Hi, I'm posed a question in my study course for Active Directory and hope someone can help me.

Assuming the following:

SMTP Mail Server A
Name: mailserver1.domain.com
IP Address: 192.168.0.10

SMTP Mail Server B
Name: mailserver2.domain.com
IP Address: 192.168.0.11

Mail Server A is the primary server, while Mail Server B is the secondary mail server. My users will send emails that find their way to SMTP Mail Server A by using the recipient format: emailusername@mailserver1.domain.com.

In the event that SMTP Mail Server A goes down, I want SMTP Mail Server B to replace SMTP Mail Server A. This should be done by a VB or C++ program (written by me) that runs on SMTP Mail Server B.

I figure that I can do this by just changing the computer name on Mail Server B from mailserver2.domain.com to mailserver1.domain.com, or should I change IP address instead? Will this pose a problem to AD authentication or registration? What happens if Mail Server A recovers?

Will appreciate any pointers. :)

You need to read about DNS MX records, and send email only to "emailusername@domain.com". The MX records are used for mail delivery routing, will define "mailserver1" with the highest priority, and will automatically deliver mail to mailserver2 when mailserver1 is unavailable.

The CLIENT config then needs to be changed to point to the backup server - OR - you define a DNS CNAME record: "mailserver". The clients always talk to "mailserver", which is normally an alias for "mailserver1". You can simply update the CNAME record to refer to "mailserver2" when mailserver1 is down. no server renames (bad idea on MANY levels), no client configs. Using DNSCMD.EXE it would be easy to script the CNAME record change in just 2-3 lines.

This is - of course - assuming that mailserver2 has user mailboxes and POP or IMAP services configured so it is ready to serve as a backup mailbox server. You'll also want to insure that clients pull the mail off of the server, or when mailserver1 comes back online, they will have mail on two servers.

Most sites will use a secondary server to mailbag (store & forward) server while the primary mailbox server is down. It really depends on the mail services you are using.

Glenn

You need to read about DNS MX records, and send email only to "emailusername@domain.com". The MX records are used for mail delivery routing, will define "mailserver1" with the highest priority, and will automatically deliver mail to mailserver2 when mailserver1 is unavailable.

The CLIENT config then needs to be changed to point to the backup server - OR - you define a DNS CNAME record: "mailserver". The clients always talk to "mailserver", which is normally an alias for "mailserver1". You can simply update the CNAME record to refer to "mailserver2" when mailserver1 is down. no server renames (bad idea on MANY levels), no client configs. Using DNSCMD.EXE it would be easy to script the CNAME record change in just 2-3 lines

Thanks, my understanding is that mail clients will automatically look for the other mxrecord if the first one fails?

Thanks, my understanding is that mail clients will automatically look for the other mxrecord if the first one fails?

No, not the clients, but the servers that try to deliver the mail.

Open a command prompt and enter these commands:
NSLOOKUP
<replies with your default DNS server name and address>
SET TYPE=MX
any_domain.COM <pick a domain name>
<replies with the name/IP of the server answering the query>
<replies with Mail eXchange records - example below>
domain.com MX Preference = 10, mail exchanger = mx1.domain.com
domain.com MX Preference = 20, mail exchanger = mx2.domain.com
mx1.domain.com internet address = 12.224.15.20
mx2.domain.com internet address = 12.224.15.21

type "QUIT" to exit the nslookup tool.

This data shows that MX1 is the preferred host (loweset preference value. If MX1 is available, mail will be delivered there. If it isn't, mail will be delivered to the next available mail server with an equal or higher preference. No manual intervention is needed.

What you need, in addition to this standard MX implementation, is an alias for your mail server - clients always use the alias (CNAME) to connect. If the primary server goes down, you update the alias to point to the backup mail server. It's easier to change one DNS record than update hundreds or thousands of clients, and much less invasive than renaming a server.

Glenn

No, not the clients, but the servers that try to deliver the mail.

Open a command prompt and enter these commands:
NSLOOKUP
<replies with your default DNS server name and address>
SET TYPE=MX
any_domain.COM <pick a domain name>
<replies with the name/IP of the server answering the query>
<replies with Mail eXchange records - example below>
domain.com MX Preference = 10, mail exchanger = mx1.domain.com
domain.com MX Preference = 20, mail exchanger = mx2.domain.com
mx1.domain.com internet address = 12.224.15.20
mx2.domain.com internet address = 12.224.15.21

type "QUIT" to exit the nslookup tool.

What you need, in addition to this standard MX implementation, is an alias for your mail server - clients always use the alias (CNAME) to connect. If the primary server goes down, you update the alias to point to the backup mail server. It's easier to change one DNS record than update hundreds or thousands of clients, and much less invasive than renaming a server.

