Ping a Specific Port

Question

Jacob Evans

Asked: 2015-11-24 12:35:39 +0800 CST2015-11-24 12:35:39 +0800 CST 2015-11-24 12:35:39 +0800 CST

Multiple MX or Round-Robin A Record

772

Which is Better, and Why?

There are 2 inbound mail filters, they are in a cluster with equal hardware specs and can handle the same load. This is a new configuration and I would like to know which is a better way to handle equal cost load balancing of 2 servers, I can set them both to use the same hostname (ehlo) and same certificates, they currently use a certificate that includes all 3 names, the common name being mx.

In either scenario will severs retry both IP addresses in the case of an outage of 1 of the servers.

Scenario 1

example.com. IN MX 10 mx.example.com.
mx.example.com. IN A 10.0.0.10
mx.example.com. IN A 172.31.0.10

Scenario 2

example.com. IN MX 10 mx1.example.com.
example.com. IN MX 10 mx2.example.com.
mx1.example.com. IN A 10.0.0.10
mx2.example.com. IN A 172.31.0.10

*Assume all other variables are best practice (FCrDNS, SPF, ETC)

Google Seems to do BOTH.

;;Answer
gmail.com. 300 IN TXT "v=spf1 redirect=_spf.google.com"
gmail.com. 86400 IN SOA ns1.google.com. dns-admin.google.com. (2015031901 21600 3600 1209600 300)
gmail.com. 345600 IN NS ns1.google.com.
gmail.com. 345600 IN NS ns2.google.com.
gmail.com. 345600 IN NS ns3.google.com.
gmail.com. 345600 IN NS ns4.google.com.
gmail.com. 3600 IN MX 10 alt1.gmail-smtp-in.l.google.com.
gmail.com. 3600 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 3600 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 3600 IN MX 40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 3600 IN MX 5 gmail-smtp-in.l.google.com.
gmail.com. 300 IN AAAA 2607:f8b0:4006:80c:0:0:0:1015
gmail.com. 300 IN A 173.194.123.85
gmail.com. 300 IN A 173.194.123.86
gmail-smtp-in.l.google.com. 300 IN AAAA 2607:f8b0:400c:c00:0:0:0:1a
gmail-smtp-in.l.google.com. 300 IN A 74.125.134.26
gmail-smtp-in.l.google.com. 300 IN A 74.125.134.27

2 Answers

Voted

Sammitch · Answer 1 · 2015-12-01T18:07:12+08:00

The most preferable solution to equally balance the load is to use an actual load balancer. Failing that you are beholden to the whims of how badly any given MTA implemented the RFCs.

In a perfect world either of those solution you've mentioned would be fine, however in the real world you're probably going to see a constant 60/40 split of load, at best. This is because even though the email and DNS RFCs may have lots of scary-looking SHOULDs and MUSTs regarding randomization during host selection the fact remains that programmers are lazy and there's no way for the server to reject connections due to lazy host selection.

The two situations you're going to see are:

Traffic hitting whatever the first record is.
Traffic hitting whatever the first record is after the available records have been sorted.

The best balance I was able to strike was to assign the highest IPs to the lowest MXes. In your case this would mean:

example.com. IN MX 10 mx1.example.com.
example.com. IN MX 10 mx2.example.com.
mx1.example.com. IN A 172.31.0.10
mx2.example.com. IN A 10.0.0.10

This should help balance things out since PWM [Poorly Written MTA] #1 will prefer the lowest MX record name, while PWM #2 will prefer the lowest MX IP.

But, like I said, you'll never see a true balance.

Source: I have administrated a 10-node MX cluster serving over 10,000 domains. [And the one with the lowest IP still got 30% of the overall traffic and we just ended up making it a beefier machine :I]

User5645 · Answer 2 · 2015-11-24T12:55:07+08:00

Both will work exactly the same for you. In both cases you are configuring a DNS load balanced setup, allowing you to utilize both servers listed for answering SMTP requests. Even looking down at the number of queries, in both cases you would have two DNS queries (one for the MX record, one for the A record), so there should be no performance difference.

For the sake of simplicity, I would stick with the first scenario as I would only need to track one MX record (one less DNS record... not a big deal, but at least one less moving part).

How google utilizes this is to use both the flexibility of DNS load balancing along with the fallback capabilities of weighted MX records which is the only piece you are not needing to take advantage of (at least according to your scenarios).

So if you note their primary MX record with a weight of 5 is the one with the multiple A records. So when everything is working correctly, they are splitting that traffic across those addresses. But should those addresses not respond, it can then fall down the MX priorities to try the next record down the line, and on, and on.

Most small setups (small compared to gmail, yahoo, etc.) I have seen do not load balance (at least not with DNS load balancing) and instead use weighted MX to fall through a list of preferred SMTP handlers. Really it comes down to the setup that provides the flexibility you need.

Multiple MX or Round-Robin A Record

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?