mx records for multi server Exchange 2010 deployment

hello.  in the process of deploying a (2) server Exchange 2010 environment, which will temporarily be in co-existence with 2003.  Both 2010 servers will have all 3 roles (CAS, HT, Mailbox), both with be members of a CAS array and both will be configured as DAG.  I will not be doing load balancing since both will be in a CAS array and a DAG and there is only 2 servers and not external hardware load balancer at this point.

I realize that all OWA traffic will route through only 1 of the 2 new servers since there is no load balancing.  and I realize that i will configure my internal dns for the CAS array to point outlook client requests either to a single server (and manually update if it ever fails) or to both servers via DNS round robin.

What I want clarification on is how the mx records come into play.  All inbound/outbound smtp traffic will be routed through our smarthost (sonic wall spam filtering appliance).  Do i simply have a single external mx record that resolves to the sonic wall and then on the sonic wall have a rule that allows mail to/from both of the 2010 servers?

one other question - if the majority of our corporate client use is OWA on the internal network, could i also create multiple internal DNS records that point to each of the 2 servers and use DNS round robin for that traffic as well?
wpstechAsked:
Who is Participating?
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
You have only one point of entry, the sonicwall. Therefore your PUBLIC DNS should ONLY have one MX record, the sonicwall.

What WayneATaylor is recomending you do would Bypass your Sonicwall! Not a good idea.
0
 
WayneATaylorCommented:
Hi

You could either have a single MX record that points to an inbound route on a single address, or better still if you have multiple external IP addresses I would set 2 MX entries pointing to each address that are routed to each of the servers.  Then make sure that both have the SMTP connector running.
That will give you resilience if the SMTP fails on one of thes servers.

And yes you should be able to use the round robin DNS as you say and do the same with the OWA.

Wayne


0
 
WayneATaylorCommented:
Not at all, I am saying that if you have a multi IP address subnet on the internet side of the Sonicwall from your Intenret provider, you can configure mutiple routes into the network using multiple IP addresses, routing to different internal IP addresses, which is a standard way of configuring this type of setup.

If you only have one IP address then of course you cant do this...

Wayne

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Neil RussellTechnical Development LeadCommented:
You stated to make sure that both servers had smtp connectors running and to point the MX records at those IP's.  That would BYPASS the Sonicwall.

The questin is quite clear, ALL inbound and inbound MUST go through the sonicwall. Therefore the ONLY MX record that should exist MUST point at the sonicwall and NOT the exchange servers.
0
 
Neil RussellTechnical Development LeadCommented:
All inbound and outbound**
0
 
wpstechAuthor Commented:
correct, we have the spam appliance in place to scrub inbound/outbound mail, so i do not want to route internet traffic directly to/from the Exchange boxes.  Wayne, are you saying that I should have multiple outside IP addresses that point SMTP traffic to the sonicwall, therefore having the sonicwall listen for port 25 traffic from 2 different addresses? and then allowing delivery of SMTP traffic to the 2 exchange servers on the internal network?
0
 
WayneATaylorCommented:
Ah OK, I missed that you were using that for Spam!  You must then only have a single MX, or have a second MX at your internet provder in case your server and link is down.


0
 
JaredJ1Commented:
Why can't we all just get along..... Everyone else knew what Wayne meant.

Actually, what Wayne said was :  "set 2 MX entries pointing to each address that are routed to each of the servers"

It's clear that he meant for the traffic to pass via the Sonicwall.
0
 
Neil RussellTechnical Development LeadCommented:
@JaredJ1


WE are getting along!!

"It's clear that he meant for the traffic to pass via the Sonicwall. "
NOPE... As WayneATaylor has just clarified,  he missed a key point and has corrected himself.   IF you have nothing constructive to add to the question itself then please, you do not need to comment.

Thank you WayneATaylor for the clarification.  My reason for pointing it out was purely to avoid confusion for the questioner.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.