Archive for November, 2009

A Note on Clustering Exchange 2010

8 comments Written on November 5th, 2009 by
Categories: Blog, Exchange
Tags: ,

I just had a conversation about how many nodes can fail in a three node DAG and since there was a misconception present I figured I should point out a section of the “Planning For High Availability and Site Resilience” article on TechNet.

From “Witness Server Requirements”
DAGs with an odd number of members do not use a witness server. All DAGs with an even number of members will use a witness server. The witness server can be any computer running Windows Server.

What does this mean? You need to have node majority within the DAG; if you have a three server DAG and two fail you only have one left and therefore don’t have majority. If you want to sustain two failures in a DAG then you need to design your DAG with four nodes and use a witness server.

When you add/remove a server from the DAG (note that a node failing does not count) the addition or removal of a witness server happens automatically. You can either specify a directory (The witness server cannot be a member of the DAG) or by automatically selecting a 2010 Hub Transport server in the site that does not have the Mailbox role installed.

Questions are welcome in the comments, a link to the TechNet article is below.

Planning for High Availability and Site Resilience: Exchange 2010 Help

Tags,
Posted in Blog, Exchange

How To: Create PTR Entries for a Classless Reverse DNS Zone on Windows 2008

1 Comment » Written on November 3rd, 2009 by
Categories: Blog
Tags:

Recently one of my customers moved their office location and in the process moved their Internet connectivity to a T-1. Their provider, Qwest Communications, assigned them a /27 subnet to go along with it and offered to delegate reverse DNS to them. Sounds great, right? Well, there is a problem here; my customer is a Microsoft shop using Windows 2008 for all their public DNS and Windows 2008 DNS does not gracefully handle reverse DNS for classless subnets. This resulted in my customer lacking reverse DNS for their Exchange environment; Since a number of hosts will not accept inbound mail from an IP without reverse DNS this was causing some issues with mail delivery and very much affecting their business.

I eventually tracked down the source of the problem to the method used by Qwest, delegating out a small portion of the classful zone to my customer’s name servers and entering CNAMEs for all the individual IPs. This is not an uncommon solution and when using anything but Windows DNS it is quite easy to accommodate.

Let me lay out the basic scenario I encountered first and then I’ll tell you how to solve this problem.

Note: All IPs and domain names have been changed to protect the innocent.

Public IPs assigned to my customer: 192.168.0.192 – 192.168.0.223

Name servers my customer uses: ns1.customer.com & ns2.customer.com

Public IP that my customer’s Exchange environment uses for outbound mail: 192.168.0.194

What was happening here was that when Qwest delegated rDNS for 192.168.0.194, they told remote servers they should be looking for 194.192-223.0.168.192.in-addr.arpa. The initial and obvious solution is to simply create a reverse DNS zone in Windows DNS for 192-223.0.168.192.in-addr.arpa and create PTR records, right? Not so fast there… You can create the reverse zone easily but you can’t create PTR records in the correct format unfortunately.

Hence the quite simple solution: dnscmd

After you’ve created the zone, simply launch an elevated command prompt (Start -> Right Click on Command Prompt -> Run As Administrator) and use the following syntax to add PTR records manually.

dnscmd <dns server> /recordadd <full zone name – 192-223.0.168.192.in-addr.arpa as an example> <last octet of IP – e.g. 194 for 192.168.0.194> 10 PTR <appropriate fqdn>

So in my customer’s case I used the below command to create a PTR entry for mail.customer.com located at 192.168.0.194:

dnscmd custns1 /recordadd 192-223.0.168.192.in-addr.arpa 194 10 PTR mail.customer.com.

You should then be good to go!

Tags
Posted in Blog