0

I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail.sub.domain.tld. (I also set up spf, dkim and dmarc TXT records for sub.domain.tld, dkim._domainkey.sub.domain.tld and _dmarc.sub.domain.tld respectively)

I have a couple of servers which I want to use with the domain. Could it be a problem for the acceptance of my email by other servers if the A record for sub.domain.tld points to a different ip as mail.sub.domain.tld?

What about if the same is true for domain.tld and foo.sub.domain.tld? I think at least the last one should be possible but I'm not super-confident in my understanding of DNS in general.

1 Answer 1

3

That should be fine. As long as the records relating to email match up in both directions, you can have other DNS records pointing to different IP addresses all you want.

For instance quite a common scenario would be to have inbound email delivered to mail.sub.domain.tld on one IP address, and a website hosted on a different server/IP address pointing to www.sub.domain.tld and sub.domain.tld.

Obviously if you're sending from the mail.sub.domain.tld IP(s), and also have the website sending emails (for instance contact forms), then you'd need to ensure that both of them are included in your SPF record, so receiving servers see both as valid email sources.

The same is true for domain.tld, as you'd have separate MX / A / SPF records for that domain level, so they wouldn't impact each other. For instance mail.sub.domain.tld and mail.domain.tld could have completely different setups and DNS records without negatively interacting with each other.

If a receiving server got an email from [email protected] it will specifically look in sub.domain.tld for an SPF record, not in the root domain.tld domain that could be configured with completely different details.

2
  • Thanks! I think I get it. What still feels a bit strange to me, is that all my email is coming from @sub.domain.tld while the actual mail server which connects with the recipient server might have a completely different ip compared to the result of a dns query for (the A record of) sub.domain.tld. But making that possible just seems to be the purpose of the MX record in the first place.
    – cssdev
    Commented Jul 9, 2023 at 14:43
  • 1
    Yep, the server receiving email, the one sending email, and the one users connect to access email can if needed be completely different servers with different IP addresses, but obviously for things like SPF records it's only the sending one that needs inclusion. You see that quite often where spam screening is in place, eg the MX points to the screening servers, not the mail server that eventually receives them and from where the emails are sent. Commented Jul 9, 2023 at 14:55

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .