Print this page

DNS, email and CNAME records

Out of actual reasons there is the need to remind about a mantra that was already valid back in the days of the Cobalt RaQs:

Do not use CNAME DNS records. They are evil.

That is as valid today as it was 15 years ago. If you want to receive emails on a virtual site on BlueOnyx, do not set up CNAME records that point to it. You need A records and MX. The typical bare minimum DNS records for a virtual site look like this:

www.site.com  ---(A Record)--->  IP-Address
site.com  ---(A Record)---> IP-Address
www.site.com  ---(MX Record)---> www.site.com
site.com  ---(MX Record)---> www.site.com


This assumes that "www.site.com" is the exact name of the site as shown in the virtual site list and that "site.com" has been set as "Email Server Alias" (and "Web Server Alias") for that site.

If you set up your DNS like this and set the proper "Email Server Alias" (and "Web Server Alias"), then you will have no problems.

You can extend on that example and can add further aliases (and DNS records for them). Like in this example: 

www.site.com  ---(A Record)--->  IP-Address
site.com  ---(A Record)---> IP-Address
www.site.com  ---(MX Record)---> www.site.com
site.com  ---(MX Record)---> www.site.com
mail.site.com  ---(A Record)---> IP-Address
mail.site.com  ---(MX Record)---> www.site.com


If you add "mail.site.com" to the list "Email Server Alias" of the virtual site www.site.com, then this will also work.

Now if we have a user named "johndoe" on www.site.com, he would be able to receive email at the following adresses:

johndoe@site.com
johndoe@www.site.com
johndoe@mail.site.com

However, if you detour from this guide and use a different arrangement of DNS records, then you're on your own. It might work. Or it might not.

The important part is always that the MX record's righthand side HAS to point to the exact fully qualified domain name that EXACTLY matches how the sites is named in the virtual site list. If you don't do that, you will have problems.

Usage of CNAME records prevents Sendmail from relieably determining the righthand part of MX records. So Sendmail fails to make the association which local mailbox the mail should go to. If you ever manage to find a combination of DNS records which includes CNAME records and that works with email delivery, then you're lucky.

But if it breaks and stops working, we won't fix it. Don't use CNAME records, because they are evil. As evil as we get when asked to "fix email delivery" on boxes where you use CNAME records.


Previous page: FAQ
Next page: CMU Migrations