Untangling MX: Setting up DNS records for a web site with different mail server.

Feature image

Image by Ryan Alexander

I recently had to set up an MX record for a client and although I’ve set them up before, it suddenly made sense to me in a way that it hadn’t before. Perhaps my story will help someone else have a similar epiphany.

Basic name server set up.

My client had their site and their mail all handled by the same serving company. This meant their name server records were basic. There were 3 entries and that was it. All traffic to their domain used the same records. It could be web traffic or mail traffic. It didn’t matter. They were something like this. (I’m using ‘dummy’ URL names in this post, like mynameserver.com and my.domain.com. Don’t take those literally. Use your own info where appropriate.)

ns1.mynameserver.com
ns2.mynameserver.com
ns3.mynameserver.com

The problem.

My client came to me because their site was painfully slow. Their hosting plan was a shared hosting plan and their site traffic demanded had outgrown what the server was able to handle. Their site needed to be on a dedicate, robust server. I did some research and presented them with a recommendation, got their sign off, and moved the site successfully. (The site was an Expression Engine site. I moved it to Engine Hosting. That’s not really that important to what I’m going over here though.)

The tricky part of the move was that they were not ready to move their mail to a new server. It need to stay where it was. That meant going from an “easy” DNS set up, to a more complex set up. I had to split the MX (Mail Exchange) records off from the regular DNS records.

You might wonder why there was no MX record to begin with and how the email still managed to get to its destination in the old setup. Although I knew it worked, I never bothered to ask why. I found an article on MX records on Wikipedia that had the answer.

“If no MX records were present, the server falls back to A, that is to say, it makes a request for the A record of the same domain.”

If I only set up the DNS the easy way, an email message falling back to the A records would mean that message would be delivered to the new server where the web site was hosted, and not the old server where the mail was supposed to be handled. I needed to split the traffic by setting up an advanced DNS record.

Advanced DNS record setting.

The domain name was registered with Network Solutions. The ability to set the MX record separately from the other records in the Network Solution interface is called Advanced DNS Settings. Other registrars allow you to do this as well though.

The Advanced DNS Settings choice means Network Solutions will use their name servers, for example, NS43.WORLDNIC.COM. You need to manually set up the traffic behind that name server.

The A records

I don’t want to spoil the surprise ending of this post, but here’s a screenshot of where I needed to get to. It might help as I go through the nitty gritty.

Proper DNS set up for separate MX and A records.

I had to dig into the meat of the DNS records a bit more and set the A record (the main DNS record) and the MX record manually. For the A record I needed the actual IP of the server the site would eventually live on.

You can find this out the IP address of the A record with a ‘dig’ command from the Terminal on a Mac. (Windows folks, I’m not sure how to execute these commands on your platform. I’m sure there is a way though.)

Below is the command I would put into my Terminal. I’m executing a ‘dig’ asking for the ‘A’ record from my site’s name server, ns1.dreamhost.com, and specifying the domain I’m asking about, supergeekery.com. I also specify I just want the ‘short’ answer. Don’t overlook the ‘at’ symbol, the @, before the name server.

dig A @ns1.dreamhost.com supergeekery.com +short

The result of this command is my IP address for SuperGeekery.com. That’s what needs to go into the A record, in essence what the name server translates the word ‘supergeekery.com’ into for computers to locate the server with it’s request for information.

NOTE: I had already set up the new server to expect the traffic. Although I didn’t test this dig command before I set up the server, I wouldn’t expect the dig command to work until that is done. Want to know more about the ‘dig’ command? Check out this great article on dig. http://www.madboa.com/geek/dig/

I used that IP address for the ‘www’ record, the ‘@’ and the ‘*’. That let a URL staring with ‘www’ point to the right domain, a URL that didn’t start with anything (ie, no ‘www’ in front of the domain name), and a ‘*’, to let anything unspecified to go to the IP address, ie mysubdomain.mydomain.com.

One more A record

So the A records are set up. How do you set up the MX record? I incorrectly assumed I could use the IP address of the original server for this. The MX record needed to be a CNAME, a canonical name. A numeric IP won’t work here. So what CNAME should you place in the MX record field? It has be be created manually.

From everything I’ve read, there isn’t a rule to follow as what you choose for the name, but it does seem to be common to use ‘mail’ as the subdomain you’ll set up for this. This means you’ll be creating ‘mail.mydomain.com’ as an A record before you use it as your MX record.

First, create another A record, just like creating the ‘www’, ‘@’, and ‘*’ records. This time use ‘mail’ instead, which creates the A record for ‘mail.mydomain.com’. In the place where the numeric IP address is asked for, this time use the server’s IP address where the mail is processed. In my case, this was the IP address of the old server for mydomain.com.

