DNS Records email and other services

If our main site goes down and mail needs to be delivered to our secondary site where we are hosting a seconday mail server what steps need to be taken on our DNS A records and MX records?

I know that our current MX record is pointing to our ISP here where our primary site is, but when that site goes down what changes do I need to make with the DNS records on our domain regitstrar site?

Our mail.domain.com MX record that was pointing to its current IP address needs to be changed to the others sites external IP address. Do I change that manually or do I setup another MX record with that secondary site IP and have th eoriginal MX record forward emails to that one?

Just need to know the best solution, thanks.
LVL 7
tolinromeAsked:
Who is Participating?
 
djcanterConnect With a Mentor Commented:
Yes. you are correct. Mail delivery will be attempted on mailserver.domain.com first, if that connection fails, delivery will be automatically attempted on drmailserver.com.

What you need to ensure is that the mail server at dr site delivers that mail to mailserver.domain.com.
0
 
djcanterCommented:
Create a second mx record with a higher  preference. This is exactly what the additional mx records are for.


ex.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\dcanter>nslookup
Default Server:  dc1.domain.com
Address:  192.168.2.13

> set typ=mx
> godaddy.com
Server:  dc1.domain.com
Address:  192.168.2.13

Non-authoritative answer:
godaddy.com     MX preference = 10, mail exchanger = mailstore1.secureserver.net

godaddy.com     MX preference = 0, mail exchanger = smtp.secureserver.net

godaddy.com     nameserver = cns3.secureserver.net
godaddy.com     nameserver = cns1.secureserver.net
godaddy.com     nameserver = cns2.secureserver.net
>

For our scenario, if our primary site goes down, the secondary site will receive mail and once the primary site is backup, it will deliver the mail to primary mail server.

How your scenario will work will be dependent upon your specifications and mail server type.
0
 
Todd GerbertIT ConsultantCommented:
djcanter is absolutely 100% correct (i.e. so you shouldn't award my comment any points), I would only add that if you use a hosted service like PostIni, or Forefront Online Protection for Exchange, they probably offer a service that will store your mail for you until your server comes back up.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
tolinromeAuthor Commented:
thanks dj and tgerbert, but I'm still a little confused. I need to understand it 100% logically first.
We currently have on our internet registrar these MX records:

priority 10 mailserver.domain.com (has an A record with same name that has an external IP points to our local ISP here)

priority 20 drmailserver.domain.com (has an A record with same name that has an external IP points to our secondary site)


So what I'm assuming is that once the primary goes down, requests then see the 2nd MX record and forward to that IP, correct? And this is automatic?
0
 
tolinromeAuthor Commented:
That confused me:

"What you need to ensure is that the mail server at dr site delivers that mail to mailserver.domain.com. "

so, if the main site is down and all mail is being forwarded to drmailserver.domain.com then that email server is receiving our domains mail. How can it deliver it to mailserver.domain.com if it's down? Or do you mean it has to be able to deliver to the mailserver.domain.com MX record which will forward it?
0
 
djcanterCommented:
Once mailserver.domain.com comes back up. It will need to deliver the mail.
Think of the secondary mail server as a holding bin.
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Don't use MX records as a way to provide email continuity, as it will only cause you problems.
The "cost" on MX records is not something that can be depended on. Legitimate email will be delivered to all MX records and spammers actively target higher cost MX records on purpose.

Therefore unless you can block the second site from receiving email at all, or the second location connectedted to your primary location in such a way that they are as one (So same Exchange org for example, then I wouldn't put anothindependentant mail server in to the MX record configuration.

Even if the second server can forward email to your primary server, I see that as a poor solution because it means you lose the biggest fight against spam, which is recipient validation - ie dropping email that is for aexistentstant user. This is only effective if it is dropped at the primary point of delivery.

The simple way round this issue, while avoiding downtime caused by DNS records being fully available ovInternetnternet is to use a dynamic DNS seConfigureOnfigure the Dynamic DNS service to point the host name at your live IP address, so your MX records look like this:

MX: host.example.com 10
MX: host.dynamicdns.net 10

Then in the event of a complete failure, change the IP address on the Dynamic DNS service to secondarythe secodnary server. No loss of email, no legitimate email being delivered to a server you don't care about most of the time when you aren't in a DR situation.

You could just change your MX records when required, but it can be 48 hours before alInternetorecognizeernet recognise that change, so email could be lost.

Thementionedtion as mentioend above is to use a hosted solution to filter your email, many of which give you the ability to view the email in the event of your own server going down.

Simon.
0
 
djcanterCommented:
I disagree.

My primary site sits behind a Barracuda. If my connection goes down, mail is delivered to site2,. once connection comes back up, mail is fed back through my barracuda to my exchange server.
0
 
Simon Butler (Sembee)ConsultantCommented:
djcanter - what exactly are you disagreeing about?

The email will flow, but I can point to two long term monitored experiments using dual MX records where valid email comes in through both, despite the "primary" being active throughout.

Simon.
0
 
djcanterCommented:
Only illegitimate mail will be delivered to all mx servers. The barracuda or other filtering appliance scrubs the mail on the way back in.  This is the same way the hosted solutions work, the 2nd mx record that is.
0
 
djcanterCommented:
Dynamic dns. I have never heard it being used.
0
 
Simon Butler (Sembee)ConsultantCommented:
I disagree about only unwanted email being delivered to all MX record servers. I haven't posted on EE for about three years, and even back then I had an experiement running with a client (which still runs today) that had about 25% of all email coming in through the second higher cost server. Having that server forward the email to be scrubbed by the appliance or whatever is too late in my opinion and also means losing recipient validation in most cases meaning you are wasting bandwidth.

As for the dynamic DNS method, I have been advocating that method for some time - again when I was here before it was a frequent suggestion and one I have used in many places. Saves having to maintain a second server. In the event of an extended failover I can setup another server in a few minutes and then direct email to it immediately because the MX record already has the required host in it.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.