Print this page

DNS, email and CNAME records

Out of actual reasons there is the need to remind about a mantra that was already valid back in the days of the Cobalt RaQs:

Do not use CNAME DNS records. They are evil.

That is as valid today as it was 15 years ago. If you want to receive emails on a virtual site on BlueOnyx, do not set up CNAME records that point to it. You need A records and MX. The typical bare minimum DNS records for a virtual site look like this:  ---(A Record)--->  IP-Address  ---(A Record)---> IP-Address  ---(MX Record)--->  ---(MX Record)--->

This assumes that "" is the exact name of the site as shown in the virtual site list and that "" has been set as "Email Server Alias" (and "Web Server Alias") for that site.

If you set up your DNS like this and set the proper "Email Server Alias" (and "Web Server Alias"), then you will have no problems.

You can extend on that example and can add further aliases (and DNS records for them). Like in this example:  ---(A Record)--->  IP-Address  ---(A Record)---> IP-Address  ---(MX Record)--->  ---(MX Record)--->  ---(A Record)---> IP-Address  ---(MX Record)--->

If you add "" to the list "Email Server Alias" of the virtual site, then this will also work.

Now if we have a user named "johndoe" on, he would be able to receive email at the following adresses:

However, if you detour from this guide and use a different arrangement of DNS records, then you're on your own. It might work. Or it might not.

The important part is always that the MX record's righthand side HAS to point to the exact fully qualified domain name that EXACTLY matches how the sites is named in the virtual site list. If you don't do that, you will have problems.

Usage of CNAME records prevents Sendmail from relieably determining the righthand part of MX records. So Sendmail fails to make the association which local mailbox the mail should go to. If you ever manage to find a combination of DNS records which includes CNAME records and that works with email delivery, then you're lucky.

But if it breaks and stops working, we won't fix it. Don't use CNAME records, because they are evil. As evil as we get when asked to "fix email delivery" on boxes where you use CNAME records.

Previous page: FAQ
Next page: CMU Migrations