Finally, the MX record gets made.

Don’t stop here though. The MX record isn’t created yet. If you’re in Network Solutions, you have a button called “Edit MX Records”. Other registrars will have something similar. The MX record needs to be the same as the A record that was just created that points to the IP address for the mail server. In this case, it’s ‘mail.mydomain.com’, so put that into your MX record. (Take a look at the screenshot from Network Solutions I’ve added to this blog post. Notice ‘mail.mydomain.com’ appears twice in that screenshot.)

Now email to the mydomain.com server will check the MX record and see the address mail.mydomain.com which is pointing to the correct IP for your server, which is different from the web host. Whew!

Got some thoughts? Share them with a comment below.

Comments on this post.

So, did the company have to change their email addresses to someone@mail.domain.com because of the CNAME?  I got a little lost on that part.  I did not know that MX records needed to be CNAME instead of IP address (which explains why no MX records show up for my company in MXToolBox).  But, I am hosting my web site in one place with one IP and my email on another site with another IP.  BOTH sites need to resolve as my company.org though. One would be for web, one for email.  Also, what does the ‘@’ record mean? I thought that meant @mydomain.org. Does it not?

Thanks for the great article and any help you can give.

By David on Apr 19 2011

Hi David,

No, the company’s email addresses stayed just as they were before the update, ie john@mydomain.com, for example.

So you have 2 IP addresses that to the naked eye need to look like mycompany.org. The path above is the path you should go down. I think the confusing thing is the @ symbol. My understanding is that is means “null” or “nothing”. It doesn’t have anything to do with mail. It’s set so mycompany.com (ie, without any subdomain) resolves to the correct location.

By John Morton on Apr 19 2011

John, Thank you! Thank you! NO WHERE is this explained (in English) on the Network Solutions site.  Once I followed your example and advice from your comment, I made the change and within seconds, MXToolBox showed my correct MX record! You are a life-saver!

By David on Apr 19 2011

Excellent! I felt the same way when I was digging around in there. I’m glad it worked for you.

By John Morton on Apr 19 2011

THANK YOU! THANK YOU! THANK YOU! Network Solutions should copy this post to their website. This was a life saver.

By Melanie Ray on Jun 30 2011

I got the old server (the one i’m leaving)and the new one. I can log to the interface of the old one and set the mx entry to point to the new server. My question is, should the new server have the same options to setup the configuration as the old one, that given to edit the mx entries? My concern is, how can i “move” the power to edit the mx from the old server to the new one? Let’s say the old server manager just undo the changes i have done before. I hope i explained myself, english is not my native language, nor email configuration is my field. please, if someone could answer, thanks in advance

By C. on Jan 30 2012

Hello C,

The serving of your site and the managing of your DNS records are separate tasks. Many serving companies combine them to make it easier for users. In the example above, I walked through setting up DNS on Network Solutions. They are not the new host OR the old host. They are only responsible for the registration of the name and the DNS.

In your situation, I think you’re saying your DNS is staying at the old company and just your files (the hosting) is moving to a new company.  That can work. 

In my experience, the registration and DNS of that name are at the same company. Hosting can be whereever you want it to be.

By John Morton on Jan 30 2012

The fog of DNS is starting to clear.  Thanks for sharing your epiphany!

By Rhonda on Apr 19 2012

John
If we ever meet, I owe you a beer.
After reading close to 20 articles that glazed my eyeballs that was the best “simple english” explanation I have ever read on splitting email and website hosting.
Subscribing to this blog.

By Beavis on Jun 10 2012

Thanks for the feedback, Beavis. I’m glad it was helpful.

By John Morton on Jun 10 2012

John - I’m with Beavis.  I read a few other articles that were struggling to make sense in my Friday afternoon haze. Your explanation clarified my thoughts and I was able to solve the issue myself.  With confirmation from the wonderful tech support at my host company I was able to resolve this same issue for a client of mine.  Thank you!

By Kelly Davidson on Jul 13 2012

THANK YOU SO MUCH. I did the exact same thing for a client, set them up on a dedicated server, but their email was using the old server, which caused some issues with the CMS I was using. I have been so confused! This is one of those things you don’t learn in school….

By Sarah on Aug 06 2012

Thank you so much! Looked around everywhere for a solution to this, wanted to use AWS to host an app, but still use the registrars mail server services! Solved the problem in ten minutes after reading this article, after spending hours before.

By Murph on Aug 17 2012

Great article. Thanks for taking the time to explain this and for doing it well!

