dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2507
share rss forum feed


exocet_cm
Free at last, free at last
Premium
join:2003-03-23
New Orleans, LA
kudos:3

Very basic DNS question about host names

Wanting to add a DNS entry for two SMTP relay servers in the event one goes down.

"A" host record:
smtp.mydomain.com --> 192.168.2.5
smtp.mydomain.com --> 192.168.2.6

I've added both entries to the DNS server without issue. Is this the correct way of going about it?
--
"I have measured out my life with coffee spoons..." - T.S Eliot
"I have often regretted my speech, never my silence." - Publilius Syrus
Ma blog: »www.johndball.com



PToN
Premium
join:2001-10-04
Houston, TX

»DNS - A, MX and PTR records - Silly quesiton

To summarize, you want to use the MX records. If you are returning 2 A records and one of them is down, your connection will time out about 50% of the time.

With MX records, the delivery will be attempted for each of the entries. It first tries the one with the lowest priority number, then the next with the 2nd lowest priority number and so on.



DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

And you can set the priority to be the same and it'll bonce back and forth as to which it goes to, and if one fails it'll just go to the other.



exocet_cm
Free at last, free at last
Premium
join:2003-03-23
New Orleans, LA
kudos:3
reply to exocet_cm

Thanks PToN See Profile. I didn't see your thread.

I added two MX entries both for smtp.mydomain.com and each pointing to a different server's IP address. Both with the default priority of "10". If I understand DarkLogix See Profile correctly, it'll keep hitting both until one resolves correctly.
--
"I have measured out my life with coffee spoons..." - T.S Eliot
"I have often regretted my speech, never my silence." - Publilius Syrus
Ma blog: »www.johndball.com



exocet_cm
Free at last, free at last
Premium
join:2003-03-23
New Orleans, LA
kudos:3
reply to PToN

said by PToN:

»DNS - A, MX and PTR records - Silly quesiton

To summarize, you want to use the MX records. If you are returning 2 A records and one of them is down, your connection will time out about 50% of the time.

With MX records, the delivery will be attempted for each of the entries. It first tries the one with the lowest priority number, then the next with the 2nd lowest priority number and so on.

Okay, it is working with a few of our newer equipment but I have some old network devices that aren't working with the MX record of smtp.mydomain.com.

I get "DNS lookup failed to find SMTP server address". If go back and make an "A" host record it works.
Edit: Two network projectors and two old APC network managemnet cards throw an error. The new APC network management card and some of my applications (ESET for example) resolve and relay correctly.
Edit 2: And a simple script using Mailsend throws an error "could not connect to SMTP server at port 25" using the MX records. Successful with "A" records.
--
"I have measured out my life with coffee spoons..." - T.S Eliot
"I have often regretted my speech, never my silence." - Publilius Syrus
Ma blog: »www.johndball.com


Black Box

join:2002-12-21

Just a sanity check, as most web interfaces enforce it. Is the MX record pointing to a valid A or CNAME record? Is the decimal appended correctly to the MX destination?

In your example, I would expect to see something like:


smtp.mydomain.com. IN A 192.168.2.5
smtp.mydomain.com. IN A 192.168.2.6
mydomain.com. IN MX 10 smtp.mydomain.com.


--
Keep It Safe, Stupid!
Yes, I CanChat. Can You?

Vinch

join:2007-10-24
Pointe-Claire, QC
reply to exocet_cm

You're setting up an SMTP relay for a LAN, correct? You don't have much of a choice to use anything other than A records because the devices/scripts/programs sending emails aren't MTA's (Mail Transfer Agents)! Only MTA's query DNS MX records to find out how to deliver email.



exocet_cm
Free at last, free at last
Premium
join:2003-03-23
New Orleans, LA
kudos:3

said by Vinch:

You're setting up an SMTP relay for a LAN, correct? You don't have much of a choice to use anything other than A records because the devices/scripts/programs sending emails aren't MTA's (Mail Transfer Agents)! Only MTA's query DNS MX records to find out how to deliver email.

Correct. LAN relay through a relay IIS install for simple (minded) devices on the network such as UPS network interface cards, temperature and humidity sensors, scripted alerts, OpenManage, DRAC, etc. Nothing that our users would hit from within the network (they all route through Google Apps for Business).
--
"I have measured out my life with coffee spoons..." - T.S Eliot
"I have often regretted my speech, never my silence." - Publilius Syrus
Ma blog: »www.johndball.com


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

You need two different A records

ie

SMTP-A.mydomain.com A 192.196.2.5
SMTP-B.mydomain.com A 192.196.2.5
mydomain.com MX 10 SMTP-A.mydomain.com
mydomain.com MX 10 SMTP-B.mydomain.com



DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
reply to exocet_cm

For something that doesn't use MX records I think you're kinda sol, as with A records it'll occasionally get stuck.



exocet_cm
Free at last, free at last
Premium
join:2003-03-23
New Orleans, LA
kudos:3

said by DarkLogix:

For something that doesn't use MX records I think you're kinda sol, as with A records it'll occasionally get stuck.

Occasionally gets stuck because it can't resolve? So if one goes down it won't resolve to the other?
--
"I have measured out my life with coffee spoons..." - T.S Eliot
"I have often regretted my speech, never my silence." - Publilius Syrus
Ma blog: »www.johndball.com


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

With an a record it'll be stuck on the current one till the TTL expires, and then have a 50% chance of getting the working one next.



exocet_cm
Free at last, free at last
Premium
join:2003-03-23
New Orleans, LA
kudos:3

said by DarkLogix:

With an a record it'll be stuck on the current one till the TTL expires, and then have a 50% chance of getting the working one next.

Well that sucks.
--
"I have measured out my life with coffee spoons..." - T.S Eliot
"I have often regretted my speech, never my silence." - Publilius Syrus
Ma blog: »www.johndball.com


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

With MX records a Mail server sending to it would try one then if it failed try the next, with the priority the same it'd be random as to which would get picked next, thus it would kinda load balance the 2.



drew
Automatic
Premium
join:2002-07-10
Port Orchard, WA
kudos:6
reply to exocet_cm

Consider sending them to your firewall or other appliance at the head? Usually they're smart enough to lookup MX records and the like. I can't provide details on the implementation, but I've seen it in practice.
--
flickr | 'Cause I've been waiting, all my life just waiting
For you to shine, shine your light on me



PToN
Premium
join:2001-10-04
Houston, TX
reply to exocet_cm

The idea is to be able to still get the messages for later delivery.

You could do something like what DarkLogix See Profile mentioned when setting up the records, then you can setup a 3rd record to be used for the clients.

SMTP-A.mydomain.com A 192.196.2.5
SMTP-B.mydomain.com A 192.196.2.6
mail.mydomain.com A 192.196.2.5
mail.mydomain.com A 192.196.2.6
mydomain.com MX 10 SMTP-A.mydomain.com
mydomain.com MX 10 SMTP-B.mydomain.com

That way you can setup all your clients to "mail.mydomain.com" instead of having different clients looking for different servers. Now, i am not sure if this considered "best practice", but in theory it would work.

Your client resolve mail.mydomain.com and they will get 2 IPs (this is based on TTL) and they will be able to get to either server. When one of them goes down, you will have 50% chance of getting a timeout. And people sending you emails will not get a bounce back unless both servers go down.

You might be able to use CNAMEs for your clients, but i am not sure.
mail.mydomain.com CNAME SMTP-A.mydomain.com
mail.mydomain.com CNAME SMTP-B.mydomain.com

Some one please correct me if wrong. Thanks.


tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

CNAMES are not recommended for mx records.



drew
Automatic
Premium
join:2002-07-10
Port Orchard, WA
kudos:6

said by tomdlgns:

CNAMES are not recommended for mx records.

[citation required]
--
flickr | 'Cause I've been waiting, all my life just waiting
For you to shine, shine your light on me

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

said by drew:

said by tomdlgns:

CNAMES are not recommended for mx records.

[citation required]

exchangepedia.com/blog/2006/12/should-mx-record-point-to-cname-records.html


drew
Automatic
Premium
join:2002-07-10
Port Orchard, WA
kudos:6

Glad you provided substance to back up a claim. I knew it wasn't best practice, but I don't like people saying something as fact without providing proof.

For those interested, the details are contained within Section 10.3 in RFC 2181.
--
flickr | 'Cause I've been waiting, all my life just waiting
For you to shine, shine your light on me



Wily_One
Premium
join:2002-11-24
San Jose, CA

Whether they are "recommended" or not, they are in fact illegal. BIND will not accept an MX record that points to a CNAME.


tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

what do you mean by not accept?

there was a company that was using cnames for their mx records for about 3 months. once i saw that, i immediately switched it (after hours) just to make sure there were no issues in the future.



Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse

BIND will flag such a record as illegal, but will still load the zone. The named log will show it as a warning, rather than an error. (Who knows how Windows DNS treats it...)

Sample zone file:

example.com.            IN  A       192.168.10.20
example.com.            IN  MX      100 mail.example.com.
mail.example.com.       IN  CNAME   mailsrv1.example.com.
mailsrv1.example.com.   IN  A       10.20.30.40
 

And every time such a record is encountered, it will be logged as follows:
general: warning: zone example.com/IN: example.com/MX 'mail.example.com' is a CNAME (illegal)

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

very good to know. i didn't mean anything negative about my post, just wanted to get a better understanding of what you meant by 'not accept'

good info.



Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse

No problem - it was a poor choice of words on my part. It does "accept" it in that it will still load the zone, but at the same time does not accept it by flagging it as an illegal record.

Basically ISC is trying to get people not to do it, but since so many people have developed this bad habit they would break a lot of zones if they stopped supporting it altogether.



PToN
Premium
join:2001-10-04
Houston, TX
reply to tomdlgns

said by tomdlgns:

CNAMES are not recommended for mx records.

Well, i wasnt saying to use CNAMEs for MX records. I was referring to use CNAMEs to point to A records so that any client machine can connect to the mail server and send/receive.

That way you can configure your user's email clients to use the cname and be able to connect to either host.

I know CNAME for MX is a no go.