DNS round robin with 4 C600

Unanswered Question
Oct 19th, 2009

Hi,

We've got 4 Ironports C600 and we use DNS Round Robin on MX.
It works fine when all of the Ironport are working but I'm not sure about how it will work if one of them fails or if I put one of them in maintenance mode (suspendlistener).
How this will be seen by external mail servers?
Will they still send message to the faulty Ironport and get it bounced or will they know that this one is not rachable and send messages to one of the other?

Thanks

Arnaud

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
araudevain Mon, 10/19/2009 - 09:17

Just one more question:
Is there a risk that I loose emails?

Thanks
Arnaud

jbivens_ironport Mon, 10/19/2009 - 22:12

Just one more question:
Is there a risk that I loose emails?


Never, you will only get delay's based on the retry backoff interval which in the case of a single system failure might result in an extra minute in delivery time (for systems attempting to send to down IronPort appliance...not all mail servers).

Sincerely,

Jay Bivens
araudevain Tue, 10/20/2009 - 08:02

Thanks for replying,

My question was more, what happens if one of the Ironport is out of order during a week end? Are Mail Servers going to try sending emails towards one of the 3 left or are they going to keep trying on the one that is faulty until they stop trying?
I'm asking this because we had a disk failure and one of the 4 was unavailable during 3 days but it was still declared on the DNS so I'm wondering if I lost any emails during that time.

I don't know if I'm clear enough on what I'm saying

Thanks

A.

martinc8306 Tue, 10/20/2009 - 08:13

Granted all your MX records have equal priority there is no risk as any MTA attempting delivery can only deliver to a host listening on port 25 for inbound SMTP connections, if unsuccessful it will attempt delivery to the next available record e.g. In this case if servers a,b, and c fail it will deliver to the next available servers, you will just simply have more inbound load on the other servers. I would recommend looking at something from Foundry Networks to load balance this more accurately and fail over as opposed to DNS RR.

Ordered IP addresses: (expiring at Tue Oct 20 09:37:10 2009 SAST)
Preference IPs
1 67.195.168.31
68.142.202.247
216.39.53.1

1 98.137.54.237
67.195.168.230
66.196.97.250

1 98.137.54.238
216.39.53.3
66.196.82.7

1 216.39.53.2
209.191.88.247

MX Records:
Preference TTL Hostname
1 1h56m17s a.mx.mail.yahoo.com
1 1h56m17s b.mx.mail.yahoo.com
1 1h56m17s c.mx.mail.yahoo.com
1 1h56m17s d.mx.mail.yahoo.com
1 1h56m17s e.mx.mail.yahoo.com
1 1h56m17s f.mx.mail.yahoo.com
1 1h56m17s g.mx.mail.yahoo.com

araudevain Tue, 10/20/2009 - 11:04

Thanks for your reply,

I just was not sure whether the mail servers would try another address or not.
Regarding the use of a load balancer, it would be difficult to implement given our architecture.

Thanks again

A.

jbivens_ironport Wed, 10/21/2009 - 17:38

I just was not sure whether the mail servers would try another address or not.  Regarding the use of a load balancer, it would be difficult to implement given our architecture.


The fundamental answer is the more MX records provided the more high availability it creates but there is the opportunity for there to be more delay in mail delivery (in a case where multiple units die or are unavailable).

While having a load balancer might not work in your environment (typically geographical diversity) reducing MX records does reduce load, typically spammers/botnets will roll to all the listed MX records in an effort to dump their payload so reducing the number of MX records to one or two prevents excessive connection attempts by blocked sender. (this comment is more for general readership as opposed to the original poster).

Sincerely,

Jay Bivens
araudevain Thu, 10/22/2009 - 11:07

Indeed, we've got geographical diversity.

Thanks everyone, it helped me a lot

A.

Actions

This Discussion