Glenn

Glenn, Thanks for your explanation.

For CNAME, am I correct to say that you are referring to the CNAME for the mail server, and nothing to do with any_domain.COM?

Mail servers as in say Google's mail server, e.g.

alt1.aspmx.l.google.com
aspmx.l.google.com
alt2.aspmx.l.google.com

If the primary server goes down, you update the alias to point to the backup mail server.

You also mention update, can't this be done automatically? Like using 2 CNAME or 2 A records?

Also, how about for the case of Unix based mail clients that don't use SMTP or "non-mx record" mail clients (as i read here - http://www.ludd.luth.se/~kavli/BIND-FAQ.html), will they work in such a case?

For this i believe CNAME comes into picture? But for any_domain.COM instead of the mail server domains. Or can I use A records?

For your example below:

Open a command prompt and enter these commands:
NSLOOKUP
<replies with your default DNS server name and address>
SET TYPE=MX
any_domain.COM <pick a domain name>
<replies with the name/IP of the server answering the query>
<replies with Mail eXchange records - example below>
domain.com MX Preference = 10, mail exchanger = mx1.domain.com
domain.com MX Preference = 20, mail exchanger = mx2.domain.com
mx1.domain.com internet address = 12.224.15.20
mx2.domain.com internet address = 12.224.15.21

Do I setup 2 x A records? The first A record points any_domain.COM to mx1.domain.com

The second A record points any_domain.COM to mx2.domain.com.

Can A record failover like what MX record does? Or must i use CNAME?

Let's clarify a few things:

  • Despite this coming from an Active Directory class, it has nothing to do with AD.
  • DNS does not provide any type of failover for email. It simply provides pre-programmed information about the relationship between names and IP addresses.
  • DNS servers do share info (primary/secondary roles in BIND, and AD Integration in A-D environments) so if one goes down, the other can be queried.. this is the DNS Client protocol at work and is not "one DNS server stepping in for another". The client knows that the primary did not reply in a reasonable time, so it checks the secondary.
  • It is the mail protocol - SMTP - that uses the information from DNS to deliver email. It delivers email to the host who has the highest MX priority (lowest numerical value) that responds. Thus, the "failover" is inside the SMTP protocol, not in DNS.

SMTP is used to deliver email, it has little if anything to do with sending. That is - the client uses SMTP in a fairly dumb manner.. the client is preprogrammed with the name or address of an SMTP server that it sends outbound mail to. That server then uses the full SMTP protocol with DNS to determine where the email should be sent to. It finds the MX recods of the target system and sends the message to the server that responds. Granted, this is an oversimplification, but in a lab/class environment it works exactly this way.

Back to the client - since it only knows about one server to send mail to, if that server is down, it fails to send. It also fails to receive (using IMAP or POP protocol, since these only have one server address as well). As I said initially, if you configure your two SMTP servers to share the data and provide IMAP or POP client services with identical user databases, you can fail-over the client by changing the server they communicate with. You have 3 choices

  1. Rename the mail server - this is bad on many levels, especially in a Windows environment. Recovery (Fail-Back) becomes difficult and requires an outage.
  2. Change the name or address of the mail server in every client, in both the Send and Receive server fields. That's an awful lot of work, both to fail-over and fail-back.
  3. Create a CNAME record for the primary mail server. Configure the clients to talk to the server using the CNAME alias. If the primary server fails, manually change the CNAME record to point to the secondary mail server. Fail-Back simply requires you to simply restore the original CNAME value.

More advanced systems like Exchange use their own protocols to share data and provide fault tolerance, but in a simple SMTP/POP environment, you need to do more.

You should really browse ORiley's "DNS And Bind" book to get an understanding of how DNS plays a role in mail delivery. Highly recommended!

Glenn

Thanks Gbarnas,

Change the name or address of the mail server in every client, in both the Send and Receive server fields. That's an awful lot of work, both to fail-over and fail-back.

Do you mean sending to both servers as in sending to both username@server1.com and username@server2.com?

Create a CNAME record for the primary mail server. Configure the clients to talk to the server using the CNAME alias. If the primary server fails, manually change the CNAME record to point to the secondary mail server. Fail-Back simply requires you to simply restore the original CNAME value.

I would suppose using a solution such as simplefailver?

How about this?

SMTP service on backup server is stopped. Send the email to both servers. The email sent to the failover server will not deliver because the SMTP service on the backup is stopped. If the primary server fails to respond, start the SMTP service on the failover server. If primary server recovers, stop the SMTP service on the failover server

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.