dual isp owa issue

ppe1700 · Jan 20, 2009

we have a client with two ISPs. with 2 isp's this means two IP subnet ranges. They have an Exchange server at site on a private IP, and we have this server NATted to an external IP on each subnet, so that if the primary line was to fail, then the users could still get access to OWA via the backup line.

Problem:
We have a DNS http://mail.company.com pointing to owa primary IP address. If the primary fails, it still points to the same IP so owa is inaccessible via URL.

If I do nslookup to google.com I get returned 3 IP addresses, I'm guessing that is so if one was to fail that google will still be reachable?

How do I do such a thing with private dns entries such as the above?
Is there a service we can use, or a company we can buy dns entries from to have more than 1 entry, because our current provider only allows 1 IP to be added to a domain name.

If there is another way, I am happy to hear all suggestions.

thanks!

ppe1700 · Jan 20, 2009

UPDATE:
i have just spoken to the person that manages our DNS entries for our clients.

and while the system does not let you put a 2nd ip address to have the dns resolve to, you can infact add multiple entries for the SAME name.

so we tested this, and it does infact resolve to two ip addresses, and the most resent entry was top of the list. AND because the most resent entry was a dummy 1.1.1.1 ip, browsing to the dns name DID failover to the real ip after a short period.

NOW, what determines which is at the top of the list in the nslookup? is it in fact the most recent entry is top? as this is what we have found...

i hope someone can help me clarify or point me in the right direction,
however i feel this is falling on deaf ears

gangaskan · Jan 20, 2009

well, ppe, you posted early in the morning

so yeah, deaf ears will be present

what you can do is set OWA to use the first available IP address, so when you contact https://companyname/exchange the first IP will be what you choose. if you do "any available IP" it will go to either or.

i'll have to do a little more research when i get to work if i can for you. but i think any available IP with dns shouldn't be an issue should it? if it cant resolve one ip, it should resolve the other A record.

ppe1700 · Jan 20, 2009

gangaskan said:
i'll have to do a little more research when i get to work if i can for you. but i think any available IP with dns shouldn't be an issue should it? if it cant resolve one ip, it should resolve the other A record.

is this how dns works? if i nslookup google.com, and keep repeatedly doing it, i keep getting the same answers in different order.

its not that big of a deal, so long as if the first try fails then it MUST try the 2nd ip address. if it does this by default then we are set to go

thanks for replying, but i asked the same question on a cisco networking forum, and for a whole day i got NO replies, and when i did eventually get a reply they had a go at me for having 443 mapped / natted through to the exchange server inside address.. LOL :screwy:

Mr.Guvernment · Jan 20, 2009

google likely has load balancing enabled to keep the loads even on each connection.

ppe1700 · Jan 20, 2009

Mr.Guvernment said:
google likely has load balancing enabled to keep the loads even on each connection.

HOW?

and its not load balancing im after, it is just one for primary one for redundancy..
i would like to set preference on which ip address gets resolved to the client first. IS THIS POSSIBLE? :santa:

mbentley · Jan 20, 2009

ppe1700 said:
HOW?

and its not load balancing im after, it is just one for primary one for redundancy..
i would like to set preference on which ip address gets resolved to the client first. IS THIS POSSIBLE?

no, it is load balancing. it is just a different method. except the way that it sounds like you want to do it is with a backup ready. we have load balancers here at work for websites that have multiple servers. what happens is that if one of the sites goes down, it will black list it from being used in the pool. you could set it up so that it would only access the one site but if it detects that it is down, it will redirect all traffic to the backup server.

there should be other ways to do it though besides using hardware like a load balancer.

maybe you need to look into dns failover

gangaskan · Jan 20, 2009

ppe1700 said:
HOW?

and its not load balancing im after, it is just one for primary one for redundancy..
i would like to set preference on which ip address gets resolved to the client first. IS THIS POSSIBLE?

i think this is what you're looking for PPE

Alias record. Indicates an alternate or alias DNS domain name for a name already specified in other resource record types used in this zone. The record is also known as the canonical name (CNAME) record type. (RFC 1035)

are you managing your DNS internally (aka either a inside/outside dns, or a inside only dns) or is your ISP and or host provider doing so?

Jon · Jan 21, 2009

Agreed that multiple A records will get you what you want. Assuming your DNS is handled externally, contact your DNS hostname provider and let them know the order you want them handled in (as IPs go).

In the case of BIND, it would simply be:

www IN A XXX.XXX.XXX.10
www IN A XXX.XXX.XXX.11

Where the 10 address would be the first (in a default round robin and rrset-order defines a fixed value for your chosen address).

Sorry if this is confusing, but DNS can really suck.

gangaskan · Jan 21, 2009

Jon said:
Sorry if this is confusing, but DNS can really suck.

that it can! it got confusing in my net security class because we went through all the possibility, the one that confused me the most were the internal / external DNS mainly used to avoid internal DNS poisoning

dual isp owa issue

ppe1700

Member

ppe1700

Member

gangaskan

Member

ppe1700

Member

Mr.Guvernment

Member

ppe1700

Member

mbentley

Gloriously Lead, Overclockix Chief Architect

gangaskan

Member

Jon

Just Another Retired Moderator

gangaskan

Member

Similar threads