MX handler that points to its own domain record?

Kevin Darcy kcd at daimlerchrysler.com
Wed May 4 19:26:45 UTC 2005 

Ian Veach wrote:

>Greetings.  We have a bind9 server serving various campuses that do their
>own IT.  One campus has a basic but unique set of needs:
>	- they have a mail server.  for reasons not explained here,
>	  it has always had an A record and no MX records.  they need
>	  the A record tied direct to domain for the forseeable future.
>	- they had the funds to buy just one mail processor (spam, etc),
>	  and now want an MX handler, which is great.
>	- BUT, they are worried about said handler failing, so would
>	  like a (worse case) solution where the mail falls through
>	  (unprocessed) to the mail server.
>	- they are not sure if they can add another interface on to
>	  their old mail server.  if so great, if not:
>
>So, what they want is something like this (user at foo.bar.com):
>
>foo.bar.com	IN A		10.10.10.1
>		IN MX 10	handler.foo.bar.com
>		IN MX 20	foo.bar.com
>
>And my question is, is that OK?  The RFC seems to indicate that the MX RR
>will be a host and therefore non-recursive - so it seems like that would
>be ok, and would accomodate mail delivery for foo.bar.com even though
>"handler" might be down.  But not sure, and not sure BIND implements this
>way.  I'm recommending that they get a virtual interface on foo.bar.com
>and use that as the second MX (e.g. IN MX 20 backupmail.foo.bar.com), but
>they wanted to know if above would work.
>
>Comments?
>
I'm not sure what you're getting at with "the MX RR will be a host and 
therefore non-recursive". DNS is just a way to publish information; it 
can't *force* any particular device to connect to any other particular 
device. The MX records above basically say "try handler.foo.bar.com for 
SMTP, but if that isn't available, try foo.bar.com". Does that 
accurately reflect your disaster-recovery strategy? I don't know. I'm 
not privy to the details of your environment. I will say, however, that 
you get a higher level of redundancy using a separate box (which makes 
you box-redundant) or a separate NIC on the same box (which makes you 
only NIC-redundant), than you do with just a virtual interface (which 
gives you, at most, redundancy for only your mail daemon instances, 
assuming you have separate instances listening on separate addresses). 
But now we're getting pretty far afield from DNS and BIND...

- Kevin

More information about the bind-users mailing list