By Bobby Breaux on Aug 19 2012

Hi, First of all, great article….. so to make things short…

The hosting IP address where your files will be uploaded will go to the A record and then the IP address where you house your email goes to the MX record.. is this correct?

Please let me know.

THANKS IN ADVANCE!

By Prince Vasquez on Oct 26 2012

Yes, Prince, that sounds correct. Glad you liked the article!

By John Morton on Oct 26 2012

Thank you John. You are a time saver!

By Prince on Oct 26 2012

Thank you Very Much for sharing this! I was looking for this and you explained it so clearly: God Bless you :)

By Elizabeth V on Nov 05 2012

Awesomeness!

By Josh on Nov 07 2012

Interesting, thanks.

Im curious, could you have eliminated the A record for mail.mydomain.com

and in the MX record just used: supergeekery.com.

The period would append the mydomain.com

By Adrian on Nov 08 2012

Hi Adrain,

I don’t think that would work. I was trying to get my mail to point mail traffic to a different server and that’s why I created the mail.mydomain.com pointing to the other IP address.

If I didn’t make the mail.mydomain.com and then just pointed the MX record at “mydomain.com.” I wouldn’t be getting my email from that other server that I needed to.

-John

By John Morton on Nov 08 2012

I used your instructions to modify the dns records on my domain that is registered through melbourne it. I must have translated something wrong between the network solutions way and the melbourne it way. The website seems to be propagating correctly. And I can send email. But when I receive email the sender gets this error. What am I doing wrong?

Delivery to the following recipient failed permanently:

    email@dorales.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain dorales.com by dorales.com. [66.96.147.102].

The error that the other server returned was:
550 bosauthsmtp03: Host 209.85.210.171: No unauthenticated relaying permitted

 

By Sarah Kelly on Mar 25 2013

Hi,

First of all John, thanks for the informative article.

I would appreciate, if you can help me with my problem. PLEASE NOTE THAT I WILL BE USING DUMMY INFORMATION.

I have a domain i.e. www.mydomain.com which was hosted on my private nameserver i.e. ns1.mynameserver.com & ns2.mynameserver.com. Now I have to forward the visitors directly to another domain which is hosted on another server. So I setup the forwarding and updated the nameservers aswell so that forwarding can work.

I cannot use the new nameserver for e-mail and want to keep the old one. www.mydomain.com is registered through godaddy. So I did the following:
1. Created an addtional A record with Host: “mailonoldserver” and IP Address: “101.101.101.101” (the ip address of my private nameserver).
2. Created an MX record with Priority: “0”, Host: “@”, Points To: “mailonoldserver.mydomain.com & TTL: “1 Hour”.

But my e-mail is still not working. Please help.

Regards,

By Billy on Dec 26 2013

Billy,

Sorry I missed your comment in December. It fell through the cracks while I was traveling. Did you get your issues figured out?

-John

By John Morton on Jan 15 2014

Just stumbled across this, and as everyone else has said, thank you for a very simple yet thorough rundown of how to separate A and MX entries. This actually helped me understand more about how DNS works to send web or mail or whatever the proper direction. (also mxtoolbox.com is awesomely helpful)

My question is about time. I’m noticing everywhere, as well as a warning from NetSolutions, that there will be a disconnect from 24 to 72 hours for any DNS changes, specifically when setting up Advanced DNS. They claim that any changes afterwards should only take 2 hours or so. I know in an internet world all these times vary completely. The first time I ever registered a .com they claimed it would take days to propagate, and it took minutes.

So I am planning on doing the exact thing you did, move the website to a new host, but keep the mail on the old one because it’s a huge task to update everyone’s computers/laptops/phones/ipads/etc, and they are not ready. These people really rely on email for business. Would you suggest waiting till a slow-work period before making these changes, like a weekend? Will all email be lost in the big internet black hole forever during a ‘blackout’ period while the DNS is updated, or will people get their email returned undeliverable? Would you advise a client to tell everyone email won’t be working for a day (which I think sounds wrong, but I’m asking anyway)? Or should we just take off the floaties and jump in?

-Mike

By Mike on May 13 2014

Hi Mike,

I’m happy to hear this was helpful!

Regarding a DNS update, I try putting off the DNS changes until late on Fridays. In my experience the 24-48 hour rule does apply to these things and I’d try to do that in your case, just to give yourself a little breathing room.

What I think will happen in your case though is that the email should have no disruption at all since if a piece of email working its way towards your domain’s residents will either encounter the *old* DNS, which routes everything (mail + web traffic) to the old server or the *new* DNS info, which routes mail to the old sever and web traffic to the new server. Which ever DNS email finds along the way, it’s all pointing to the same location so you should be golden in either case.

