Solved

MX record question

Posted on 2011-02-11
10
466 Views
Last Modified: 2012-05-11
If I were to add the following records to my domain host, what would happen if one host (199.199.199.199 for example) was down?

MX     @    mail.mydomain.com
A       mail       199.199.199.199
A        mail       198.2.2.2

I want to setup our only mail server so that if our ISP goes down (which it has 2 times this week), that I can move the cable over to our other ISP and mail will continue flowing by switching from the 199.199.199.199 WAN IP to the 198.2.2.2 WAN IP.

If I do it this way, would this cause intermittent problems where it does a round-robin and the mail server answers incoming 50% of the time, or will it work like having 2 MX records and just jump to the next one if the first one doesn't answer?

Right now, I have it setup as the following which is working fine.  The annoying thing is that people have to access OWA now as mail2, which we would rather have both working as just mail.

MX   @      mail.mydomain.com   pref 10
MX   @      mail2.mydomain.com   pref 20

A     mail            1.1.1.1
A     mail2          2.2.2.2
0
Comment
Question by:B1izzard
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 34873272
you can always set wight or preference for your mail server:

mydomain.com     IN     MX     10 mail1.mydomain.com.
mydomain.com     IN     MX     20 mail3.mydomain.com.

in the above example mail1 is preferred over mail3 and mail3 will be used when mail1 is not reachable
0
 

Author Comment

by:B1izzard
ID: 34873286
Omarfarid thanks for the response, but I think you misunderstood my question.
0
 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34873791
MX does not do a round robin, it uses the priority setting for delivering emails. The lower number will be used first and then if unsuccessful the next lower number MX record will be tried.

So set it up like he shows above. Then switch you cable manually when the lower number is offline or isp is down and it will deliver email to second MX record when it appears online.

You need an A record with a PTR or RR same thing for each mx record! That is RFC.

example:

mydomain.com in mx 10 mail1.mydomain.com needs also to have an A record. Example A mail1.mydomain.com  69.73.2.55 with a matching reverse record that would use the 69.73.2.55 pointing to mail1.mydomain.com. Of course you would use the external ip address assigned to your org.

Then make sure you have the 3 records for the next MX and so on.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 200 total points
ID: 34873813

> what would happen if one host (199.199.199.199 for example) was down?

Any mail system that ended up trying 199.199.199.199 would queue and (potentially) eventually bounce the mail.

You need mulitple MX records if you want fault tolerance. The example you cite is simply a single MX pointing to an address that resolves using Round Robin.

> The annoying thing is that people have to access OWA now as mail2, which we would rather have both working as just mail.

But if you make them both resolve to the same name it's pot luck whether or not you'll get to OU in the event of an outage. Assuming both run OWA.

You could dynamically change the IP associated with the record (if you got a DNS service that permitted speedy alteration), but any other method is flawed, you just end up moving the problem around.

Chris
0
 
LVL 5

Assisted Solution

by:alreadyinuse
alreadyinuse earned 200 total points
ID: 34874077
Chris,

The example i posted above indeed only shows one MX but i stated to follow the first example of setting up two MX records. The example was to indicate that for each MX you also need an A record and the PTR record for the MX record name.

I should have continued the example for the second etc. sorry.

If the client is using two seperate ISP's as stated then i would think that they would have seperate IP Address blocks assigned?

So this is more detailed but brief.

ISP #1
MX 10 mail1.mydomain.com
A mail1.mydomain.com 199.199.199.199
PTR 199.199.199.199 mail1.mydomain.com

ISP #2

MX 10 mail2.mydomain.com
A mail2.mydomain.com 198.2.2.2
PTR 198.2.2.2 mail2.mydomain.com

This should cover the MX but as Chris stated that would not cover OWA. About the only thing you might do is request or set a low TTL for the OWA DNS record and then change it to the failover second ISP when needed. Then point the OWA A record back to the first ISP when needed.
 





0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34874088
My bad this is corrected as i set both MX priority records to 10 which is wrong. They should not be set the same priority.

ISP #1
MX 10 mail1.mydomain.com
A mail1.mydomain.com 199.199.199.199
PTR 199.199.199.199 mail1.mydomain.com

ISP #2

MX 20 mail2.mydomain.com
A mail2.mydomain.com 198.2.2.2
PTR 198.2.2.2 mail2.mydomain.com

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34874204
They can be set to the same priority, it'll mean delivery is (somewhat) equally balanced between the two IPs.

THe PTR record may present a problem if the server behind all that is the same. That is, your PTR record must reference the name used by the server.

You might consider this kind of set-up:

@  MX 10  smtp-1
@  MX 10  smtp-2

smtp-1  IN A  199.199.199.199
smtp-2  IN A  198.2.2.2

This is find for inbound, we have distinct delivery paths. We don't need to care about the name used by the server for inbound delivery (i.e. it does not need to match the name the server uses in its banner).

Next we have the A and PTR records to handle anti-spam checks on outbound mail:

mail   IN A   199.199.199.199
mail   IN A   198.2.2.2

Then PTR records:

2.2.2.198.in-addr.arpa.  IN PTR  mail.domain.com.
199.199.199.199.in-addr.arpa.  IN PTR  mail.domain.com.

This is permissible, and will pass anti-spam checks for outbound delivery, although some ISPs / DNS admins flag dislike about multiple PTRs for the same name. You can insist they let it lie, nothing wrong here.

Finally, a name for OWA, entirely separate from all of the above:

webmail  IN A  199.199.199.199

The final record would have to be adjusted based on the state of the connection because you'll have trouble with getting to OWA reliably otherwise.

Alternatively, you could state that OWA is reliant on a single connection and forget the other.

The downside to this approach is that our mail server would need a certificate that included all of this to use TLS (if that is a concern):

smtp-1.domain.com
smtp-2.domain.com
mail.domain.com
webmail.domain.com

Chris
0
 
LVL 9

Assisted Solution

by:sshah254
sshah254 earned 100 total points
ID: 34874631
One more thing to what Chris mentioned above ...

Do set the SPF records correctly since you may be using two separate IPs for o/g mails.

Ss
0
 
LVL 5

Expert Comment

by:alreadyinuse
ID: 34874648
Chris,

I agree with the above and also with the OWA having a seperate A record independent of the mail DNS records. I would think a UC SAN certificate could be used with the additional names added as subject alternate names.
0
 

Author Closing Comment

by:B1izzard
ID: 34874751
Thanks.  Looks like I will just change the new ISP connection to mail and the backup ISP to mail2 and be done with it.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now