Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem with MX records as CNAME and email delivery

Discussion in 'Bind/DNS/Nameserver' started by petersphilo, Feb 22, 2018.

Tags:
  1. petersphilo

    petersphilo Member

    Joined:
    Nov 14, 2016
    Messages:
    18
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Paris
    cPanel Access Level:
    Reseller Owner
    Hello,

    This is just to inform you that 1&1 now refuses to interact with mail servers using the following DNS configuration:
    say the MX record points to mail.domain.tld
    if the record for mail.domain.tld is a CNAME record rather than an A record, 1&1 will refuse to accept mail from or deliver to your server!!

    i discovered this because a client of mine receives the following error messages when communicating with a domain hosted on 1&1:
    550-Requested action not taken: mailbox unavailable
    550 invalid DNS MX or A/AAAA resource record


    see this post, which seems to confirm:
    - Removed -

    Has anyone else seen this behavior?

    if this is going to be a new trend, please note that cPanel, by default, has the MX record point to a CNAME record rather than an A record..
     
    #1 petersphilo, Feb 22, 2018
    Last edited by a moderator: Feb 22, 2018
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,628
    Likes Received:
    72
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    I believe this has always been the case. This is part of RFC 2181

    RFC 2181 - Clarifications to the DNS Specification

    Scroll on down to section 10.3

    I do not believe cPanel's default behavior disobeys this rule.

    What MX records are you seeing as being created by default in cPanel?
     
    #2 sparek-3, Feb 22, 2018
  3. petersphilo

    petersphilo Member

    Joined:
    Nov 14, 2016
    Messages:
    18
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Paris
    cPanel Access Level:
    Reseller Owner
    ok, thank you for the information, but i checked and every domain that i created using cPanel made the mail.domain.tld record a CNAME record rather than an A record...
    Maybe it was just the version i was using when i created the domains....

    EDIT:
    i figured out what's going on...
    i just checked my zone templates:
    Code:
    %domain%. IN A %ip%
%domain%. IN AAAA %ipv6%

%domain%. IN MX 0 %domain%.

mail IN CNAME %domain%.
www IN CNAME %domain%.
ftp IN CNAME %domain%.
    since they are set to use domain.tld as the MX entry, they just CNAME the mail.domain.tld entry...

    is there a reason to favor domain.tld over mail.domain.tld as your MX entry? (other than cheaper SSL certificates, if you're not using LetsEncrypt)
     
    #3 petersphilo, Feb 22, 2018
    Last edited: Feb 22, 2018
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,628
    Likes Received:
    72
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Certificates have nothing to do with mail exchanges.

    The MX records just need to point to a hostname that resolves to an IP address that is where you want mail for that domain name to go.
     
    #4 sparek-3, Feb 22, 2018
  5. petersphilo

    petersphilo Member

    Joined:
    Nov 14, 2016
    Messages:
    18
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Paris
    cPanel Access Level:
    Reseller Owner
    i'm aware that certificates have nothing to do with mail exchanges...
    what i meant was that SSL certificates that include subdomains (like www or mail) are usually more expensive, so i can imagine wanting to run everything off of one domain...

    i also imagine that the traditional mail.domain being used for MX is to allow for separate servers...

    i guess what i was asking is this:
    is there any reason, on a small server with under 30 mail accounts, a low-frequentation website, and basically no other services, to use mail.domain.tld rather than just domain.tld as the MX ?
     
    #5 petersphilo, Feb 22, 2018
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,331
    Likes Received:
    55
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I'm guessing cPanel by default creates an MX that points to domain.ext rather than mail.domain.ext, and that mail.domain.ext is a CNAME pointing to domain.ext simply for the purpose of having less records requiring editing when you migrate accounts. Just a guess. I don't think you asked that, but i'm just thinking out loud.

    Anytime a hostname is entered as an A-record versus a CNAME, that requires one less DNS lookup to resolve it. So in my mind, it's preferable to have A-records rather than CNAMEs, except in instances where using CNAMEs makes things clearer or more efficient from an administrative standpoint. Again, I realize you didn't ask that.

    I don't think there is really any preference for using domain.ext or mail.domain.ext as your MX. Just be aware that if your MX record points to domain.ext and you do something like move your website elsewhere but keep your mail on the cPanel box, you will want to make sure that you change mail.domain.ext to an A-record pointing to the local cPanel IP and then change your MX record to point to mail.domain.ext rather than domain.ext.

    Mike
     
    #6 mtindor, Feb 22, 2018
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,182
    Likes Received:
    1,756
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Did you reach out to 1&1 and confirm that to be the case? Generally, the error message you referenced stems from an invalid or non-working resolver in the cPanel server's /etc/resolv.conf file. Fixing the /etc/resolv.conf file solves the issue. To test this, try updating the /etc/resolv.conf file on your cPanel server to a public resolver (e.g. Google provides 8.8.8.8, 8.8.4.4) to see if the issue persists.

    Thank you.
     
    #7 cPanelMichael, Feb 26, 2018
  8. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,331
    Likes Received:
    55
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Michael,

    What the OP referenced has nothing to do with the local cPanel server's resolver.

    1and1 has been doing this for a long time actually. I'm fairly certain of that.

    From RFC1912:

    Don't use CNAMEs in combination with RRs which point to other names
    like MX, CNAME, PTR and NS. (PTR is an exception if you want to
    implement classless in-addr delegation.) For example, this is
    strongly discouraged:

    podunk.xx. IN MX mailhost
    mailhost IN CNAME mary
    mary IN A 1.2.3.4


    [RFC 1034] in section 3.6.2 says this should not be done, and [RFC
    974] explicitly states that MX records shall not point to an alias
    defined by a CNAME. This results in unnecessary indirection in
    accessing the data, and DNS resolvers and servers need to work more
    to get the answer. If you really want to do this, you can accomplish
    the same thing by using a preprocessor such as m4 on your host files.

    Also, having chained records such as CNAMEs pointing to CNAMEs may
    make administration issues easier, but is known to tickle bugs in
    some resolvers that fail to check loops correctly. As a result some
    hosts may not be able to resolve such names.

    Having NS records pointing to a CNAME is bad and may conflict badly
    with current BIND servers. In fact, current BIND implementations
    will ignore such records, possibly leading to a lame delegation.
    There is a certain amount of security checking done in BIND to
    prevent spoofing DNS NS records. Also, older BIND servers reportedly
    will get caught in an infinite query loop trying to figure out the
    address for the aliased nameserver, causing a continuous stream of
    DNS requests to be sent.

    The simple answer is to not reference a hostname in an MX record if that hostname is a CNAME. Only reference a hostname in an MX record if that hostname has one or more associated A-records.

    Mike
     
    #8 mtindor, Feb 26, 2018
(You must log in or sign up to post here.)
Loading...
Similar Threads - Problem records CNAME
  1. Sourav Shukla

    Problems in smtp and mx records

    Sourav Shukla, Apr 27, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    222
    cPanelLauren
    Apr 30, 2018
  2. Patrickb2server

    DNS Records Problem After Server Issue

    Patrickb2server, Jan 13, 2017, in forum: Bind/DNS/Nameserver
    Replies:
    3
    Views:
    608
    Infopro
    Jan 13, 2017
  3. JCamaraDS

    Can't receive mails / Problems with MX Records

    JCamaraDS, Nov 16, 2016, in forum: Bind/DNS/Nameserver
    Replies:
    5
    Views:
    714
    cPanelMichael
    Nov 17, 2016
  4. diracuser

    New Thread Disable ping problems

    diracuser, May 22, 2018 at 4:33 AM, in forum: Security
    Replies:
    0
    Views:
    0
    diracuser
    May 22, 2018 at 4:33 AM
  5. 50l3r

    Problema con compresion GZIP

    50l3r, May 21, 2018 at 1:42 PM, in forum: Discusión en Español
    Replies:
    4
    Views:
    29
    50l3r
    May 21, 2018 at 4:12 PM

Share This Page