2

I have a question about possible failover solution for internet connection to local mail server in one small office where are problems with ISP. There is Kerio Control server with public static IP 1.1.1.1. There is also local mail server for domain.com (server mail.domain.com) and it has a MX record MX 10 mail.domain.com and A mail.domain.com 1.1.1.1 record. On main server there are also other services and FW with IMAP, POP, SMTP.. pointed to local mail server. Description: Network topology

I know I can move whole mail server to cloud, make mail boxes on remote webhosting and download them to mail server in interval, change ISP.. But I would like to confirm or disprove if it is possible to rent second ISP with second ISP router and second public static IP 2.2.2.2 -> connect it to Kerio Control and made something like this:

domain.com. IN MX 10 mail.domain.com.
mail.domain.com. IN A 1.1.1.1
mail.domain.com. IN A 2.2.2.2

Is it nonsense or can it work?

Set MX 10 mail.domain.com and MX 20 mail2.domain.com with A records would be nice, but mail server can have only one internet hostname.

Thanks for explanation

user2014521
  • 33
  • 3
  • Yes, you are basically setting up round-robin DNS at that point. This means that each client will connect to one or the other, and maybe flop between the two IPs for each request. – ivanivan Jul 02 '19 at 15:07
  • I'm still not sure how it works in practice. If the first IP (1.1.1.1) is down then MTA will try to deliver email to unreachable address so right after this attempt it will try second IP without notifying sender that recipient is unreachable? Or there is always 50% chance than first or second IP will be selected from DNS? – user2014521 Jul 02 '19 at 15:19
  • Think it is a 50/50 chance, but if the first tried is down after timeout/etc it will try second (at least, browsers do this iwth multiple A records for a name). I'd recommend making a few A records as a test, and see what the results of `dig` and `nslookup` show. – ivanivan Jul 02 '19 at 15:29
  • Does that 'try the other one after a failure' actually work or does it need a special configuration ? – Overmind Jul 03 '19 at 06:19

0 Answers0