I’m a fairly recent user of MIAB.
Recently my Box went down for 6hours (due to my incompetence) and I missed some important emails.
To prevent a recurrence, I’m looking to add a backup relay server; which my ISP offers. It seems I just add a dns entry to my box as follows; example.com MX 50 backup.ISP.com.
If this is correct, can my ISP routinely view my emails? OR only view them when my box is down?
Are there any other pitfalls doing what I propose?
They will only receive your domain’s emails when your box is down.
Using backup MX fell out of favor when spammers (and just plain disruptive/malicious people) started detecting that a backup MX was in use and hit the domain especially hard, which tends to cause an excess of email to the domain which in turn overwhelms the original server when it is back up. So, kind of an attack.
Honestly, if you lost email during a short downtime (yes, even 6 hours) then the truth of the matter is that you must not have set up Secondary DNS. The sending email servers should be retrying the failed emails for several hours/days. (The norm is 2-3 days).
However, they can only retry mail if there is a DNS record. The way MiaB is set up, you must take extra steps to set up Secondary DNS.
This article I wrote goes into more detail:
Thank you for your 100% helpful response.
Thanks to you I’ve now successfully set up a secondary dns server and all is working well
I’ve never actually set up multiple DNS servers before, so maybe this is a dumb question:
If I set up a secondary DNS server, is it automagically updated by MiaB?
If it is properly set up as a secondary/slave server, then YES indeed.
Okay, so one step further:
If I configure two separate DNS servers as secondary servers being configured by MiaB, then in the NS records only point at the two servers configured as secondary, will this still work?
You COULD do this … it would be considered as if the MiaB is acting as a “hidden” master. Note, I am talking about if YOU create the name servers. If you use puck or gandi or cloudns or some other provider, then it could be done either way. Do note though, that MiaB will always add a NS record for ns1.box.domain.tld
. So it is not truly hidden in that aspect.
We probably should have a 1 on 1 in Slack or PM on this as it get’s complicated quickly.
But the short answer to your actual question is YES.
I’m a ways away from working to implement this, but one of the things I enjoy about MiaB is it manages all the myriad DNS entries for me.
However, I think there is a use case where I don’t want to send all of the DNS traffic to a mail instance, but my mail needs are not beyond MiaB, so I want some other dedicated servers for DNS, and just have MiaB configuring them for me (I would likely configure a firewall in front of MiaB (Vultr has this for every server) to manage external requests on DNS lookup ports to only respond to configured secondary servers).
Agreed. I am actually setting this up now for a client which is helping me understand how to make everyrhing work smoothly. Look for me to begin offering Secondary DNS service soon.