MX-records and DNS -records in a mess?

Wilfred2010
Wilfred2010 used Ask the Experts™
on
does the external IP address given by the ISP for our company have to match the mail server's public IP or should they be separate? I have just recently inherited an IT department with the following Mx-Records.At the moment we have 3 Mx-records.Lets call them records A, B and C.Lets list in a tabular form so that it is easier to understand:

Pref                           Hostname                           IP Address                            TTL
 0                               Example1                        256.254.253.251                    24hrs
10                              Example2                       255.255.255.255                     24hrs
20                              Example3                       254.254.254.254                     24hrs

For the above records, ONLY Example1 and Example3 have a ptr record  - Example1 does not have a ptr record.Furthermore, doing a reverse dns lookup on the IP address for Example1, 256.254.253.251 shows that it is pointing to Example3 for some reason.

And Example3 has its port 25 blocked for some reason.

We are currently using an MDaemon server so is there any way I can tidy up these records because it looks to be in a mess.

Also we have have 2 domains - Domain1 and Domain2  and they both have the same MX-Records.Is this duplication?Can I just have the MX-records hosted on one server and maybe have the second domain "point" to it?Would really appreciate any help rendered.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You only _need_ a PTR record for an address that send mail.

PTR records would usually be managed by the ISP as they are responsible for their reverse DNS for their netblocks, in some cases they might delegate this to another provider, but the smallest unit of delegation is a /24.. MX records and A records would usually be managed by the DNS registrar or a DNS hosting provider, this could also be the ISP but does not have to be.

I cannot tell if you talking about public (external) or private (internal) MX records, can you please confirm.

For a domain to be able to receive email, it should have a public MX record, or have the default address for the domain pointing at the mail server.

The MX records for a domain does not need to be a server in that domain, as an example the below is perfectly reasonable for the domain domain1.demo as long as the other hostnames exist then inbound email will work.

mx 10 smtp-1.domain2.show
mx 20 smtp-2.domain3.display
mx 20 mail.mailer.display

Open in new window

Author

Commented:
"I cannot tell if you talking about public (external) or private (internal) MX records, can you please confirm."  These are all public Mx records
okay :-)

Each MX record points to an A record

The A record does not need to be in the same domain as the MX record.

The A record should also have reverse DNS

You should also have a TXT recors in the spf format for each domain.

A spf record details what servers are allowed to send email for the domain.

An example spf record would be "v=spf1 mx ~all" this would indicate
v=spf1
Version of spf syntax
mx
Match if IP is one of the MX hosts for given domain name
-all
Hard fail if not matched.

Inbound SMTP could be blocked by the ISP, or it could be a misconfigured router, firewall or server.

This site is quite good for testing DNS and basic SMTP checks it also has a basic blocklist checker

This site has a more comprehensive blocklist checker http://domain-blacklist.e-dns.org
Top Expert 2014
Commented:
If "Example 3" has port 25 blocked (and that's the way it's going to remain), there's no reason to have a MX record pointing to it.  If mail was ever sent to it, it would cause an error.

For whatever IP you are sending mail from, you must have an A record that points to that IP, and a PTR record that points at the name in the A record.  These records don't have to have anything in common with the MX records.  I would call this the minimum that you should have configured in order to send mail.  Some servers will still accept mail from you if you don't have the above, or if the names (FQDN) in the PTR and A don't match, but they are becoming fewer.  Additionally, you should also set the SMTP banner to the same FQDN, and configure a SPF record.  The more of these you have in place, the more servers you will be able to send mail to.

You may want to check out http://www.mxtoolbox.com

Each domain should have its own separate records.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial