HPE Community
Operating System - Linux
1832619 Members
2924 Online
110043 Solutions
New Discussion

Re: DNS redirection to second mail server?

 
tpfraz
Advisor

‎10-02-2003 09:18 AM

‎10-02-2003 09:18 AM

DNS redirection to second mail server?

Hi, I have a mail server running Surgemail 1.4b on RedHat 8. We plan to use the mirroring feature that Surgemail has to create a backup mail server. I'm trying to figure out a way to allow users to access their email in the event that the main mail server goes down.
Having multiple MX records only serves to ensure that the email is eventually delivered, correct?
But what about users needing to check that mail? Is their any way to automatically direct, say mail.domain.com, which would normally point to the main mail server, to the IP of the second mail server.
I guess my question is, is their a way to assign multiple IPs to the same name (mail.domain.com)in DNS, and give those IPs a priority level? Much like MX records have.
This way if a user's mail client tried to access the main mail server and could not, then it would automatically try the second mail server. All transparent to the user.
The mirroring feature in Surgemail pretty much creates an exact copy of the main server, so it is possible to do everything on the second mail server that you can do on the main one.
Any help is appreciated.
Thanks...

-Travis
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎10-02-2003 09:36 AM

‎10-02-2003 09:36 AM

Re: DNS redirection to second mail server?

If the main surgemail server goes off line, the simplest solution is this on the backup server.

ifconfig eth#

make eth# accurate to the local hardware.

The problem with a DNS based solution is DNS databse caching and latency.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Balaji N
Honored Contributor

‎10-02-2003 04:08 PM

‎10-02-2003 04:08 PM

Re: DNS redirection to second mail server?

not sure how, but assigning multiple dns entries for the same domain seem to be possible.

$ nslookup www.hp.com
...

Name: www.hpgtm.speedera.net
Addresses: 192.6.165.40, 161.114.22.105
Aliases: www.hp.com

$ nslookup www.microsoft.com
...

Name: a562.cd.akamai.net
Addresses: 80.15.249.121, 80.15.249.118, 80.15.249.102, 80.15.249.105
80.15.249.111, 80.15.249.110, 80.15.249.113, 80.15.249.126, 80.15.249.136
Aliases: www.microsoft.com, www.microsoft.com.edgesuite.net


-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
Dave Falloon
Trusted Contributor

‎10-03-2003 05:06 AM

‎10-03-2003 05:06 AM

Re: DNS redirection to second mail server?

How fast are updates made to the second mail server? I am pretty sure the feature that Balaji is talking about is the DNS round robin feature, but there is a problem with doing that if you are not careful:

http://www.acmebw.com/askmrdns/archive.php?category=85&question=178

This is a link to ask Mr. DNS where he describes DNS round robin. The DNS server tries to help you balance the load across multiple servers by giving out a different IP for each request. If your backup mail server does not have its data completely in sync with the primary server and your clients connect to it, they too will end up being out of sync with the primary server.

It could be a problem depending on the softwares ability to keep the secondary machine updated. If you are using IMAP and the mechanism of keeping the servers in sync does not keep track the state your users messages are in, ie. read, or unread, deleted, your user may be looking at a very long list of email that all shows up as new unread messages, including old deleted messages.
If the backup is fast enough then everything should work fine until a failure in one server or the other. If that happens then I am pretty sure 50% of your clients requests will fail because the DNS server is still returning the IP address of your primary server to half of the people that ask for the address and so they will fail to connect. From the users perspective it will be very random because it will only fail half the time.

All of this, points to the better solution. On the backup server, you write a real quick script that periodically pings the primary server, and if no response if given, the backup server does exactly what SEP suggested, it changes its IP address to be that of the primary server. That way your clients may see only a very brief outage ( depends on the polling interval you use for your ping heartbeat script ).

I hope that made sense :)

Dave
Clothes make the man, Naked people have little to no effect on society
0 Kudos
Reply
tpfraz
Advisor

‎10-03-2003 09:39 AM

‎10-03-2003 09:39 AM

Re: DNS redirection to second mail server?

Good suggestions. But I don't really want a round robin type of feature. I only want the second mail server to be used if the main one is down. I'm not looking to balance the load, just provide redundancy.
Changing the IP might work as was suggested.
But I just heard of a different way. Supposedly you can use a smart router to do this or a floating IP address. This floating IP is assigned to two machines in addition to their normal IP. One machine is a master, the other a slave. When the slave detects that the master is not responing, it takes over the floating IP. Then when the slave notices that the master is back up, it releases control of that floating IP.
It sounds like a nice way to do it.
Has anyone else heard of this. I also heard that it's native in most recent OSs.

-Travis
0 Kudos
Reply
Sergejs Svitnevs
Honored Contributor

‎10-06-2003 03:15 AM

‎10-06-2003 03:15 AM

Re: DNS redirection to second mail server?

Failover is the job of the application, not DNS. DNS just resolves NAME to a list of IP addresses rotated on repeated requests. DNS does not have any mechanism of knowing which IP are reachable at any moment in time. If you want failover (or/and load balancing) I suggest looking into Cisco LocalDirector or Nortel Alteon devices.

Regards,
Sergejs

0 Kudos
Reply
Dave Falloon
Trusted Contributor

‎10-06-2003 07:54 AM

‎10-06-2003 07:54 AM

Re: DNS redirection to second mail server?

Travis,
I did a quick google search on virtual IP and this is the first link that popped up it has a valuable description of how arp works in regards to a redundant server setup. Here is the link, the highlight in the page is the arp cache and their way around it:
http://www.ultramonkey.org/2.0.1/ip_address_takeover.html
Here is a link to an rc.local script for a redhat 7.3 machine that shows how to setup IP aliases with ifconfig for the purpose of making an IP failover redundant service:
http://www.ccp14.ac.uk/ccp14admin/linux-server/ip_aliases/
Its still not really one hundred percent automated for you. Here is what this setup will look like.
You have one machine that is the server, lets says its first IP is 10.0.0.1. It has an alias for 192.168.1.1. Your second server has its first IP as something like 10.0.0.2 and the same alias as the server 192.168.1.1. Now you have a client out in the office floating around in your private class C IP pool lets say 192.168.1.58, that client arps out looking for your main server's class C address 192.168.1.1, but now there is a race, who will respond first because both machines will answer the arp request. So lets say that the master server answers the arp. The client will happily continue on its way downloading its messages. But what happens when new messages come in to your server?
Say the backup machine answers the arp request. Now the new messages are downloaded to the secondary box but the master has no record of them because the data was always pulled in one direction, master to secondary. With this example I am just trying to outline one of the many problems you can get into with IP aliasing.
Instead of IP aliasing you can look into VRRP but this is steadily getting into the domain of High Availability Clustering. Check out the home page:
http://www.linux-ha.org/
There is a lot of information to absorb if you want to setup fail over HA systems. Personally if it was me doing the setup I would go with the simple understandable scripted failover, using ping and ifconfig.
Dave
Clothes make the man, Naked people have little to no effect on society
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.