XFOR: DNS MX Records and CNAMEs

ID: Q153001

The information in this article applies to:

Microsoft Exchange Server, versions 4.0, 5.0, 5.5

SUMMARY

Domain Name System (DNS) entries for Mail Exchanger (MX) records should point to canonicalized host names. MX records should address fully- qualified principal names or domain literals. Pointing an MX record to an alias (CNAME) can cause misrouted inbound mail.

MORE INFORMATION

DNS is used to identify computers on the Internet. The Internet Mail Connector (IMC) uses DNS to resolve IP addresses when sending mail. A sending SMTP server also uses DNS to determine which host on the destination network is appropriate to receive mail. To determine mail hosts, the sending server checks for an MX record. Next, the sending server resolves the MX record to an IP address by checking for an address record (A record). If an A record is found, the address is fully canonicalized and mail can be delivered.

However, if an alias record (CNAME) is used for the hostname listed in the MX record, the sending host might re-write the envelope and redirect the RCPT command to the alias hostname and not the original recipient. This might cause the destination SMTP host to reject the message.

Example:


company.com.      MX 10       mail.company.com.
mail.company.com.    IN CNAME    server.company.com.

When you address mail to "admin@company.com" with the above configuration, the sending host might detect the fact that the "mail.company.com" is an alias and rewrite the RCPT-TO command to "server.company.com". Thus, the mail envelope written during SMTP mail transmission might be changed to "admin@server.company.com". If the mail system isn't configured to accept mail for "server.company.com" the message will be returned as undeliverable. This problem can be difficult to detect since the body of the message with the TO: line is left unchanged.

Desired Configuration:


company.com.      MX 10       mail.company.com.
mail.company.com.    IN A     127.127.127.127

In the above example, the MX record resolves directly to an IP address. This causes the sending host to realize that the resolved address is canonical and the final destination. Alias records (CNAME) aren't needed because the connection can be redirected to the desired CNAME's IP address directly instead of using an alias record.

RFC 1123 explicitly states that SMTP mail should be addressed to canonical name hosts. To be canonical, the DNS entry must be an A record or an MX record. CNAME records are not canonical and should not be mixed with MX records.

Note that most SMTP servers do not rewrite the message envelope when resolving through aliases. Usually this configuration problem can be detected if there are complaints that a user receives the majority of their SMTP mail but mail from a particular host is rejected even though the addressing is the same.

Additional query words: smtp

Keywords : kbusage XFOR exc4 exc5 exc55
Version : winnt:4.0,5.0,5.5
Platform : winnt
Issue type : kbhowto