OT: Hardware for mail and DNS [Long]

Tue May 25 13:59:11 UTC 2004

On Tue, 25 May 2004, Jerome Macaranas wrote:

> Hi,
>
> 	Im planning to setup a server for our office which will be running
> mail and dns. ( is this recommended? )

I always recommend DNS.  It makes so many subsequent management tasks
easier, especially if it is done correctly the first time.  Don't tie
hostnames or IPs into any config files or scripts, use aliases. (I prefer
A records to CNAMEs).  Use aliases for email addresses in scripts too.
Always consider how painful a subsequent upgrade will be because it isn't
matter of if you (or someone else) will upgrade but when.

Remember to run at least 2 nameservers for your private zone and if
possible locate them logically and geographically[1] seperately.

> 	Can someone give me hardware specs for this.  I was thinking of a
> ProLiant DL140 would this be an over kill?

Bind (DNS) takes little in the way of resources, even for busy domains.

As for the demands on mail some questions:

1. How much mail are you intending to push?
2. Are you intending to do spam checking locally?
3. Are you intending to do virus checking locally?

Unless you are intending to do large volumes of mail (100,000 messages per
day, say) even modest modern hardware will cope.  Two boxes with the same
MX level (if you are receiving mail via SMTP rather than POP3) allows for
redundancy in the face of hardware failure.  I'd recommend spending the
money on a few little boxes than one big box.

You may be able to run DNS and mail on the same boxes depending on your
network topology.  Eg, if the mail servers are in a DMZ then don't put the
authorative servers for your internal domain on the same boxes for
security reasons.

When working with world visible domains I don't like to put the primary
nameserver on the same box as the primary MX since it creates additional
headaches if the box dies, but putting secondary DNS on to the same box as
the primary MX is much better.  It allows for a more graceful transfer.

I'd need more info about your setup to get more specific.

[1] This may sound funny for an office environment but don't put them in
the same rack or on the same power feed[2].  If possible put them in
different rooms.  If you have multiple sites, then keep at least 2 at each
site.

[2] I have a story about this :)  I once built two Sun E250s to be
externally visible mail servers for a large organisation.  Each box had 6
SCSI disks.  The boot blocks and root filesystems each had 3 mirror
copies, swap had 2 mirrors, and /var used 5 disk RAID5.  The 6th disk
acted as a hotswap.  Each box had 2 power supplies (Like a lot of modern
Sun gear, E250s will gracefully keep running if the power feed to one of
these dies).  Each box could run with a significant number of its disks
dead.  In addition the boxes were setup to each be MX 10 for a busy
domain.  Once fully tested (and locked down throughly) I went to roll
these out into production and handed them to the staff high availability
Data Centre for installation.  They were originally going to be installed
on different floors of the HA DC.  Someone somewhere got their wires
crossed (so to speak) and they ended up in the same rack.  We also
discovered that if you followed the two power cords out of the racks they
ended up in the same power feed :( Despite the best efforts of myself and
a few others this was the situation when my contract ended.  My
recommendations were in writing so no one can say I didn't warn them :)

Cheers,
	Rob

-- 
Robert Brockway B.Sc. email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org, rbrockway-cFo9iiqjkw8eIZ0/mPfg9Q at public.gmane.org
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml