B1izzard
asked on
MX record question
If I were to add the following records to my domain host, what would happen if one host (199.199.199.199 for example) was down?
MX @ mail.mydomain.com
A mail 199.199.199.199
A mail 198.2.2.2
I want to setup our only mail server so that if our ISP goes down (which it has 2 times this week), that I can move the cable over to our other ISP and mail will continue flowing by switching from the 199.199.199.199 WAN IP to the 198.2.2.2 WAN IP.
If I do it this way, would this cause intermittent problems where it does a round-robin and the mail server answers incoming 50% of the time, or will it work like having 2 MX records and just jump to the next one if the first one doesn't answer?
Right now, I have it setup as the following which is working fine. The annoying thing is that people have to access OWA now as mail2, which we would rather have both working as just mail.
MX @ mail.mydomain.com pref 10
MX @ mail2.mydomain.com pref 20
A mail 1.1.1.1
A mail2 2.2.2.2
MX @ mail.mydomain.com
A mail 199.199.199.199
A mail 198.2.2.2
I want to setup our only mail server so that if our ISP goes down (which it has 2 times this week), that I can move the cable over to our other ISP and mail will continue flowing by switching from the 199.199.199.199 WAN IP to the 198.2.2.2 WAN IP.
If I do it this way, would this cause intermittent problems where it does a round-robin and the mail server answers incoming 50% of the time, or will it work like having 2 MX records and just jump to the next one if the first one doesn't answer?
Right now, I have it setup as the following which is working fine. The annoying thing is that people have to access OWA now as mail2, which we would rather have both working as just mail.
MX @ mail.mydomain.com pref 10
MX @ mail2.mydomain.com pref 20
A mail 1.1.1.1
A mail2 2.2.2.2
ASKER
Omarfarid thanks for the response, but I think you misunderstood my question.
MX does not do a round robin, it uses the priority setting for delivering emails. The lower number will be used first and then if unsuccessful the next lower number MX record will be tried.
So set it up like he shows above. Then switch you cable manually when the lower number is offline or isp is down and it will deliver email to second MX record when it appears online.
You need an A record with a PTR or RR same thing for each mx record! That is RFC.
example:
mydomain.com in mx 10 mail1.mydomain.com needs also to have an A record. Example A mail1.mydomain.com 69.73.2.55 with a matching reverse record that would use the 69.73.2.55 pointing to mail1.mydomain.com. Of course you would use the external ip address assigned to your org.
Then make sure you have the 3 records for the next MX and so on.
So set it up like he shows above. Then switch you cable manually when the lower number is offline or isp is down and it will deliver email to second MX record when it appears online.
You need an A record with a PTR or RR same thing for each mx record! That is RFC.
example:
mydomain.com in mx 10 mail1.mydomain.com needs also to have an A record. Example A mail1.mydomain.com 69.73.2.55 with a matching reverse record that would use the 69.73.2.55 pointing to mail1.mydomain.com. Of course you would use the external ip address assigned to your org.
Then make sure you have the 3 records for the next MX and so on.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My bad this is corrected as i set both MX priority records to 10 which is wrong. They should not be set the same priority.
ISP #1
MX 10 mail1.mydomain.com
A mail1.mydomain.com 199.199.199.199
PTR 199.199.199.199 mail1.mydomain.com
ISP #2
MX 20 mail2.mydomain.com
A mail2.mydomain.com 198.2.2.2
PTR 198.2.2.2 mail2.mydomain.com
ISP #1
MX 10 mail1.mydomain.com
A mail1.mydomain.com 199.199.199.199
PTR 199.199.199.199 mail1.mydomain.com
ISP #2
MX 20 mail2.mydomain.com
A mail2.mydomain.com 198.2.2.2
PTR 198.2.2.2 mail2.mydomain.com
They can be set to the same priority, it'll mean delivery is (somewhat) equally balanced between the two IPs.
THe PTR record may present a problem if the server behind all that is the same. That is, your PTR record must reference the name used by the server.
You might consider this kind of set-up:
@ MX 10 smtp-1
@ MX 10 smtp-2
smtp-1 IN A 199.199.199.199
smtp-2 IN A 198.2.2.2
This is find for inbound, we have distinct delivery paths. We don't need to care about the name used by the server for inbound delivery (i.e. it does not need to match the name the server uses in its banner).
Next we have the A and PTR records to handle anti-spam checks on outbound mail:
mail IN A 199.199.199.199
mail IN A 198.2.2.2
Then PTR records:
2.2.2.198.in-addr.arpa. IN PTR mail.domain.com.
199.199.199.199.in-addr.ar pa. IN PTR mail.domain.com.
This is permissible, and will pass anti-spam checks for outbound delivery, although some ISPs / DNS admins flag dislike about multiple PTRs for the same name. You can insist they let it lie, nothing wrong here.
Finally, a name for OWA, entirely separate from all of the above:
webmail IN A 199.199.199.199
The final record would have to be adjusted based on the state of the connection because you'll have trouble with getting to OWA reliably otherwise.
Alternatively, you could state that OWA is reliant on a single connection and forget the other.
The downside to this approach is that our mail server would need a certificate that included all of this to use TLS (if that is a concern):
smtp-1.domain.com
smtp-2.domain.com
mail.domain.com
webmail.domain.com
Chris
THe PTR record may present a problem if the server behind all that is the same. That is, your PTR record must reference the name used by the server.
You might consider this kind of set-up:
@ MX 10 smtp-1
@ MX 10 smtp-2
smtp-1 IN A 199.199.199.199
smtp-2 IN A 198.2.2.2
This is find for inbound, we have distinct delivery paths. We don't need to care about the name used by the server for inbound delivery (i.e. it does not need to match the name the server uses in its banner).
Next we have the A and PTR records to handle anti-spam checks on outbound mail:
mail IN A 199.199.199.199
mail IN A 198.2.2.2
Then PTR records:
2.2.2.198.in-addr.arpa. IN PTR mail.domain.com.
199.199.199.199.in-addr.ar
This is permissible, and will pass anti-spam checks for outbound delivery, although some ISPs / DNS admins flag dislike about multiple PTRs for the same name. You can insist they let it lie, nothing wrong here.
Finally, a name for OWA, entirely separate from all of the above:
webmail IN A 199.199.199.199
The final record would have to be adjusted based on the state of the connection because you'll have trouble with getting to OWA reliably otherwise.
Alternatively, you could state that OWA is reliant on a single connection and forget the other.
The downside to this approach is that our mail server would need a certificate that included all of this to use TLS (if that is a concern):
smtp-1.domain.com
smtp-2.domain.com
mail.domain.com
webmail.domain.com
Chris
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Chris,
I agree with the above and also with the OWA having a seperate A record independent of the mail DNS records. I would think a UC SAN certificate could be used with the additional names added as subject alternate names.
I agree with the above and also with the OWA having a seperate A record independent of the mail DNS records. I would think a UC SAN certificate could be used with the additional names added as subject alternate names.
ASKER
Thanks. Looks like I will just change the new ISP connection to mail and the backup ISP to mail2 and be done with it.
mydomain.com IN MX 10 mail1.mydomain.com.
mydomain.com IN MX 20 mail3.mydomain.com.
in the above example mail1 is preferred over mail3 and mail3 will be used when mail1 is not reachable