Proper value for hostname, RDNS, SPF
This will be a combination web/mail/other server. Out of all the services, mail is the one I'm most concerned about, so I want to get this right.
My current settings:
flanders:~# cat /etc/hostname
flanders
flanders:~# cat /etc/hosts
127.0.0.1 flanders.grunkalunka.net flanders localhost
flanders:~# cat /etc/mailname
mail.grunkalunka.net
Relevant DNS info
@ MX 0 mail.grunkalunka.net.
@ A 69.93.XXX.YYY
* A 69.93.XXX.YYY
mail A 69.93.XXX.YYY
Given this info, my questions are:
Does it make sense to simplify the whole thing to change the MX record, /etc/mailname and RDNS to just "grunkalunka.net"? Is there any benefits or drawbacks to this? Any further changes I should do (like to /etc/host{name,s})?
If I cannot do that, do I have to change the value of /etc/host to "mail"? Likewise in /etc/hosts?
What should I set the RDNS to resolve to? grunkalunka.net, mail.grunkalunka.net, or flanders.grunkalunka.net?
I believe my SPF record should look like this:
v=spf1 a mx ~all
Does that look alright?
Many thanks in advance.
10 Replies
@GrunkaLunka:
Does it make sense to simplify the whole thing to change the MX record, /etc/mailname and RDNS to just "grunkalunka.net"? Is there any benefits or drawbacks to this?
Using a single hostname for everything has the advantage of being simpler, while separating different services to different hostnames makes it easier to move things around later. For example, maybe someday you want separate IPs for mail and www - if you have used separate A records from the beginning you can do this without updating any of your client configs.
> What should I set the RDNS to resolve to? grunkalunka.net, mail.grunkalunka.net, or flanders.grunkalunka.net?
I think in most email cases it doesn't really matter what the PTR record contains, just that you have one. I personally would set it to be the same as your MTA's HELO.
> I believe my SPF record should look like this:v=spf1 a mx ~all
If your A and MX records are the same address, then you don't really need to list them both, but it will still work. Also, you should consider adding additional SPF records for domains that don't send mail, as detailed. here
> separating different services to different hostnames makes it easier to move things around later
I agree. It's not difficult, and affords you flexibility in the future.
Like you, I have 1 linode serving Web and mail. Here are my DNS and hostname settings, and they work. (Even M$ hotmail accepts my mail):
$ hostname -f
catch-22.example.com
$ cat /etc/hosts
127.0.0.1 localhost
207.192.69.xxx catch-22.example.com catch-22
$ cat /var/qmail/control/me
catch-22.example.com
Relevant DNS info:
@ MX 10 smtp.example.com.
@ TXT "v=spf1 a mx ip4:207.192.69.xxx mx:smtp.example.com -all"
@ 3600 A 207.192.69.xxx
smtp A 207.192.69.xxx
catch-22 A 207.192.69.xxx
www A 207.192.69.xxx
> What should I set the RDNS to resolve to? grunkalunka.net
That's what I'd set it to.
flanders:~# cat /etc/hostname
flanders
flanders:~# cat /etc/hosts
127.0.0.1 localhost
69.93.XXX.YYY flanders.grunkalunka.net flanders
flanders:~# cat /etc/mailname
mail.grunkalunka.net
DNS
@ MX 0 mail.grunkalunka.net.
@ A 69.93.XXX.YYY
* A 69.93.XXX.YYY
mail A 69.93.XXX.YYY
flanders A 69.93.XXX.YYY
With a PTR record of "grunkalunka.net" and an SPF of "v=spf1 mx ~all".
Have I left anything out?
So for example, if my linode had a name of "flanders.example.org" the rDNS would also be set to that, as would the mailname and the MX record in the DNS.
I would then use a CNAME record to alias "mail" to "flanders" for use in IMAP/POP clients. When sending email through the SMTP server you should use flanders.example.org else you will get a mismatched SSL certificate warning (free SSL certificates are available from StartSSL
What you have is fine. It'll work. Microsoft's SenderID is rather picky about SPF records. You might want to cater to them if you intend to send mail to hotmail.com or msn.com recipients.
e.g. condiser below, which was generated using Microsoft's "SPF Wizard"
v=spf1 a mx ip4:207.192.69.xxx mx:smtp.example.com -all
Anyway, that's what I use and I can send mail to hotmail. 207.192.69.xxx resolves to example.com, and smtp.example.com is a simple A record, also pointing to 207.192.69.xxx.
I wouldn't use CNAME. It has a completely different purpose.
As i said earlier, i've no idea if it's (still) true but since no one will know what host email is sent to for your domain without actually looking it up, what does it matter if it's going to a less aesthetically pleasing flanders.example.org rather than smtp.example.org?
But, as you say, the OPs solution should work fine. The only thing i really disagree on is the choice of using just grunkalunka.net as the rDNS when he's named the machine flanders.grunkalunka.net. But maybe that's just me.
@Middling:
i have heard that some SMTP servers are picky and want the host listed in the MX record for a domain to have matching rDNS records for the IP.
Then such a host is broken. I've not seen this. It is perfectly legitimate to have multiple A records pointing to 1 IP address; of course there can only be one rDNS entry
mail.host.example IN A 1.2.3.4
my.host.example IN A 1.2.3.4
host.example IN MX 10 mail.host.example.
4.3.2.1.in-addr.arpa IN PTR my.host.example.
My own MX record is such an example.
What is required is that the IP address of your host maps to an A record that maps back to the same IP address.
eg 1.2.3.4 -> my.host.example -> 1.2.3.4
My final SPF is the one I mentioned before: "v=spf1 mx ~all"