Creating a Redundant Email/DNS System

Table of Contents

Introduction

Many of us have become dependent on our email system for business or personal reasons. We rely heavily on email and have a difficult time when our email system is unavailable for any extended period. This tutorial is intended to provide a method for creating some redundancy so we are not completely out of luck when our primary email system goes down. There are a variety of things one can do to make one's email system more robust. The solutions given here are presented in increasing order of complexity.

In this tutorial I will be naming several specific service providers. Unless otherwise indicated, I have had personal experience with the ones I've named. There are many others that will work just as well. If I name others I have not used personally, I will so disclose.

Important Note: All of the solutions given here require the use of a personally owned and controlled domain name! Someone whose only email address is provided by an email provider (Yahoo!, Hotmail, Gmail, the user's ISP, etc.) need not read any further....the ideas here will not work for you!

[top]

How Does Email Work, Anyway?

Say you have an email address: you@bigispyahotmailhoo.com; how does email get to you?

  1. Email requires two servers: a sending server (usually an SMTP server), and a receiving server.
  2. When someone sends you an email, their email client (either on their computer or at a web site of an email provider) opens a connection to the sending server.
  3. The sending server says to itself, "Hmmm, I need to find the receiving server for bigispyahotmailhoo.com" and queries the DNS (Domain Name Server) system to find the IP address (a unique numerical identifier, in the form aaa.bbb.ccc.ddd, assigned to each computer in the universe) of the receiving server. The DNS system does this by determining the MX (Mail Exchange) record associated with the domain name bigispyahotmailhoo.com
  4. The sending server opens a connection with the receiving server, and politely asks the following questions of the receiving server:
    1. "Are you a server authorized to receive mail for the domain bigispyahotmailhoo.com?"
    2. "If so, are you able to receive mail right now for you@bigispyahotmailhoo.com?"
  5. Assuming the answer to questions 4a and 4b are both "yes", the sending server sends the receiving server the email.
  6. The receiving server then processes the email, doing one of the following two things with it:
    1. moves it to your mailbox to be read, or
    2. forwards the email to a prearranged external email address
  7. Once the email is in your mailbox, you read it in one of the following ways:
    1. by using a web-based email client
    2. by using a computer-based email client (e.g. Outlook Express, Outlook, Thunderbird, Entourage, etc.) via either the POP3 (Post Office Protocol 3) or IMAP (Internet Messaging Access Protocol) method.

[top]

What Can Go Wrong?

  1. You can't establish a connection with your outgoing email server. This tutorial will not help you with this.
  2. The sending server tries but fails to find the MX record associated with the receiving email server because the DNS server that has that information is not available. This tutorial provides a way of creating a secondary, redundant way to find the MX record (redundant DNS is quite difficult to set up).
  3. The sending server finds the MX record of the receiving email server but the receiving email server is not available. When this happens, email will not be handled and will be sent back to the sender as “undeliverable”. This tutorial provides a way to configure a second receiving email server to process your email.
  4. The sending server establishes a connection with one of the receiving servers, the receiving server accepts the email, but doesn't deliver the email to your mail box or fails to forward your email to your external account(s). This tutorial can't help you with this.
  5. The email is successfully forwarded to your external account but your external account is not available to you. This tutorial provides a way to have your emails forwarded to TWO external accounts which hopefully will not be down simultaneously!

[top]

Get Your Own Domain

You need to purchase your own domain from a reputable domain registrar that will give you full control over your DNS records. One such registrar I have worked with personally is namecheap. It is reliable, inexpensive, and has the services needed. There are many, many others! Be careful to make sure you will have full power to create and change all DNS entries, particularly MX records. Some registrars (such as godaddy) will not give you full power over DNS records unless you purchase some additional service from them.

By default, when you purchase your domain, the DNS servers for that domain will be set to the DNS servers owned by the registrar.

[top]

Solutions: Introduction

There are several ways you can add redundancy to your email system. Each provides some level of security. Alas, I have not discovered any system that is completely foolproof. I will discuss the advantages and disadvantages of each.

[top]

Solution 1: Forwarding to two email addresses

What is it?

You forward all of the mail addressed to <anyone@yourdomain.com> to two different external email accounts.

Advantages

Simple to implement. If your primary email provider is down, your email can be read at your second email provider.

Disadvantages

Provides a single point of failure from multiple perspectives. The DNS records may not be available, the single email server may not be available, or the forwarding service may be broken.

How to do it

At your domain registrar, go into their control panel and set up "catch-all" email forwarding to two different external email addresses (these can be anywhere, including at your ISP or a provider such as Yahoo!, Hotmail, or Gmail).

[top]

Solution 2: Adding a "queue and store" email backup service

What is it?

A "queue and store" email backup service collects and stores emails addressed to <anyone@yourdomain.com> whenever your receiving email server is unavailable. The backup service periodically tests to see if your receiving server is back up and sends the collected emails on when your receiving server is available.

This is a commercial service, in my experience. I have never seen a free one. The cheapest one I've seen (and the only one I have personal experience with) is sitelutions. As of December, 2007, the cost of a year of service for one domain is $18. Dnsmadeasy offers the same type of service for $12.95 per year for one domain.

Important note: This solution can be done in conjunction with other solutions, if desired.

Advantages

Prevents you from losing emails in case your primary receiving email server is down. Those that send you emails will not receive a "bounce back" indicating the email was not deliverable.

Disadvantages

Although you won't lose any emails, the emails won't be available to you until your primary email server is back on line.

