Loading ...
Sorry, an error occurred while loading the content.
 

Possible problems with identical MX records

Expand Messages
  • Peter Rabbitson
    Hello, This is yet another not strictly postfix related post, please bear with me. My question is simple - is it legal/will it cause any problems if a domain
    Message 1 of 3 , Aug 1, 2007
      Hello,

      This is yet another not strictly postfix related post, please bear with me.
      My question is simple - is it legal/will it cause any problems if a
      domain lists two MX records which eventually resolve to the same IP.

      Here is the rationale: I need to migrate an MX used as backup for many
      domains to a different IP. The IP will be released into a pool, and
      possibly reused promptly. If it is assigned to another SMTP server mail
      might be returned due to the 5xx responses such a server might produce.
      One way to deal with that would be to change the MX information for all
      domains, but it will take quite some effort. Another would be to simply
      change the A record of the MX in question until everything is settled
      (all domains list the same MX fqdn).

      Thank you for your help!

      Peter
    • Jorey Bump
      ... As you ve discovered, it simplifies things if all of your domains designate the same MX host(s). This allows you to easily make changes simply by editing
      Message 2 of 3 , Aug 1, 2007
        Peter Rabbitson wrote:

        > This is yet another not strictly postfix related post, please bear with me.
        > My question is simple - is it legal/will it cause any problems if a
        > domain lists two MX records which eventually resolve to the same IP.
        >
        > Here is the rationale: I need to migrate an MX used as backup for many
        > domains to a different IP. The IP will be released into a pool, and
        > possibly reused promptly. If it is assigned to another SMTP server mail
        > might be returned due to the 5xx responses such a server might produce.
        > One way to deal with that would be to change the MX information for all
        > domains, but it will take quite some effort. Another would be to simply
        > change the A record of the MX in question until everything is settled
        > (all domains list the same MX fqdn).

        As you've discovered, it simplifies things if all of your domains
        designate the same MX host(s). This allows you to easily make changes
        simply by editing the A record(s) of the MX host(s). Some admins that
        administer multiple virtual domains make the mistake of creating unique
        MX hosts with A records in every domain, all pointing to one or two IP
        addresses. In most cases, this is an unnecessary vanity (although some
        sites can justify it).

        By your description, you have two problems to address immediately:

        1. Shorten the TTL for any records that are using the deprecated IP, and
        use the same TTL for the new IP wherever it will be returned, even
        indirectly (via the MX lookup, for example). You should do this well in
        advance, to prevent the lookups from being cached for too long. I
        usually use 5 minutes, then gradually increase this, once I'm sure
        everything is working properly. You don't want to leave the short TTL
        for too long, as some sites may consider it to be "spammy".

        2. Do not release the deprecated IP into the pool prematurely. If you
        can, set up an interface alias so the machine can listen on the
        deprecated IP and the new IP simultaneously. Hopefully, you are still on
        the same network and this is a possibility. Once you've made your final
        changes, sit back and evaluate, then make sure you've allowed the TTL to
        expire and release the deprecated IP. If you can't listen on both IP
        addresses simultaneously, consider shutting down SMTP for the duration
        of the TTL, to force mail to be queued by remote hosts and to prevent a
        new machine from rejecting mail when it acquires the old IP. 5 minutes
        of downtime shouldn't be a major inconvenience, at least not compared to
        accidentally rejecting mail.

        And to answer your question, no, it shouldn't be a problem if multiple
        MX records resolve to the same IP address, as long as it's the right one.
      • Peter Rabbitson
        ... Excellent. Since the change will happen next week, and all my A records have a 6 hour ttl, I will simply point both MXes to the IP of the main server. So
        Message 3 of 3 , Aug 1, 2007
          Jorey Bump wrote:
          > Peter Rabbitson wrote:
          >
          >> This is yet another not strictly postfix related post, please bear
          >> with me.
          >> My question is simple - is it legal/will it cause any problems if a
          >> domain lists two MX records which eventually resolve to the same IP.
          >>
          >> Here is the rationale: I need to migrate an MX used as backup for many
          >> domains to a different IP. The IP will be released into a pool, and
          >> possibly reused promptly. If it is assigned to another SMTP server
          >> mail might be returned due to the 5xx responses such a server might
          >> produce. One way to deal with that would be to change the MX
          >> information for all domains, but it will take quite some effort.
          >> Another would be to simply change the A record of the MX in question
          >> until everything is settled (all domains list the same MX fqdn).
          >
          >
          > And to answer your question, no, it shouldn't be a problem if multiple
          > MX records resolve to the same IP address, as long as it's the right one.

          Excellent. Since the change will happen next week, and all my A records
          have a 6 hour ttl, I will simply point both MXes to the IP of the main
          server. So by the time changes actually take place no one will try to
          contact the backup MX (except for horribly broken DNS caches which are
          not really my problem).

          Thank you for the help!

          Peter
        Your message has been successfully submitted and would be delivered to recipients shortly.