Monday, October 16, 2006

MX vs A record

One issue that has been the topic of some pointless discussion is whether a mail server should have an A record or an MX record. Mail can be delivered to a domain that has no MX record but simply an A record pointing to an IP address. But the most common practice is to have an MX record pointing to the name of the machine that serves the mail. A common use for this is to have a bulk mail hosting machine with multiple MX records pointing at it, which then allows you to have matching forward and reverse DNS entries for the machine name.

If you have no MX record for a domain then Postfix will do the following DNS requests:

IP postfix.34245 > DNS.domain:  3448+ MX? (32)
IP postfix.34261 > DNS.domain: 50123+ A? (32)

If you have an MX record then it does the following:
IP postfix.34675 > DNS.domain:  29942+ MX? (32)
IP postfix.34675 > DNS.domain: 33294+ A? (37)

Now if there are multiple domains on a bulk mail hosting system then the A record might already be in a local cache on the sending machine, so having bulk mail hosting with MX records may reduce the number of DNS lookups, with the minumum number of lookups being half plus one.

If there is no bulk mail hosting then an MX record would still offer some slight benefits if the positive responses are cached for longer than negative responses. This would mean less lookups which gives faster and more reliable delivery of mail plus being more friendly to the net. I don't know what the cache behaviour is in this regard so I'm not sure if this would actually give a benefit (I'm sure someone will comment with the answer).

Now regardless of these issues I think that using an MX record is the better option. It's what most software expects and saves you from the excitement of discovering corner case bugs in various software that's out there on the net.


Quim said...

With MX you can also have failsafe servers as you can define multiple MX hosts in a domain and set a priority, so when the server with higher priority is down, the second in the list is used and so on.

Alexander Boström said...

You mean people actually doubt that having a MX record is a good idea? Stunning.

Giacomo said...

mail backup server are no more a good idea. Sender MTA will anyway try for 30 days (RFC requirement).

Normally a backup server checks only domains and not mailbox, so it will bounce (read: send) a lot of spam to random people.

Spammers use this "feature" to send mail directly to backup server.

I saw (maybe in this blog) that using a "backup mail" MX 20 host.without.port.25. will reduce the spam, because some spammes use inverse priority.

Juan Pablo said...

Hi... I found this subject while searching for information on how to configure our mail server. We have a problem. Our IP has been listed in SORBS as spammer, and they tells us that in order to delist we need to configure our server so it meets certain conditions (quoting them):

"Delisting is also possible by having the reverse DNS set to the same as the MX record for a domain. However, please be aware that the DNS PTR, MX and A records should have a minimum Time-to-Live of 12 hours"

About the reverse DNS, I think I already set that up, but about the PTR and A records, I think our postfix doesn´t have that configured (when I run a test from SORBS site to check our domain, that is what it tells me.. it can´t find the A or the PTR record)

Anyone can help me with this??

Thanks in advance

Juan P Realini