Appendix C: Name Resolution Services

C.3.2.2 "MX" Records

The MX resource record provides the ability to publish mail routing information using DNS. This is useful for several reasons:

• MX records allow multiple hosts to accept mail on behalf of a single host. If the destination mail server is down or otherwise off-line, then one of the other mail servers can accept mail on that system’s behalf. When the destination system is brought back on-line, the secondary mail servers will forward the mail to it.
  
  
• MX records allow multiple hosts to accept mail on behalf of a domain. Rather than address mail to user@host.domain.com, you can simply send mail to user@domain.com. The MX records tell external mail servers which internal mail servers to use for mail that is addressed to @domain.com.
  

The format of the MX record differs slightly from the format of an A record. Rather than use IP addresses, the MX record uses host names instead. Also, an additional field provides an ability to set "preferences" for which hosts are the end-targets.

For example, an MX entry for "Greywolf" might look like the following:

Greywolf  IN  MX  10  Greywolf
          IN  MX  20  Prophet

Figure C.9: Sample "MX" record for a host, pointing to two systems capable of receiving mail for the host named "Greywolf".

In this example, there are two MX records for the host named "Greywolf." The first resource record indicates that mail for "user@greywolf" can be sent to either "Greywolf" or "Prophet." The MX record that points to "Greywolf" has a preference value of "10", which is a higher preference than the value of "20" associated with "Prophet." Mail servers will interpret this preference and attempt to send mail for "user@greywolf" to "Greywolf" first. Failing that, they will attempt to send the mail to "Prophet," which will then hold the mail until "Greywolf" is reachable.

MX records can also be assigned to an entire domain. For example, the following MX resource record indicates that all mail addressed to "user@UNOVERICA.COM" should be sent to "Prophet," and then to "Greywolf" if "Prophet" is unreachable:

UNOVERICA.COM  IN  MX  10  Prophet
               IN  MX  20  Greywolf

Figure C.10: Sample "MX" record for a domain, showing two hosts capable of receiving mail for the domain "UNOVERICA.COM".

Note that this only applies to how external mail servers route mail to your organization. In order for "Prophet" to accept the mail for local delivery to the user’s mailbox, the user account must exist on that system, and the local mail server must be configured to accept mail addressed to "UNOVERICA.COM." If either of these conditions are not met, then the system will not deliver the message successfully.

Under no circumstances should you use MX records in conjunction with CNAME alias records. This will confuse many mail servers on the market, preventing you from receiving mail from those systems. For more information about CNAME resource records, refer to section 4 “CNAME” Records.

C.3.2.2.1 Using Wildcards with MX Records

Some DNS servers support the use of asterisks as wildcards, allowing a single MX record to provide mail routing information on behalf of every host in the domain. In theory, this allows administrators to publish consistent mail routing maps for every host on the network without having to maintain MX records for every host. The following shows a sample MX record that could be used for all of the hosts in the UNOVERICA.COM domain:

*.UNOVERICA.COM  IN  MX  10  Prophet
                 IN  MX  20  Greywolf

Figure C.11: Sample "MX" record that uses wildcards.

In theory, any mail sent to any host in the UNOVERICA.COM domain would then get routed to "Prophet" or "Greywolf," depending on which system was available. In practice however, this does not work as well as expected.

First of all, in order for the mail servers specified in the MX record to accept mail on behalf of all of the systems on your network, they must be explicitly configured to do so. This is not necessarily appropriate for most organizations. Instead, they should only accept mail on behalf of a few published hosts, and reject mail for the lesser systems on the network. By rejecting the message outright, the sender is forced to use the correct mail server.

Another problem with using wildcards in MX records is that these MX records also apply to unknown and non-existent hosts. If someone attempts to send mail to a user on "Greywolf.UNOVERICA.COM" but instead types "Graywolf" (using an "a" instead of an "e" in the name), then mail get routed to the systems specified in the global MX record. Since the host will be unknown on the mail servers specified in the MX record, they will attempt to deliver the mail to the host specified. At that point the MX record will refer them back to themselves, potentially causing the messages to get looped multiple times.

While you do not need to create MX records for every host in your organization, you should create them for every host that will be accepting mail from other systems. Although some mail servers do not require the use of MX records, many mail servers do, and therefore you will not get all of the mail from all of the people who are attempting to send mail to you if you do not add explicit MX records for each of the major mail servers on your network. Also, by using MX records for every mail server on the network, you are gaining a tremendous amount of flexibility, redundancy, and overall reliability, through the use of "preference" values.

WARNING: You should not use wildcards in MX records.

Copyright 1997 Unoverica Corporation. All Rights Reserved page
Send comments to docs@unoverica.com