PeteNetLive - MX Records Explained

MX Records and DNS Explained?

I get asked a lot of questions about DNS records with regard to mail servers, either about MX records or reverse lookup failures etc, So I will take some time to explain what all these records are for, why you need them, and how to set them up properly.

What is DNS?

If you don’t understand this, then we are on a loser straight away, DNS is a method for turning computer addresses into addresses that we can understand, you type www.idontexist.com into a browser, your machine then requests the address for www.idontexist.com from a DNS server. DNS then tells your browser that the idontexist website is on the following IP addresses.

Addresses: 66.102.9.254
Aliases: www.idontexist.com

Click To Enlarge

So that’s what it DOES, so how does it work? Well addresses in DNS read from right to left, so it starts with ".com" this is a DNS "ZONE". This Zone contains all the zones that end in .com, (so there’s one for .org .co.uk etc). A DNS ZONE can contain other ZONES or DNS records. In this Case it contains another ZONE called "idontexist" which contains a DNS RECORD called "www" (In this case a "host" record).

Note: Before my inbox explodes, I know this is not true in practice, but for the purpose of this exercise we will assume it is.

Each Zone in a DNS address is separated by a full stop (Or "period" if your American).

What is a DNS record?

We now know that DNS records live in DNS zones, so what is a DNS record? Well there a different types, the most simple of which is called an A Record (or a host record).

A (Host) Record: Is the building block for DNS it maps a name to an address e.g. www to 66.102.9.254

At this point it’s a good idea to mention Reverse DNS, as the name implies this works the other way round and maps IP addresses back to host names (A Records) this is a special type of DNS record called a PTR record (Stands for Pointer).

PTR (Pointer record): Maps an IP address back to a name e.g. 66.102.9.254 to www

So how does mail work then?

Everything we have done so far explains how DNS records work, to get mail to work you need another DNS Record called an MX (Mail Exchange) Record.

Important: You cannot have an MX record without an A Record!

An MX records job is simply to tell mail systems where to send mail, it identifies an Existing A (Host) record, as a
mail server, and you can have more than one MX record, you set a Priority on each MX record and systems sending you mail, will start with the MX record with the LOWEST priority, and work their way up till they can send mail. However this is considered bad practice as it places all the load of incoming mail on one server, it’s much better to have multiple "Live" mail servers with the same priority (Obviously if you have a fallback or failover mail system then the lower prioity number IS the preferred method).

Note: We mentioned PTR records above, some mail systems perform a "Reverse lookup" on incoming mail (Hotmail being a famous example) and drop any mail that wont resolve that way, if your mail is being rejected due to "reverse lookup" problems then it’s because your PTR records are wrong or don’t exist.

So to "Mail enable" Our imaginary domain, we will create the correct A (host Records) and then the MX records for them, and also create the PTR (Pointer) records to make the whole thing work in Reverse e.g.

Note: Most decent ISP's these days create PTR (Pointer) Records as soon as they create the A(Host) Record, though ASK! When you send your request to them to be sure!

For 2 mail servers that will both receive mail

A (Host) Record that maps mailserver1.idontexist.com to 66.102.9.253
A (Host) Record that maps mailserver2.idontexist.com to 66.102.9.252
PTR (Pointer) Record that maps 66.102.9.253 to mailserver1.idontexist.com
PTR (Pointer) Record that maps 66.102.9.252 to mailserver2.idontexist.com
MX (Mail Exchange) Record with a Priority of 10 for mailserver1.idontexist.com
MX (Mail Exchange) Record with a Priority of 10 for mailserver2.idontexist.com

Click To Enlarge

For 2 Mail Servers (One is a failover/fallback Email Server {Mailserver2})

A (Host) Record that maps mailserver1.idontexist.com to 66.102.9.253
A (Host) Record that maps mailserver2.idontexist.com to 66.102.9.252
PTR (Pointer) Record that maps 66.102.9.253 to mailserver1.idontexist.com
PTR (Pointer) Record that maps 66.102.9.252 to mailserver2.idontexist.com
MX (Mail Exchange) Record with a Priority of 5 for mailserver1.idontexist.com
MX (Mail Exchange) Record with a Priority of 10 for mailserver2.idontexist.com

Click To Enlarge

For a Single Mail Server

A (Host) Record that maps mailserver.idontexist.com to 66.102.9.253
PTR (Pointer) Record that maps 66.102.9.253 to mailserver.idontexist.com
MX (Mail Exchange) Record with a Priority of 10 for mailserver.idontexist.com

Click To Enlarge

Is that all you need to do?

In most cases yes, there is a further Mail record that you may need to get involved with that’s the SPF (Sender Policy Framework) record, this lets you "Allow" other IP addresses or domains to send mail on your behalf, For example our Imaginary domain above has a company that looks after their stock and invoicing, they need to send mail from their systems that come from stock@idontexist.com, this would not work because its coming from the wrong IP address etc, so you can add the IP address of this company or their domain name and allow mail from them also using an SPF Record. If you feel you need this feature then speak to your ISP.