How best to Configure iphone for failover IP scenario

We have our main external IP range lets call it 66.66.66.66 for our T1 line, and firewall, and exchange server etc. The firewall has been configured for failover, so that it the T1 goes down, the DSL will kick in - it's IP's are 44.44.44.44
On the external MX records, I can send the email to the 44.44.44.44 IP's if the 66.66.66.66 is down. The iphone has an A record called iphone.myco.com which points to the IP of the mail server - say 66.66.66.01and it works fine. When the failover happens, the iphone will not get email because it is not pointing to the 44.44.44.01 (the DSL's IP for the exchange server)
Can I set up the MX records or the iphone itself so that the failover will allow the iphone to continue to get email automatically when the T1 is down?
D. DeignanIT ManagerAsked:
Who is Participating?
 
redbmasterCommented:
The issue is DNS is not meant for true high availability. Some people will swear by it, but others will call it half a$$ed. I'm kind of in the middle. The thing to look out for is the TTL setting. Some people set it as low as 30 seconds and others go with 5-10 minutes. The TTL will basically tell the devices that they need to go look for a new DNS record.

The issue with DNS RR (round robin) is that it'll point devices to each external IP. So, if two devices look up the DNS record of your server one will get the 66 ip and the other will get the 44 ip, and it will continue to alternate between the two IPs. If one goes down then it technically shouldn't give it out anymore, but the clients that already have that IP will continue to fail until their TTL for that record expires.

That being said it should work, but its not going to provide an instant failover. Its a cheap way to get a failover like setup. I'd say try it out and see if its a viable solution for your company.
0
 
redbmasterCommented:
You should be pointing the iPhone to the DNS MX record. But if you want to maintain a totally separate DNS record then you'll want to add the 44.44.44.01 ip address to iphone.myco.com.

Note that this isn't a true failover as DNS will round robin the IPs.
0
 
D. DeignanIT ManagerAuthor Commented:
Hi redbmaster - I don't point the iphone to the email MX record because that points to  the spam filter we have. When I point the iphone to the spam filter it does not get email - only when I point it to the exchange server.
Also I have an A record for the iphone.myco.com not an MX record so can't add multiple IP's (or can I?)
I could try changing the iphone A record to an MX record and see if they still get email?
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
redbmasterCommented:
You should be able to set multiple A records.

The more I think about it the less I believe this will really work for you. With this setup if either connection goes down the client device will need to refresh its DNS records until it pulls the other/working connection.
0
 
D. DeignanIT ManagerAuthor Commented:
Hi redbmaster - what do you suggest then? I am thinking of changing the iphone A records to 2 MX records, the 1st will point to the 66.66.66.01 IP and the 2nd one will point to the 44.44.44.01 IP. Do you see any issue with that?  thanks..
0
 
D. DeignanIT ManagerAuthor Commented:
Thanks redbmaster for all your help. I have been reading online also and I found thsi very useful article : http://community.spiceworks.com/topic/188988-dns-settings-in-failover-situation
I think after your comments and reading the article, that it would be best if I do not chanage the iphone from A to MX. If the main line goes down I will either change the A record for the iphone or change the IP on the iphone it self. It's only 4 iphones in the company so although that is very manual, it means I will know exactly what is going where.
0
 
redbmasterCommented:
Ah yes, I almost forgot about this. They are talking about using dynamic DNS to provide failover. I used no-ip.com back in the day when I was hosting a few servers out of my house. I had cable highspeed internet at my house and did not purchase a static ip, so basically these work by installing a small app on a pc or server, in your case, which checks in with their server and updates your DNS record with that machine's outside IP address. This allowed anyone to connect to my servers via that domain name even if my public IP address changed at home.

I would look at your current DNS provider to see if they offer that service. If not it looks like the average cost for this service is $20-$30 a year. This price point is easily affordable by most companies. Take a look at http://www.no-ip.com/business/ for more info, and I hear good things about dyn.com, http://dyn.com/dns/dyn-standard-dns/.
0
 
D. DeignanIT ManagerAuthor Commented:
Because an article I found online also helped. I posted the article in the comment fro others to access also.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.