Professional Documents
Culture Documents
How do I configure and test the MX Record for my Internet Domain name?
There are several new features included within Exchange Server 2007, which some of my
articles touch on briefly. However, if you are looking for training that takes you from
installation to integration with Outlook and management of Exchange Server 2007 then
you need Train Signal's training videos. The Exchange Server 2007 training videos are
taught by Microsoft MVP and MCSE, David Shackelford, who teaches with a "Hands-
on" approach.
When you want to run your own mail server, and it does not matter what version and
make of mail server you're using - as long as the mail server is using SMTP as the e-mail
transfer mechanism - you'll need to configure the MX Records for your domain.
Without proper MX Records for your domain, only internal e-mail will be delivered to
your users. External e-mail from other mail servers in the world will not be able to reach
your server simply because these foreign servers cannot tell to which server they need to
"talk" (or open a connection to) in order to send the mail destined for that domain.
You can have multiple MX records for a single domain name, ranked in preference order.
If a host has three MX records, a mailer will try to deliver to all three before queuing the
mail.
domain.com. IN MX 10 mail.domain.com.
The Preference field is relative to any other MX Record for the zone and can be on any
value between 0 and 65535. Low values are more preferred. The preferred value is
usually 10 but this is just a convention, not a thumb rule. Any number of MX Records
may be defined. If the host is in the domain it requires an A Record. MX Records do not
need to point to a host in the same zone, i.e. an MX Record can. point to an A Record that
is listed in any zone on that DNS or any other DNS server.
External and Internet-connected networks
When connecting your mail server to the Internet (or to another ex-organizational mailing
system that uses SMTP) you must always make sure that the rest of the world can
successfully resolve your domain's MX Record. Failing to do so will cause e-mail traffic
not to be delivered to you.
In order to properly configure your domain's MX Record you should contact your ISP
(Internet Service Provider) or the party responsible for hosting your DNS Domain name.
They will ask you for your FQDN (Fully Qualified Domain Name) and IP address of
your mail server. Make sure you know them.
In cases where no NAT (Network Address Translation) is being used and where your
mail server is directly connected to the Internet, you will need to provide them with the
FQDN and IP address of your mail server.
Note: This is, by far, the least secure method for connecting a mail server to the Internet.
You should make sure the ISP has had all the necessary routing tables updated in order to
provide Internet availability to your internal IP network range.
Note: It doesn't matter if the real host name of the mail server is NOT "mail". Internet
hosts don't mind that, they just need to know what's the name of the mail server, and
what's the IP address for that name.
In cases where NAT (Network Address Translation) is being used you will need to
provide them with the IP address of your external NAT interface, and configure your
NAT device with Static Mapping for TCP Port 25, and have all TCP Port 25 traffic
forwarded to the internal IP address of your mail server.
In the above example you need to give the NAT's IP address as your MX Record.
Domain name: dpetri.net
Note: Make sure you properly configure the NAT device to forward all TCP Port 25
traffic to 192.168.0.10.
In cases where you have a DMZ (Demilitarized Zone) with a Mail Relay host (i.e. Linux,
Windows 2000/2003 + IIS and SMTP, a dedicated appliance and so on) you will need to
provide the FQDN and IP address of your Mail Relay machine, and configure the
Firewall to only allow TCP Port 25 traffic to be sent to the Mail Relay's IP address, not to
your real mail server.
You should then configure the Mail Relay to forward the incoming e-mail traffic to the
real mail server (after scanning it for spam, viruses and so on).
Other types of records simply provide some types of information (for example, an
HINFO record gives a description of the type of computer/OS a host uses), or others
return data used in experimental features. The "type" field is also used in the protocol for
various operations.
Defining
Code Number Description Function
RFC
Returns all records of all types known
to the name server. If the name server
does not have any information on the
name, the request will be forwarded
All cached on. The records returned may not be
* 255 RFC 1035
records complete. For example, if there is both
an A and an MX for a name, but the
name server has only the A record
cached, only the A record will be
returned.
Transfer entire zone file from the
Full Zone
AXFR 252 RFC 1035 master name server to secondary name
Transfer
servers.
Requests a zone transfer of the given
zone but only differences from a
previous serial number. This request
Incremental
may be ignored and a full (AXFR) sent
IXFR 251 RFC 1995 Zone
in response if the authoritative server
Transfer
is unable to fulfill the request due to
configuration or lack of required
deltas.
This is a "pseudo DNS record type"
OPT 41 RFC 2671 Option
needed to support EDNS
Transaction One way of providing a key to be used
TKEY 249 RFC 2930
Key with TSIG
Record that supports one set of
security mechanisms for DNS. Used to
secure communication between DNS
Transaction
TSIG 250 RFC 2845 resolvers and Name servers, in
Signature
contrast to DNSSEC, which secures
the actual DNS records from the
authoritative name server.