for mail.mydomain.com, it will always point at my internal IP of my exchange server because internal clients always query my DNS. If they move their PC's out of my network they will query an ISP DNS and it would work, but if the clients are still inside my network, it won't right?
If I point it at the External IP, it will always go out the internet.
You see the dilema?
Maybe it is not possible without some fancy router configurations.
As for speed the wireless is over 20 times faster than our internet feed at the secondary offices and our main bonded T1 at Head Office is metred so we save thousands of dollars per month by pushing as much traffic through the wireless as possible.
I have considered permanent outlook anywhere but it would push all of the traffic out through the internet. The flip side is that there is no redundancy with that configuration either. The beuty of WAN and internet is the redundancy.
As for an external address for Exchange, how do you do that? If I just make a dns entry for mail.mydomain.com, it will always point at my internal IP of my exchange server because internal clients always query my DNS. If they move their PC's out of my network they will query an ISP DNS and it would work, but if the clients are still inside my network, it won't right?
If I point it at the External IP, it will always go out the internet.
You see the dilema?
Maybe it is not possible without some fancy router configurations.
You would just create an x record in your local dns server pointing at the Internet ip of you exchange server.
About the fancy router configuration you could implement GLBP if you have a router for the wireless and another one for the ISP. Weight traffic to the wireless and implement load balancing depending on destination IP. Both routers must support GLBP.
Second best option would be HSRP or VRRP if you have 2 routers, 1 for Wireless and one for ISP.
You could set your default gateway to be your WLAN, If that link fails they will auto switch to your ISP if you configure tracking, preemption and priorities
Correctly.
What's your network topology?
About the fancy router configuration you could implement GLBP if you have a router for the wireless and another one for the ISP. Weight traffic to the wireless and implement load balancing depending on destination IP. Both routers must support GLBP.
Second best option would be HSRP or VRRP if you have 2 routers, 1 for Wireless and one for ISP.
You could set your default gateway to be your WLAN, If that link fails they will auto switch to your ISP if you configure tracking, preemption and priorities
Correctly.
What's your network topology?
ASKER
If I created an X record pointing at my external mail server IP, it would just route all of my mail out through the internet though right?
I am wondering if there is a way to have a primary and secondary entry for my internal Exchange server the same way you would use a primary and backup MX record. Mail gets sent to the primary address unless it is unavailable, then starts sending to the higher weighted record until the primary becomes available again.
I am not sure if this is possible internally but I believe that is how MX records work externally.
As for the router situation, our WAN topology is not exactly the same at each site. The remote sites have Cisco 1800 series router with one interface connected to the WAN and one to the ISP. Our Side of the WAN, as well as some of the hop sites have Cisco Layer 3 switches. I know I could set up a VPN through the internet and use routing to accoplish my goal. That is a bunch of work and would require adding a router at Head Office to support the VPN and routing protocols. A good idea though, but we will call the routing topology change "Plan B".
I am mostly just looking for somthing easy right now. I am prepared for the answer to be:
"No you can't do this".
I am wondering if there is a way to have a primary and secondary entry for my internal Exchange server the same way you would use a primary and backup MX record. Mail gets sent to the primary address unless it is unavailable, then starts sending to the higher weighted record until the primary becomes available again.
I am not sure if this is possible internally but I believe that is how MX records work externally.
As for the router situation, our WAN topology is not exactly the same at each site. The remote sites have Cisco 1800 series router with one interface connected to the WAN and one to the ISP. Our Side of the WAN, as well as some of the hop sites have Cisco Layer 3 switches. I know I could set up a VPN through the internet and use routing to accoplish my goal. That is a bunch of work and would require adding a router at Head Office to support the VPN and routing protocols. A good idea though, but we will call the routing topology change "Plan B".
I am mostly just looking for somthing easy right now. I am prepared for the answer to be:
"No you can't do this".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That is an interesting work around. I think it would work. I think in the end I will likely just reconfigure my routing to accomplish my goal. Thanks for the help.
Open your firewall to allow incoming connections on port 25 to your exchange server on your head office and only allow your two branches to come in; then change your DNS entries to point to the external IP.
I'd use this at least until I figure out what's wrong with the Wireless link.
If you have multiple DNS entries it will just round robin local and external IPs, DNS is not smart enough to realize one dns entry doesn't respond, also, you'd have to worry about flushing dns caches on local machines,.. just my 2 cents