Don't Mix MX and CNAME Records
|
An ambiguity in RFC 2821, which defines how e-mail should be delivered, causes problems for some users, according to Ferris Research. In its first blog on the subject they relate a story of someone (names are expunged to protect the innocent from embarrassment) who decided to configure his DNS with both an MX record (which advertises the mail server) and a CNAME record defining where the Web server was. More specifically, the CNAME defined "the-domain-in-question.com." to be "www.the-domain-in-question.com", the IP address of which was defined in a separate A record. After this, Mr. Anonymous' e-mail wasn't consistently reaching the mail server anymore. Some external servers were no longer finding the mail server. The problem turns out to be that when a server has a CNAME record, some sending mail servers will attempt to connect to that and not to the server pointed to by the MX record. So in the example, the outside mail was being sent to the Web server, which of course didn't respond to it. The problem, says Ferris, is in an ambiguity in RFC 2821. They have a point. The SMTP standard seems to recommend against mixing CNAME and MX records, but it doesn't prohibit it, and it's unclear on how the server should behave when it finds both. Bottom line: Don't mix them. |
Comments (4)
It's silly advice to recommend against having CNAME records and MX records for a domain, most of the world does this with no problem whatsoever. The problem is not their simultaneous existence, the problem is having an A record for www.thedomain.com and a CNAME record for thedomain.com. That is the opposite of how you should setup a domain's records.
The correct way to set this up is to have an A record for thedomain.com which points to the IP of the web server, a CNAME record for www.thedomain.com which is an alias to thedomain.com, and an MX record for thedomain.com which points to the email server's domain or IP.
I suspect this reversed approach originates from the old Microsoft networking strategy of using thedomain.com for a company's internal server, requiring the web site to use www.thedomain.com. We've seen lots of DNS records setup this way, and it's truly bizarre in the modern context. Requiring users to type "www." in front of your domain name is so last millennium!
Please refrain from giving obviously misinformed advice about DNS. It's already confusing enough without this kind of disinformation floating around.
Posted by Troy Davis | September 11, 2008 9:28 AM
Well, yes and no.
It's hardly "silly advice" to recommend against ignoring RF1034 (especially as the implications depend on the varying implementations of MTAs).
However, the two blog posts don't say what our friend should have done to safely achieve what he wanted.
As you may have guessed, there's a third blog post in the sequence, which will say as much...
Posted by Richi Jennings | September 11, 2008 9:52 AM
The third part of the series says what our friend should have done to safely achieve what he wanted.
It's now up, at ferris.com.
Posted by Richi Jennings | September 19, 2008 9:01 AM
Troy Davis mentions that the www hostname should be a CNAME of the root name. I wanted to make two comments regarding this.
1. Both can (and often should be) A records. You can have:
@ A 1.2.3.4
www A 1.2.3.4
One doesn't need to be designated as an alias of the other.
2. Most domains have other services other than web pages, so it's presumptuous that the default IP address for the domain should point to the web server. You should name your servers and services based on what they are. As an example, I could say you need to talk to Davis, and you can assume I mean Troy Davis, just like if I say to go to example.com that I probably mean a web server, but it could be FTP, SMTP, or gopher[:)] instead. The name www.example.com is clear that it should be HTTP.
Posted by Dan M | January 20, 2009 7:45 PM