How to do it

Sign up for "queue and store" email backup service at the provider of your choice. Then go to the provider that hosts your DNS records and add an MX record for the backup email service, per the instructions given by the "queue and store" email backup service. Make sure the "priority number" is HIGHER than the number associated with the MX record of your primary email server.

[top]

Solution 3: Adding an additional email server

What is it?

You add an additional email server and set it to forward your emails.

Advantages

If your primary receiving email server is down, mail will be directed to the additional email server, which will forward your email to as many addresses as you wish to have for redundancy. Or, you can just have the additional mail server hold on to your email for you to read. Or have it hold AND forward.

Disadvantages

If your DNS host is down, it doesn't matter how many additional receiving email servers you set up; no one will be able to find any of them!

Important note: If your DNS is hosted by a major registrar, it is highly unlikely that your DNS will ever be unavailable! Most major registrars have geographically dispersed, multiply redundant name servers. DNS unavailability is only likely to be an issue if you have your DNS hosted by another provider, such as your webhost, who is not able to provide that level of redundancy.

How to do it

You can arrange for an additional mail server in a variety of ways. You can sign up for a paid service other than your primary service. Just be sure that this new paid service can host "own domain" email addresses.

You can also have an additional email server provided for free by an outfit such as Zoneedit, but Zoneedit will NOT provide an email server unless you also arrange for DNS service with them (either primary or secondary DNS service). See "How to use Zoneedit for primary DNS and as a backup email server" (link not available at this time).

After arranging for a second email server, go to the provider that hosts your DNS records and add an MX record for the additional email server. Make sure the "priority number" is HIGHER than the number associated with the MX record of your primary email server. If you don't know the MX record for the secondary email server, try to find out from the provider. Or, you can use the third of the lookup tools in the Resources section. You need to use the third tool because you need to find the MX record for your domain using the nameserver associated with the additional email server provider, NOT the nameserver associated with your domain at your registrar.

Then, go into the control panel at the additional email server provider and set up forwarding to your multiple email addresses.

[top]

Solution 4: Adding a Second DNS Provider

What is it?

A second DNS provider will allow your email server(s) MX record(s) to be found if your primary DNS provider is unavailable for any reason. See Important Note above for more information about when this is necessary.

Advantages

If your primary DNS provider is unavailable, your redundant email servers will be for naught; no one will be able to find them!

Disadvantages

This is can be devilishly complicated to set up! And, even going to this length is NOT a guarantee that your email will always be available (see What Can Go Wrong?).

How to do it

Option 1: Use two different DNS providers, both of which are considered "primary" DNS providers

This option is simpler, but requires manual maintenance of your DNS records in two places.

To implement this, arrange for DNS hosting at two different DNS providers (such as sitelutions, zoneedit, or granitecanyon. Then go to your domain registrar's control panel and choose to "delegate" your DNS and provide the nameservers of your two DNS hosting providers in the spots indicated. You will need to wait up to 48 hours for this change to "take". Finally, go into each of your DNS providers and manually add the necessary MX records (depending on what you have chosen to do, you could have many...for your primary email server, your secondary email server, and your "queue and store" backup email server). Be sure to add any A records you need to make your website work. Finally, use the third of the lookup tools in the Resources section to check your work.

Important: This option requires you to manually change DNS records in two places should anything in your setup change. Should you fail to keep your nameservers properly synchronized, your email and/or website could intermittently fail to be available.

Option 2: Use an additional DNS provider as a "secondary" or "slave" DNS provider.

"Secondary" DNS provides a level of "automatic" redundancy by having a second DNS provider "mirror" your primary DNS provider's records, automatically, in the background.

This option is much more complicated to setup, but provides a bit of "set and forget" in that any changes you make in your primary DNS records will automatically be reflected in your secondary DNS records.

Important: In order to implement this, you need a primary DNS provider that permits "zone transfers out" and a secondary DNS provider that explicitly provides "secondary" DNS service. Unfortunately, most major registrars DO NOT permit "zone transfers out", so, to implement this solution, you must find a provider that does! In my case, my webhost does permit "zone transfers out". It should be possible to use a granitecanyon/zoneedit combination.

After creating accounts at two different DNS providers, follow the steps for Option 1 above, BUT, you only need to create DNS records at your primary DNS provider. The secondary DNS provider will automatically "pull" the DNS records from your primary provider and "mirror" the primary provider's information.

[top]

Conclusion

As you can see, there are a variety of techniques that can be used to make one's email system more robust. Each has advantages and disadvantages, but taken together, the degree of redundancy is significantly increased.

[top]

Helpful Resources

Resources
In order to implement the solutions described here, one must have some method of determining the DNS records for one’s domain. There are many tools on the web that allow one to accomplish this. Two particularly useful ones are described here (the links were active as of November '05).

  1. http://www.dollardns.net/cgi-bin/dnscrawler/index.pl is a particularly easy to use method of determining one’s DNS records. Be sure to put “MX” in the box marked “Type” to look up MX records.
  2. http://www.dnsstuff.com/ is a second resource for looking up DNS records.
  3. http://network-tools.com/nslook/ is a third resource. Instructions and information about how domain names work can be found at http://network-tools.com/brokendomain/. What is nice about this site is that you can specify which nameserver you wish to use as the source of information about a particular domain. The others two resources listed here just give you the "official" information. There are times when you need to be able to figure out what what the information is on a particular nameserver.

[top]

Appendix

[top]

I hope folks find this useful.

Robert Camner
November, 2005