Help with DNS

[Phil_P]

Hi guys,

I'd really appreciate a little help with DNS.

I have purchased a domain name (from 123-reg) to aid in my learning process, but I have no hosting package (I'm a cheapskate!). The web side of things is simply handled by web forwarding to my free ISP provided web space which works fine for my needs.

My main interest is in setting up a mail server. I have my mail server set up at home and it's working fine, apart from the last part of the equation which is pointing the MX records to my home address so I can directly receive mail through my newly purchased domain name.

Lets say my domain name is example.com, and my home IP address is 555.555.555.555

From what I understand, I can't simply enter my home IP address as an MX record, it has to be a FQDN. Is that correct?

So, does that mean I have to purchase/register a subdomain (for example, mailhost.example.com) or can I just set that up in the A record for example.com and then point the MX record at it?

This is what my current A records look like:

@ A 666.666.666.666 (< imaginary IP of my host)
www A 666.666.666.666 (< imaginary IP of my host)

Could I just add:

mailhost A 555.555.555.555 (< my home IP address)

and then add an MX record pointing to it:

MX 10 mailhost.example.com.


I'd really appreciate any guidance from the experts

Thanks,

Phil

[peterb]

There is a sticky in this forum that deals with DNS stuff which might be of use (if you haven't already read it) This is tricky and afik (and I'm not an expert) you may have to set up your own DNS server to create the subdomain maihost.example.org - or you could just enter the IP address at 123's DNS server - as you do for www forwarding.

[Phil_P]

There is a sticky in this forum that deals with DNS stuff which might be of use (if you haven't already read it) This is tricky and afik (and I'm not an expert) you may have to set up your own DNS server to create the subdomain maihost.example.org - or you could just enter the IP address at 123's DNS server - as you do for www forwarding.

Hi Peter,

Yes, thanks, I read the sticky and it was very informative. It's kind of what led to my question, as previously I had assumed I'd need to further purchase a subdomain like mailhost.example.com but after reading the sticky I'm thinking maybe I can just create an A record for it and point the MX record at that (I don't believe you can enter an IP address for an MX record - it has to be a FQDN).

I just don't know enough about the technicalities of DNS to be sure!

[peterb]

Might be worth raising a query with 1-2-3 - I don;t think you purchase a sub-domain as such - as the domain structure is hierachical, but it does have to be entered in the nameserver.

[Phil_P]

Might be worth raising a query with 1-2-3 - I don;t think you purchase a sub-domain as such - as the domain structure is hierachical, but it does have to be entered in the nameserver.

Good idea, thanks Peter.

I may just go ahead and try it as after some more reading around, I'm reasonably sure that's the correct way to do it as per my first post. It's only a test domain I bought to learn on so it doesn't matter if I temporarily break the DNS.

[Splash]

Yep, just setup an A record for the ip of the mail relay, then create an MX pointing to that host.

[Phil_P]

Thanks Splash - yep, works great

I guess I didn't really appreciate just how easy it is to set up multiple subdomains and point them at different physical servers/IPs just by adding an A record. That's neat, and I've learned something new!

[peterb]

So have I!

[Jay]

DNS is a god sent until it goes wrong

Glad you sorted this one out though.

[ikonia]

keep in mind that if your IP address is a DSL/Cable or dhcp ip address you'll be blocked / blacklisted by pretty much every RBL service on the internet which means a lot of your mail to people will go into a black hole.

[chrestomanci]

keep in mind that if your IP address is a DSL/Cable or dhcp ip address you'll be blocked / blacklisted by pretty much every RBL service on the internet which means a lot of your mail to people will go into a black hole.

Only if he also mis-configures his mailserver so that it relays mail he receves. If he only accepts mail addressed to his domain(s) he should be fine (why would anyone else care?)

A more pertinent problem would be if his ISP decides to block port 25 incoming, preventing him from receiving email directly, and forcing him to route mail through their mailserver. I have heard of some ISPs that do that in an attempt to force their customers to buy domain names & hosting from them.

[ikonia]

Only if he also mis-configures his mailserver so that it relays mail he receves.

No, most RBL serivices block all DHCP, Cable and DSL IP blocks, regardless of how well the mail service is setup. As you rightly say though, this is for outgoing mail only.

[Phil_P]

No, most RBL serivices block all DHCP, Cable and DSL IP blocks, regardless of how well the mail service is setup. As you rightly say though, this is for outgoing mail only.

Yes, I appreciate your point. However, my understanding is that these services blacklist IP address ranges where it is specifically against the policy of the ISP for users to run home servers (see, for example, the spamhaus SBL policy). In my case, my ISP provides me with a static IP with the express intention of allowing my to run such services if I so choose, so any RBL services blocking my IP address are doing so without due cause or consideration to my terms of service with my ISP. I've also queried most of the major RBL lists and they don't contain my IP range so I don't see it as a problem.

To me, a far simpler solution would be for ISPs to simply port block if they don't wish their customers to be running such services as many do (Orange, for example, only allow mail to be sent through their own smtp servers).

[ikonia]

RBL is nothing to do with your ISP, and your right offer no consideration to you or what your doing.

So your wrong as a genral rule of thumb in that the key ones that most business and some ISP's use will block all DHCP, and Cable/DSL addresses, static or dynamic.

If you've queried fine, (I'm very surprised) but keep an eye on it

[Phil_P]

Here's Spamhaus Policy Block List (PBL) Policy:

The Spamhaus Project - PBL - The Policy Block List

The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.

PBL IP address ranges are added and maintained by each network participating in the PBL project, working in conjunction with the Spamhaus PBL team, to help apply their outbound email policies.

Additional IP address ranges are added and maintained by the Spamhaus PBL Team, particularly for networks which are not participating themselves (either because the ISP/block owner does not know about, is proving difficult to contact, or because of language difficulties), and where spam received from those ranges, rDNS and server patterns are consistent with end-user IP space which typically contain high concentrations of "botnet zombies", a major source of spam. Once aware of them, the ISP/block owner can take over such records at any time to manage them further.

The PBL lists both dynamic and static IPs, any IP which by policy (whether the block owner's or -interim in its absence- Spamhaus' policy) should not be sending email directly to the MX servers of third parties.

I read this as relating to the ISP's policy on it's customers sending mail, but equally there are passages that make it clear Spamhaus will add ranges at their own discretion). But again, I totally take your point ikonia and even agree to a large extent (although I find the sometimes overly restrictive practices of some ISPs to be extremely frustrating).

IMHO an RBL should contain only addresses KNOWN to be sending spam.

On a further note, I've been sending my own mail for a while now and haven't had any instances of mail being blocked, and that includes mail to accounts with most of the major ISPs. I'll keep an eye on it though for sure.

One thing that worries me more is that I don't have a correct rDNS entry for my mail server but it would appear that most mail servers don't seem to check or reject on this basis - my rDNS points to my ISP not my domain name.

[Phil_P]

Just to clarify from my above post, Spamhaus operate 3 lists:

SBL - spam block list containing addresses KNOWN to send spam
PBL - policy block list (above) containing addresses whereby the ISP has a policy that the customer shouldn't be sending email
XBL - exploit block list containing addresses known to be distributing exploits and other malware.