dns+mail 初學者常犯的錯誤

Source: Configuring DNS for Your Standards-Based Mail Service: How to Avoid the Most Common Misconfigurations

這篇用心的解說了初學 dns 者常犯的錯誤，想學好 email 架設的人，最好花時間看一下。

061: DNS + Mail Server 真的是非常好玩的東西。

節錄一小段跟 mx 相關的如下:

The DNS stores a number of items of interest to mail servers. An address (A) record maps a server’s host name to its IP address. For example, using Bind’s notation:

mail.software.com IN A 123.45.67.89

A Mail Exchange (MX) record maps a domain name to a server’s host name. For example:

software.com IN MX 10 mail.software.com

When you send an e-mail to user@software.com, your local mail server receives the message and then searches for the IP address of software.com’s mail server. This is a two step process. First, it looks up the MX record for software.com, which identifies the name (A record) of the server that handles mail for the software.com domain. Next, it looks up mail.software.com’s (A record) to find its IP address. Your local mail server then establishes a connection with the host 123.45.67.89 and transfers the message to software.com’s mail server.

Avert Disaster by Preparing a Fallback MX Host

Having an alternate mail host can save the day if your primary inbound Simple Mail Transfer Protocol (SMTP) host gets knocked out, even for a short time. This fallback MX host receives mail for your site when your primary MX host is unavailable, queues your mail, then forwards it to your primary MX host when your site is back online.

If you haven’t set up a fallback MX host, and your MX host or network goes down, mail for your site will queue up on many servers throughout the Internet. This is likely to cause problems when your mail service is brought back online.

If you don’t know which mail servers have been queuing mail for your site, you won’t know whom to notify once your service is brought back online. Since manual intervention may be required to "flush" your queued mail, it may sit on these servers for a long time before it is sent to you. If it sits there long enough, it may even be bounced.

Once your primary MX server comes online, the queued messages it receives will not arrive in chronological order, since different sites will flush their queues at different times.

When it rains, it pours. The longer your mail service is unavailable, the more mail queues up. Since you can’t regulate the many machines that mail is queued on, a sudden flood of backlogged mail may overwhelm your system, degrading performance or even filling up spool disks.

By using a fallback MX host, you know where to find your (serialized) mail if your primary MX mail server crashes or becomes unreachable. Choose your fallback MX host wisely. It can be onsite, offsite, or both. An offsite fallback MX host is less likely to be affected by a catastrophe that disables your own system or network, but requires a cooperative, reliable partner. An unreliable fallback host may be worse than none at all, since it may lose your mail if it’s not managed properly. Your fallback host must have enough capacity to spool your mail, possibly for days. Beware of the ripple effect.

You’ll need to negotiate the configuration and operational procedures with the managers of your fallback site. Never use a fallback site without the consent of its management. Test the scenario periodically to ensure a SMTP-relay spam blocking policy doesn’t prevent the fallback host from receiving and queuing your mail.

Following is a recommended configuration of your DNS MX records:

software.com, 86400 IN MX 10 mail.software.com
86400 IN MX 20 fallback.software.com
86400 IN MX 90 mail.othercorp.com

During normal operation, mail is received by your primary MX host, mail.software.com. Should it become unreachable (and SMTP connections fail), mail will be routed to your lower priority (20) onsite fallback host, fallback.software.com. If it too is unavailable, your mail gets queued on your offsite fallback host, mail.othercorp.com.

Ensure that you have a secondary DNS server hosted offsite. If you don’t and a disaster strikes, taking down both your DNS and your primary mail servers, mail will not be able to find its way to your fallback MX server after its DNS Time-to-Live (TTL) expires.

DNS configurations for disaster scenarios are covered in detail in O’Reilly’s book DNS and BIND by Paul Albitz and Cricket Liu.