User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
email:dns [2025/03/05 20:08] willyemail:dns [2025/03/13 13:28] (current) – [Email related DNS records] willy
Line 1: Line 1:
-====== Email related DNS records ======+====== A) Email related DNS records ======
  
 +The DNS (Domain Name Service) plays a critical role in email delivery. You need to create a set of DNS records to make sure that your email can be delivered and that email can be delivered to you as well.
  
 +The basic record to setup is the MX record, which tells the email servers //which server(s)// handle email for your domain.
 +
 +This page will make a general overview of all the needed records, more details are presented in each configuration section later on.
 +
 +Please __note__ that you will need **more** that the records defined in this page for a domain to operate properly: this is only for email.
 +
 +
 +===== Reverse DNS =====
 +
 +A reverse DNS setup is how you translate an IP to a DNS name. This is the //opposite// of DNS, where you translate a domain to an IP.
 +
 +This is important to be properly set, and is usually defined aside from your actual DNS management panel of your provider.
 +
 +If you cannot set it, some providers don't support it, it's ok. Better set it up, if possible. When set, it will help email deliverability.
 +
 +
 +===== MX record =====
 +
 +An **MX** record (mandatory) tells who manages emails for your domain. You can have more than one, to build a chain of backup servers, but that is outside the scope of this guide. I assume your MX record points to **mail.mydomain.com**.
 +
 +Please note that this implies as well the existence of an **A** record for //mail.mydomain.com//.
 +
 +Example:
 <code> <code>
-mydomain.com._domainkey.  "v=DKIM1; k=rsa; p=<mykey>" )  3600 TXT          +mail.mydomain.com.    x.y.w.z             1800 A 
 +webmail.mydomain.com. mail.mydomain.com.    1800 CNAME 
 +@               10 mail.mydomain.com. 3600 MX 
 +</code> 
 + 
 + 
 +===== SPF record ===== 
 + 
 +For SPF to work, you need to setup a proper TXT record like the following: 
 +<code> 
 +@ v=spf1 mx a -all 3600 TXT 
 +</code> 
 + 
 + 
 +===== DKIM record ===== 
 + 
 +The DKIM record contains the public part of your domain DKIM keys: 
 +<code> 
 +mydomain.com._domainkey. "v=DKIM1; k=rsa; p=<< mykey >>" 3600 TXT           
 +</code> 
 + 
 +In the above example //<< mykey >>// is a very long random characters string. 
 + 
 + 
 +===== DMARC record ===== 
 + 
 +The DMARC record is used to publish your domain DMARC strategy  
 +<code> 
 +_dmarc.mydomain.com. "v=DMARC1; p=reject; rua=mailto:postmaster@mydomain.com;" 3600 TXT
 _smtp_tls.mydomain.com. """v=TLSRPTv1; rua=mailto:postmaster@mydomain.com""" 3600 TXT _smtp_tls.mydomain.com. """v=TLSRPTv1; rua=mailto:postmaster@mydomain.com""" 3600 TXT
-webmail.mydomain.com. external.mydomain.com. 3600 CNAME +</code> 
-_imaps._tcp.mail.mydomain.com. 0 1 993 mail.mydomain.com. 3600 SRV + 
-_submissions._tcp.mail.mydomain.com. 0 1 465 mail.mydomain.com. 3600 SRV + 
-_imap._tcp.mail.mydomain.com. 0 1 143 mail.mydomain.com. 3600 SRV +===== Discoverability records ===== 
-_submission._tcp.mail.mydomain.com. 0 1 587 mail.mydomain.com. 3600 SRV + 
-mail.mydomain.com. 111.111.111.111 1800 A +The following set of SRV records facilitate mail clients to discover your IMAP and SMTP servers: 
-_dmarc.mydomain.com. """v=DMARC1; p=reject; rua=mailto:postmaster@mydomain.com; ruf=mailto:postmaster@mydomain.com""" 3600 TXT +<code> 
-mx1.mydomain.com. 111.111.111.111 1800 A +_imaps._tcp.mail.mydomain.com. 0 1 993 mail.mydomain.com. 3600 SRV 
-@ """v=spf1 mx ra=postmaster -all""" 3600 TXT +_submissions._tcp.mail.mydomain.com. 0 1 465 mail.mydomain.com. 3600 SRV 
-@ 10 mail.mydomain.com. 3600 MX +_imap._tcp.mail.mydomain.com. 0 1 143 mail.mydomain.com. 3600 SRV 
-@ 111.111.111.111 1800 A+_submission._tcp.mail.mydomain.com. 0 1 587 mail.mydomain.com. 3600 SRV
 </code> </code>