[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 484
  • Last Modified:

DNS Records email and other services

If our main site goes down and mail needs to be delivered to our secondary site where we are hosting a seconday mail server what steps need to be taken on our DNS A records and MX records?

I know that our current MX record is pointing to our ISP here where our primary site is, but when that site goes down what changes do I need to make with the DNS records on our domain regitstrar site?

Our mail.domain.com MX record that was pointing to its current IP address needs to be changed to the others sites external IP address. Do I change that manually or do I setup another MX record with that secondary site IP and have th eoriginal MX record forward emails to that one?

Just need to know the best solution, thanks.
0
tolinrome
Asked:
tolinrome
  • 6
  • 3
  • 2
  • +1
2 Solutions
 
djcanterCommented:
Create a second mx record with a higher  preference. This is exactly what the additional mx records are for.


ex.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\dcanter>nslookup
Default Server:  dc1.domain.com
Address:  192.168.2.13

> set typ=mx
> godaddy.com
Server:  dc1.domain.com
Address:  192.168.2.13

Non-authoritative answer:
godaddy.com     MX preference = 10, mail exchanger = mailstore1.secureserver.net

godaddy.com     MX preference = 0, mail exchanger = smtp.secureserver.net

godaddy.com     nameserver = cns3.secureserver.net
godaddy.com     nameserver = cns1.secureserver.net
godaddy.com     nameserver = cns2.secureserver.net
>

For our scenario, if our primary site goes down, the secondary site will receive mail and once the primary site is backup, it will deliver the mail to primary mail server.

How your scenario will work will be dependent upon your specifications and mail server type.
0
 
Todd GerbertIT ConsultantCommented:
djcanter is absolutely 100% correct (i.e. so you shouldn't award my comment any points), I would only add that if you use a hosted service like PostIni, or Forefront Online Protection for Exchange, they probably offer a service that will store your mail for you until your server comes back up.
0
 
tolinromeAuthor Commented:
thanks dj and tgerbert, but I'm still a little confused. I need to understand it 100% logically first.
We currently have on our internet registrar these MX records:

priority 10 mailserver.domain.com (has an A record with same name that has an external IP points to our local ISP here)

priority 20 drmailserver.domain.com (has an A record with same name that has an external IP points to our secondary site)


So what I'm assuming is that once the primary goes down, requests then see the 2nd MX record and forward to that IP, correct? And this is automatic?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
djcanterCommented:
Yes. you are correct. Mail delivery will be attempted on mailserver.domain.com first, if that connection fails, delivery will be automatically attempted on drmailserver.com.

What you need to ensure is that the mail server at dr site delivers that mail to mailserver.domain.com.
0
 
tolinromeAuthor Commented:
That confused me:

"What you need to ensure is that the mail server at dr site delivers that mail to mailserver.domain.com. "

so, if the main site is down and all mail is being forwarded to drmailserver.domain.com then that email server is receiving our domains mail. How can it deliver it to mailserver.domain.com if it's down? Or do you mean it has to be able to deliver to the mailserver.domain.com MX record which will forward it?
0
 
djcanterCommented:
Once mailserver.domain.com comes back up. It will need to deliver the mail.
Think of the secondary mail server as a holding bin.
0
 
Simon Butler (Sembee)ConsultantCommented:
Don't use MX records as a way to provide email continuity, as it will only cause you problems.
The "cost" on MX records is not something that can be depended on. Legitimate email will be delivered to all MX records and spammers actively target higher cost MX records on purpose.

Therefore unless you can block the second site from receiving email at all, or the second location connectedted to your primary location in such a way that they are as one (So same Exchange org for example, then I wouldn't put anothindependentant mail server in to the MX record configuration.

Even if the second server can forward email to your primary server, I see that as a poor solution because it means you lose the biggest fight against spam, which is recipient validation - ie dropping email that is for aexistentstant user. This is only effective if it is dropped at the primary point of delivery.

The simple way round this issue, while avoiding downtime caused by DNS records being fully available ovInternetnternet is to use a dynamic DNS seConfigureOnfigure the Dynamic DNS service to point the host name at your live IP address, so your MX records look like this:

MX: host.example.com 10
MX: host.dynamicdns.net 10

Then in the event of a complete failure, change the IP address on the Dynamic DNS service to secondarythe secodnary server. No loss of email, no legitimate email being delivered to a server you don't care about most of the time when you aren't in a DR situation.

You could just change your MX records when required, but it can be 48 hours before alInternetorecognizeernet recognise that change, so email could be lost.

Thementionedtion as mentioend above is to use a hosted solution to filter your email, many of which give you the ability to view the email in the event of your own server going down.

Simon.
0
 
djcanterCommented:
I disagree.

My primary site sits behind a Barracuda. If my connection goes down, mail is delivered to site2,. once connection comes back up, mail is fed back through my barracuda to my exchange server.
0
 
Simon Butler (Sembee)ConsultantCommented:
djcanter - what exactly are you disagreeing about?

The email will flow, but I can point to two long term monitored experiments using dual MX records where valid email comes in through both, despite the "primary" being active throughout.

Simon.
0
 
djcanterCommented:
Only illegitimate mail will be delivered to all mx servers. The barracuda or other filtering appliance scrubs the mail on the way back in.  This is the same way the hosted solutions work, the 2nd mx record that is.
0
 
djcanterCommented:
Dynamic dns. I have never heard it being used.
0
 
Simon Butler (Sembee)ConsultantCommented:
I disagree about only unwanted email being delivered to all MX record servers. I haven't posted on EE for about three years, and even back then I had an experiement running with a client (which still runs today) that had about 25% of all email coming in through the second higher cost server. Having that server forward the email to be scrubbed by the appliance or whatever is too late in my opinion and also means losing recipient validation in most cases meaning you are wasting bandwidth.

As for the dynamic DNS method, I have been advocating that method for some time - again when I was here before it was a frequent suggestion and one I have used in many places. Saves having to maintain a second server. In the event of an extended failover I can setup another server in a few minutes and then direct email to it immediately because the MX record already has the required host in it.

Simon.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 6
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now