During the 24-48 hour period the DNS will propagate some people’s web traffic requests will go to the old server and some to the new server. By the end of the 48 hours though, I bet everyone will have the updated DNS.

By John Morton on May 13 2014

Thanks for the zippy reply. So by that logic, this would be a great way to move any website… as long as both servers have the same site running, all email and web traffic would see the right website, or go to the right location, and after propagation, update the mail server when ready. And in that case, would it be wise to just keep the custom MX entry and change it to the new host mailserver (resulting in a speedier update?), or reset back to a basic ‘ns1.whateveryourhostis.com’? Or would that again take 24-48 hours to reset?

Thanks again, Mike.

By Mike on May 13 2014

That’s the method I use to move sites between servers. I have both set up and running then switch the DNS and over the course of a couple days, I can be sure DNS is pointing everyone to the new host and only then do I shut down the old server.

If you’re switching the MX server entry, that I would definitely do on a Friday at the end of the day. Some email will be delivered to the old server while that propagates. You could leave it as a separate MX record. It would make future updates to that easier probably.

By John Morton on May 13 2014

Thanks again, just last question, since I just happen to be using NetSol as well, why do you need to add the A entry pointing mail.domain.com to the mail server IP? One difference I have is that my current mail server has a different name, mail.otherdomain.com, and I only found the IP using mxtoolbox. Is it still important to use the A mail.domain.com entry to point to the old server IP as-well-as changing the MX entry to mail.otherdomain.com? Will their mailserver understand forwards to an IP, or does the MX entry take care of that in the first place?

-Mike

By Mike on May 13 2014

Hi John
You’ve just proved that “Geekery” doesn’t have to be a foreign language.:-)
Your “Super Elegent” explanation of a complex operation has helped me a great deal.

I have a client with similar requirements but getting access to their current setup has proved difficult due to lack of co-operation from their current hosting company.

Since their mail is hosted on a seperate server I intend to leave things that way until I can at least educate them a little on how to do more than “switch on their PC”

Working remotely with clients has it’s drawbacks at times but I consider it part of my role to help them through it.

Great work, I’m looking forward to finding some more gems from you ;-)

All the best
Ian McLaren

By Ian McLaren on Jan 27 2015

Ian, thank you for the comment. That’s great to hear.

By John Morton on Jan 27 2015

Awesome post! I had this exact situation with a client and your article was super helpful in confirming we were doing the right set up. It’s nice to see quality articles and clear explanations like this!

By Jayson Peltzer on May 05 2015

OUTSTANDING…
A question regarding Webmail (Google Business App gmail) and “keeping my 125 users web interface and function” and also using a ‘service’ for email hipaa encryption - that service wants “all” my MX records to point to their servers and I believe that will stop my Web Mail thru Google Business Apps… can I use both in my godaddy records setup? As you did with a Cname and ‘still’ keep functionality for my users and their ‘love’ (ahem!) for Google Web Mail?
Great article, thanks again.
Roger

By Roger on May 22 2015

Hi Roger,

For my business, I use the web interface for my Google App mail. My situation is different that you describe. My MX records point to Google’s server directly, like “aspmx.l.google.com.”, etc.

The closest situation I’ve encountered to what you’re describing is when I used an external SPAM filtering service with Google Mail. I used Mailroute (http://mailroute.net/) for a while. In that situation, ALL of my MX records pointed to Mailroute and then after they had filtered my email for spam and viruses, they sent it along to Google where it would show up in my web interface for my mail.

I *think* your HIPAA compliant encryption stuff may be similar. If so you’re still looking at routing mail around using MX records. I found a Google support article you might want to check out on the topic here:

https://support.google.com/a/answer/2685650

Any help?

By John Morton on May 22 2015

Hi John,

Thanks for that clear explanation. In addition to it, I would add the following for beginners

In the section: Advanced DNS record setting, I should precise that the basic dns entries:

ns1.mynameserver.com
ns2.mynameserver.com
ns3.mynameserver.com

should first be changed to the nameservers of the the domain registrar: Network Solutions before filling the A records and MX records in the advanced DNS record. Otherwise, the DNS records will be overlaped by the nameservers:

ns1.mynameserver.com
ns2.mynameserver.com
ns3.mynameserver.com

and no changes will be taken into consideration.

Am i correct John?

By Vincent Duval on Jun 16 2015

Hi Vincent,

Thanks for the comment! I may not completely understand your question, but I think I get where you’re going. What nameservers you use for a domain can be separate from your hosting of your site. Here are some examples I use personally.

I have a number of domains I have registered with Dreamhost. I can use their nameserver or choose to use a different nameserver. When I use the Dreamhost nameservers, I set up my MX records, A records and CNAMEs at Dreamhost.

