• 1. London, UK
  • 2. New York, NY
  • 3. Sydney, Australia
  • 4. Melbourne, Australia
  • 5. Moscow, Russia
  • 6. Singapore
  • 7. Paris, France
  • 8. Chicago, IL
  • 9. Hong Kong
  • 10. Houston, TX

Tuesday, November 07, 2006

 

RFC 2821 and the "implicit MX" rule: Can you really get mail without an MX record?

Posted by Bharat Suneja at 12:53 AM
This question has been asked frequently enough, so it makes sense to clarify another SMTP myth that many IT folks hold dear:
No MX records = no email
Yes, mail can indeed be delivered to a domain even if it does not have MX records.

Let's take a look at what RFC 2821 says:
- Once the domain is identified SMTP must perform a DNS lookup and first attempt to locate an MX record.
- If no MX records are found but an A record is found, it is treated as if it was associated with an implicit MX record with a preference of 0 pointing to that host - also known as the "implicit MX" rule.
- Further, if MX records are indeed found but mail delivery to these fails, the "implicit MX" rule to use the A record should not be used and the situation reported as an error, unless one of the the MX records actually points to the host in the A Record.
- Finally, if more than one MX records are found with same preference values, an SMTP sender should rotate between these.

For instance, we try sending a message to foo@somedomain.com, and the domain does not have any MX records, as the following test shows:

Nslookup cannot resolve MX record:

C:\>nslookup -type=mx somedomain.com

somedomain.com
     primary name server = ns1.ispserver.net
     responsible mail addr = dns.ispserver.net
     serial = 2006040700
     refresh = 28800 (8 hours)
     retry = 7200 (2 hours)
     expire = 604800 (7 days)
     default TTL = 86400 (1 day)

However, there’s an A record (same name as the domain, designated as “@”, or the A record that you see as (same as parent folder) in Windows Server DNS management console) that resolves:

C:\>nslookup somedomain.com
Non-authoritative answer:
Name: somedomain.com
Address: 64.40.201.25

If the host that this A record points to accepts SMTP mail on the well-known (tcp) port 25, you can deliver mail to this domain without any MX records.

To create an A record for your domain using Windows Server's DNS management console, leave the (host) Name field blank when creating the new A record, and enter an IP address to map it to.

Nevertheless, not having MX records is not a good practice. Think about the implication it has on your DNS server— the sending host will first try to lookup MX records, and then lookup an A record for your domain. You're inviting extra load to your DNS server(s) by not having MX records.

MX records also allow you to route inbound mail to more than 1 hosts using the preference value to load-balance or failover.

Labels:

2 Comments:

January 11, 2007 4:43 AM
Anonymous Devin L. Ganger said...

I'll note that you can actually have multiple A records, so you can achieve a single tier of load balancing using implicit MX behavior. More and more these days, having multiple tiers of MX handlers is just inviting your lower-priority MX machines to get spammed, thus bypassing a lot of your message hygiene functionality.

I should also note that the extra load on the DNS servers may not be that much; they're going to return the results of the A record lookup anyway (unless the MX record points to a host in a zone not on your servers), so you're saving at most an incoming query packet.

But all that aside, yes -- I've always been an advocate of not relying on default behavior. If you want something to happen a particular way, say so. That way you don't change something down the road and get an unpleasant surprise because you failed to think of the consequences.

 
May 22, 2008 8:04 AM
Blogger liegerm said...

Is there a way of increasing the timeout used by Exchange 2003 when it looks up an MX record? I can tell from the event logs and by using nslookup that our Exchange server sends to the A record address of a couple of recipient domains because it doesn't get a fast enough response.

Any suggestions appreciated!

 

Post a Comment

Links to this post:

Create a Link

<< Home