Proper MX Records?

We've just pointed the DNS nameservers to our new linode and I want to get some feedback from the community regarding the right configuration of our MX records so that we do not have any downtime in our email. Right now I have (as per http://library.linode.com/email/google-mail):

> MX Records

Mail Server Preference Subdomain TTL Options

mail.landartgenerator.org 10 Default Edit | Remove

ASPMX.L.GOOGLE.COM 1 Default Edit | Remove

ALT1.ASPMX.L.GOOGLE.COM 5 Default Edit | Remove

ALT2.ASPMX.L.GOOGLE.COM 5 Default Edit | Remove

ASPMX2.GOOGLEMAIL.COM 10 Default Edit | Remove

ASPMX3.GOOGLEMAIL.COM 10 Default Edit | Remove

Do I need to delete the first entry (mail.landartgenerator.org)?

Also, our previous host recommends the following:

> MX 10 ASPMX.L.GOOGLE.COM.

MX 20 ALT1.ASPMX.L.GOOGLE.COM.

MX 20 ALT2.ASPMX.L.GOOGLE.COM.

MX 30 ASPMX2.GOOGLEMAIL.COM.

MX 30 ASPMX3.GOOGLEMAIL.COM.

MX 30 ASPMX4.GOOGLEMAIL.COM.

MX 30 ASPMX5.GOOGLEMAIL.COM.

calendar CNAME ghs.google.com.

docs CNAME ghs.google.com.

mail CNAME ghs.google.com.

Do I need to add ASPMX 4 and 5? What about the last three lines???

Looking around online, I see contradicting recommendations especially as it pertains to "preference." Some forums recommend preferences from 1-7 (top to bottom per the list above). And what do the 10s and 30s mean in the list above?

Thank for your kind help. I'm rather new to this and I would like to avoid the nightmare of our emails getting lost in the shuffle.

-Rob

6 Replies

Yes, remove that other MX record. In general you shouldn't mix MX records of different service providers (unless you really know what you are doing).

Regarding which records to include, I would recommend following what the documentation from the actual service provider says. In this case: http://support.google.com/a/bin/answer. … wer=174125">http://support.google.com/a/bin/answer.py?hl=en&answer=174125

To cover some of the other things you mentioned:

Regarding those CNAME records they have nothing to do with email delivery. However, you may want to use those or other names to access your Google Apps services. See the Google Apps documentation for details on that.

Regarding the priority in MX records those numbers are only relative to each other, the absolute values do not matter but whichever record has the lowest number has the highest priority.

Thank you.

Looking through the information at google (thank you for the link) there is mention of TTL and setting it to 300.

Right now the lower part of my DNS records page looks like below. Is there anything else I should change and do I need to worry about TTL?

> A/AAAA Records

Hostname IP Address TTL Options

50.116.11.90 Default Edit | Remove

mail 50.116.11.90 Default Edit | Remove

www 50.116.11.90 Default Edit | Remove

Add a new A record

CNAME Records

Hostname Aliases to TTL Options

Add a new CNAME record

TXT Records

Name Value TTL Options

Add a new TXT record

SRV Records

Service Domain Priority Weight Port Target TTL Options

Add a new SRV record

Thanks!

The TTL specifies how long the records are allowed to be cached by others. (Which will affect how quickly any changes you make to these records later on will take effect for everyone.)

> Looking through the information at google (thank you for the link) there is mention of TTL and setting it to 300.

A TTL 300 = 5 minutes, unless you're testing DNS settings (Once you get everything working right), I would bump it a little higher more like 3600 (1 Hour)

As Hawk7000 suggested remove the other MX record and those other CNAMES are not needed for sending mail.

Since you're messing with DNS you should also add this SPF record for google mail: "v=spf1 include:_spf.google.com ~all"

Here's the google instructions on that.

http://support.google.com/a/bin/answer. … wer=178723">http://support.google.com/a/bin/answer.py?hl=en&answer=178723

You can also add the new DMARC records (DNS Change as well)

http://support.google.com/a/bin/answer. … er=2466563">http://support.google.com/a/bin/answer.py?hl=en&answer=2466563

For you it will be something like: "v=DMARC1\; p=none\; rua=mailto:postmaster@your_domain.com"

It should be added under "_dmarc.yourdomain.com"

Use the "p=none" setting for now, until you know you have your SPF and DKIM set up right.

If you want to check and verify your SPF and DKIM, send an email to mailtest [AT] unlocktheinbox.com, it will auto-respond letting you know if it's correct. If it is, you can change the "p=none" to "p=quarantine" or "p=reject", you can read more about email autentication testing here: Email Authentication Testing

I don't think you need to worry about setting up DKIM, Google app mail does that for you, I think. But definitely confirm that through the authentication testing tools.

Maybe a little to much information, but I think that's everything in a nutshell.

@hawk7000:

The TTL specifies how long the records are allowed to be cached by others.
Of which a huge percentage of the DNS resolvers conveniently ignore and keep the data for whatever overriding time frame they've been set up with.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct