2

If I have three mail servers MS1, MS2 and MS3 all with different IPs but share the same domain name (exampledomain.com) and I use an SPF record to specify them, how would reverse DNS work on the server receiving mail from any of my mail servers since each of them would resolve to a different IP? Or would the receiving server have to check against the SPF records instead?

leeeennyy
  • 43
  • 4

2 Answers2

5

Never name your mail servers (or any other server) with the naked domain name. This will break a lot more stuff than forward confirmed reverse DNS lookups.

Each server should have its own unique name which is a subdomain of your domain, and for which the reverse DNS points back to that name.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Ah I see, but if you used a subdomain, is there still a purpose of having a SPF record, since all it needs to say is which mail servers are permitted to send email on behalf of them? – leeeennyy Nov 02 '16 at 03:20
  • 1
    @leeeennyy The SPF record says what servers can _send_ mail on behalf of your domain. If you intend to send mail, you should have one; if there is no SPF record it's assumed that you don't care who sends mail for your domain. – Michael Hampton Nov 02 '16 at 03:22
  • Perfect. Thanks for clarifying this up/teaching me new things Michael! – leeeennyy Nov 02 '16 at 03:26
3

A configuration example for 3 Mailservers:

A Records
ms1.exampledomain.com => 125.1.1.1
ms2.exampledomain.com => 125.2.1.2
ms3.exampledomain.com => 125.3.1.3

PTR Records
125.1.1.1 => ms1.exampledomain.com
125.2.1.2 => ms2.exampledomain.com
125.3.1.3 => ms3.exampledomain.com

MX Records
exampledomain.com => ms1.exampledomain.com
exampledomain.com => ms2.exampledomain.com
exampledomain.com => ms3.exampledomain.com

TXT Records
exampledomain.com => "v=spf1 mx -all"

The spf have a relation with the mx records, every additional mail server in your domain mx records is allowed to send.

You can check if the configuration valid with one of this services

Tom Baires
  • 214
  • 1
  • 4
  • Hello, if I have two identical names for different IPs, when one is down will the other take over the service without problems? A Records smtp.exampledomain.com => 125.1.1.1 smtp.exampledomain.com => 125.2.1.2 – Nebenzahl May 26 '23 at 20:07
  • No, this is wrong. Read again the answer you are commenting under, it shows up *correct* DNS setup. Also read the accepted answer: never have identical names for different mail servers. In mail, if you want takeover, make several MX records with different weights (these aren't shown; the least weight numerically will be tried first). – Nikita Kipriyanov Jun 01 '23 at 10:05