mx records for multi server Exchange 2010 deployment

hello.  in the process of deploying a (2) server Exchange 2010 environment, which will temporarily be in co-existence with 2003.  Both 2010 servers will have all 3 roles (CAS, HT, Mailbox), both with be members of a CAS array and both will be configured as DAG.  I will not be doing load balancing since both will be in a CAS array and a DAG and there is only 2 servers and not external hardware load balancer at this point.

I realize that all OWA traffic will route through only 1 of the 2 new servers since there is no load balancing.  and I realize that i will configure my internal dns for the CAS array to point outlook client requests either to a single server (and manually update if it ever fails) or to both servers via DNS round robin.

What I want clarification on is how the mx records come into play.  All inbound/outbound smtp traffic will be routed through our smarthost (sonic wall spam filtering appliance).  Do i simply have a single external mx record that resolves to the sonic wall and then on the sonic wall have a rule that allows mail to/from both of the 2010 servers?

one other question - if the majority of our corporate client use is OWA on the internal network, could i also create multiple internal DNS records that point to each of the 2 servers and use DNS round robin for that traffic as well?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


You could either have a single MX record that points to an inbound route on a single address, or better still if you have multiple external IP addresses I would set 2 MX entries pointing to each address that are routed to each of the servers.  Then make sure that both have the SMTP connector running.
That will give you resilience if the SMTP fails on one of thes servers.

And yes you should be able to use the round robin DNS as you say and do the same with the OWA.


Neil RussellTechnical Development LeadCommented:
You have only one point of entry, the sonicwall. Therefore your PUBLIC DNS should ONLY have one MX record, the sonicwall.

What WayneATaylor is recomending you do would Bypass your Sonicwall! Not a good idea.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Not at all, I am saying that if you have a multi IP address subnet on the internet side of the Sonicwall from your Intenret provider, you can configure mutiple routes into the network using multiple IP addresses, routing to different internal IP addresses, which is a standard way of configuring this type of setup.

If you only have one IP address then of course you cant do this...


Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Neil RussellTechnical Development LeadCommented:
You stated to make sure that both servers had smtp connectors running and to point the MX records at those IP's.  That would BYPASS the Sonicwall.

The questin is quite clear, ALL inbound and inbound MUST go through the sonicwall. Therefore the ONLY MX record that should exist MUST point at the sonicwall and NOT the exchange servers.
Neil RussellTechnical Development LeadCommented:
All inbound and outbound**
wpstechAuthor Commented:
correct, we have the spam appliance in place to scrub inbound/outbound mail, so i do not want to route internet traffic directly to/from the Exchange boxes.  Wayne, are you saying that I should have multiple outside IP addresses that point SMTP traffic to the sonicwall, therefore having the sonicwall listen for port 25 traffic from 2 different addresses? and then allowing delivery of SMTP traffic to the 2 exchange servers on the internal network?
Ah OK, I missed that you were using that for Spam!  You must then only have a single MX, or have a second MX at your internet provder in case your server and link is down.

Why can't we all just get along..... Everyone else knew what Wayne meant.

Actually, what Wayne said was :  "set 2 MX entries pointing to each address that are routed to each of the servers"

It's clear that he meant for the traffic to pass via the Sonicwall.
Neil RussellTechnical Development LeadCommented:

WE are getting along!!

"It's clear that he meant for the traffic to pass via the Sonicwall. "
NOPE... As WayneATaylor has just clarified,  he missed a key point and has corrected himself.   IF you have nothing constructive to add to the question itself then please, you do not need to comment.

Thank you WayneATaylor for the clarification.  My reason for pointing it out was purely to avoid confusion for the questioner.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.