Are separate dns records necessary for web and mail on a single server?
When setting up a web/mail server on a single server or VPS with one IP address almost every guide online follows the same structure for DNS:
example.com. IN A 192.0.2.0
hostname.example.com. IN A 192.0.2.0
mail.example.com. IN A 192.0.2.0
example.com. IN MX 10 mail.example.com.
0.2.0.192.in-addr.arpa. IN PTR hostname.example.com
I used this several times and it has always worked for me. But I was wondering if there's a reason why the mail server points to a different name? Would it be possible to point the MX record to the hostname and simply use hostname.example.com for SMTP and POP3?
Solution 1:
Yes, it would be possible, but you will lose some important advantages if you choose to do so:
If you point all services to the same DNS name, you can't put them onto separate servers any more without reconfiguring any client that refers to them.
As an example: With different names, when the load on the server grows too much, you can simply offload the mail services to another server without affecting the clients. All you have to do is to adapt your DNS records.
Solution 2:
As per rfc5321 the mail delivery is done to the A address if MX is missing. So the following lines are not required for SMTP to work:
mail.example.com. IN A 192.168.0.1
example.com. IN MX 10 mail.example.com.
See also: http://en.wikipedia.org/wiki/MX_record#History_of_fallback_to_A
Solution 3:
You can use whatever hostname that you like for your mailserver, but you do need should have an MX entry.
With that said, I do like the idea of having a separate name for different roles. First, if/when it comes time to change hosts, you're in greater control of DNS and will suffer fewer problems due to external DNS caching.
Solution 4:
Your mail server will need a PTR
record pointing to it. This will allow reverse DNS to work. I don't trust mail servers which use a second level domain like example.com
as too many spammers try to claim their name is one of the big name domains. You are better off using a name like mail.example.com
. If you are using mail.example.com
add an MX
to your main domain example.com
indicating mail.example.com
will receive mail. By the way neither mail.example.com
nor example.com
can be CNAME
entries.
You can run everything on one domain name. However, if I have convinced you to use mail.example.com
for you mail server, you may want to use www.example.com
for your web server rather than mail.example.com
. If you use www.example.com
it will be easy to add parallel domain for static content which does not receive cookies from your web server.
It is common to have the IP address of the parent domain, example.com
resolve to the web server's address. If you don't have a lot of web traffic you can use a CNAME record for your web domain. The rest of the services not listed above such as POP and IMAP can be handled by CNAME records. If you add different servers later you can replace the CNAME record with an A record, or simply adjust the CNAME record. Using CNAME records ease adding IPV6 as you won't need to add AAAA records to all your domains.
I like to have a DNS record for the hostname. If you do that you can use that domain instead of mail as your MX
. In your example, I would drop the mail.example.com
record and use hostname.example.com
in your MX
record. Add a CNAME record for www.example.com
and you are pretty well done.
Your mail server should use whatever name the PTR
record for your server uses. You may need to get your IP provider to change the PTR
appropriately. Add an A
record for that name as well.
Consider adding SPFs record for both hostname.example.com
and example.com
.