[nzlug] Understanding email DNS

Warren Boyd w.boyd at clear.net.nz
Thu Oct 5 23:53:55 NZDT 2006 

On 2006-10-05, at 11:45 , Robin Sheat wrote:

> On Thursday 05 October 2006 22:55, Michael Adams wrote:
>> I was under the impression that the email for these domains had to
>> go through e-Xperts mailserver. Yet one of the other regions tells me
>> that their northern.foo.org.nz emails come direct to their server.
> It does whatever it's been told to do, basically.
>
> When an email it to be delivered, the server looks up the hostname  
> (e.g.
> eastcoast.foo.org.nz), finds the MX (Mail eXchange) record (e.g.
> mail.foo.org.nz) and sends the mail to that. If you added another  
> subdomain
> (e.g. northern.foo.org.nz) and set the MX record to something else  
> (e.g.
> kallisti.hopto.org), then all the mail @northern.foo.org.nz would  
> go via my
> mail server (and bounce, but that's beside the point:)
>
> To find out the MX records, do this:
> $ host -t MX kallisti.net.nz
> kallisti.net.nz mail is handled by 15 mail2.umbra.net.nz.
> kallisti.net.nz mail is handled by 5 kallisti.hopto.org.
> kallisti.net.nz mail is handled by 10 smtp.umbra.net.nz.
>
> The numbers are the priority, lowest to highest, specifying the  
> order the
> servers get tried in. If you compare the results of that command on
> eastcoast.foo.org.nz and northern.foo.org.nz, I expect you'll get a  
> different
> result. Also note that the MX record is just a line in a file  
> somewhere, so
> it can be changed to point whereever you like, typically at the most
> convenient mailserver, and some backups.

Thanks Robin - I think you summed it up better than my disjointed  
explanation.

However, one thing to note with your backups is that they *will*  
experience traffic even when your primaries are all operational.

This comes from many "spam engines" having brain dead DNS resolution  
routines and just using whatever comes up first as the point it's  
going to use.  I've seen a few comments about marking spammers as all  
those that hit the secondaries ...

I think I recall seeing that in the event of no MX record, mail  
servers should attempt to use the A record.  Someone more up to speed  
with the RFC's might be able to point out if this is legitimate?

Cheers,
Warren.

More information about the NZLUG mailing list