If I don’t want to use the nameservers at Dreamhost though, I can change the nameservers to a different service. For example, I have a domain that I registered at Dreamhost and I have changed the nameservers to point to Digital Ocean for all nameserver requests. That means I will need to change all the A records, CNAMEs and MX records at Digital Ocean.

In the example I talked about in this post, the domain was registered at Network Solutions. Network Solutions only provided the nameserver, nothing more. Hosting of the site was at one location and email services were handles at another.

So, to get back to your question, I think you’re just encouraging people to understand that the nameserver trumps all other changes. If you’re nameserver info is not pointing to the right place, the other pieces of this puzzle won’t work out either.

Sound right?

-John

By John Morton on Jun 16 2015

I believe that your statements about pointing the MX to a CNAME are technically incorrect. The cited Wikipedia article states “The host name must map directly to one or more address record (A, or AAAA) in the DNS, and must not point to any CNAME records.” The A record gives the IP of a server; the CNAME creates an alias to it. MX should point to the server through the A record.

From DNS in action from Packt Publishing: “Synonyms to domain names can be created using CNAME records. This is often referred to as ‘creating aliases for computer names’.”

This does not mean that the above method will not work, or that the article did not present this topic in the most understandable way of the several I browsed. There was just a technical misstatement. Good work overall!

By David on Oct 11 2015

Hi David,

Thanks for the feedback. So, I think I’m doing it correctly, but talking about what I’m doing a bit wrong. The ‘mail.mydomain.com’ isn’t a CNAME, it’s an A record. That means the MX record is actually doing what your research says to do, ie. “point to the server through the A record”. Does that sound right?

-John

By John Morton on Oct 12 2015

I enjoyed this information greatly.
I do have still a question. Now that I have a separate mail and web servers, how do I connect RoundCube to the mail server from the web server?
I did not dig Google about this yet. Just wondering if you knew already.
Thanks

By Marc on Dec 17 2015

Hi
I think this is on the same thread as the above.
As way of history, our main site is set up on a shared server, but we moved the actual site to a dedicated server. All ok so far - the e mails remain on the shared server, the website on a dedicated server.
We then want to add new websites to the dedicated server, but just cannot get their e mails to work.
I am using outlook on my pc and all domain setup is on the dedicated server.
Are the 2 servers complicating the issue?
How easy would it be to change everything to the dedicated server?
I have set my web designer on it, but he is beaten,
Do you have any clues?
Thanks

By Gordon on Oct 05 2016

Hi Gordon,

I don’t think having having 2 sites on your shared server should be any special issue here. Setting up this email stuff is always a bit confusing to me too.

By John Morton on Oct 05 2016

If it confuses you, it is a mystery to me!
Should all the DNS records be set to our dedicated server, and which nameservers should we use?
Does having a dedicated sever mean we have our own nameservers?
Thanks

By gm@croftonline.co.uk on Oct 05 2016

What your nameserver are depends on who is the actual provider of those servers. I use Digital Ocean a lot so that would me use their nameservers. Check out their tutorial page on the topic here: https://www.digitalocean.com/community/tutorials/how-to-point-to-digitalocean-nameservers-from-common-domain-registrars

If you are using some other provider, they’d have their own name servers to point to and the documentation they provide would tell you what the actual name server would be for there set up.

Regarding your question whether “all the DNS records be set to our dedicated server,” yes, for the web traffic, but you might have (actually, most likely have since you’re asking the question) different information for your MX records. Maybe they point to a different server (i.e. your own other server somewhere) or maybe something like Fastmail or Google Mail’s servers.

By John Morton on Oct 05 2016

Thanks so much John. Very helpful.

By gordon on Oct 06 2016

nice article John - got me out of a bind for sure.  Thanks legend

By Luke on Oct 07 2016

Hi John

First of all thanks for this excellent write up. I can sense that you’ll be able to help me with my problem.

My problem is just in reverse. I want to keep my mails going to the emails under my domain name (using google), whereas for my website I have been provided custom name servers.

The problem is on my domain settings portal (using enom), it says that to enable email settings (using the same domain) I have to use the DEFAULT DNS settings - and since I cant do that I am unable to send / recieve emails.

Your help will be much appreciated.
Regards
Prashant

By Prashant on Dec 22 2016

Hi Prashant,

Check out https://support.google.com/a/answer/6149224?hl=en. I think Google’s got eNom specific instructions that will get address that exactly. Good luck.

-John

By John Morton on Dec 22 2016

Leave Your Comment:

name:

email:

location:

url:

your comment:

Remember my personal information

Notify me of follow-up comments?