Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CNAME for Azure application causes email problems with MX and A records ignored

We have an application running on Microsoft Azure and have set up a CNAME record to cover the domain so we can have the nice URL of http://example.com (note I am replacing our real domain with example.com throughout this).

CNAME
mydomain.com -> mydomainapp.cloudapp.net

We have MX and A records setup correctly so MX contains mailserver.example.com and an A record that points mailserver to the correct IP address.

MX
mailserver.example.com

A
mailserver -> 198.168.111.111 (note this IP is fictitious)

All fine, for most email BUT for some mailservers (not sure what technology yet) they are now using the CNAME instead of the MX and A records.

So an email addressed to [email protected] is actually sent to [email protected] where example.cloudapp.net is the domain on Azure that we have mapped with the CNAME.

EMAIL TO: [email protected]
BECOMES: [email protected]

The only suggestions I can find simply say DO NOT have domain level CNAME or do not use CNAME at all, but of course Azure IP addresses can change so we have to use CNAME. We could prefix everything www.example.com but surely there must be a better solution.

Any ideas much appreciated.

like image 379
Jezbers Avatar asked Apr 08 '13 18:04

Jezbers


1 Answers

It is not possible to use a CNAME record on the domain-level, as CNAMEs is an alias for all RR types so it will always cause redirection for MX, SOA, NS, etc. lookups as well.

The following excerpt from RFC1912 section 2.4 says it very clearly:

A CNAME record is not allowed to coexist with any other data. In
other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you
can't also have an MX record for suzy.podunk.edu, or an A record, or
even a TXT record. Especially do not try to combine CNAMEs and NS
records like this!:

       podunk.xx.      IN      NS      ns1
                       IN      NS      ns2
                       IN      CNAME   mary
       mary            IN      A       1.2.3.4

This is often attempted by inexperienced administrators as an obvious way to allow your domain name to also be a host. However, DNS servers like BIND will see the CNAME and refuse to add any other resources for that name. Since no other records are allowed to coexist with a CNAME, the NS entries are ignored. Therefore all the hosts in the podunk.xx domain are ignored as well!

So you must not use a CNAME-record for mydomain.com!

So you must set an A-record for mydomain.com (among MX:s and other records as needed), because that is the only working solution DNS-wise.

like image 82
krisku Avatar answered Sep 30 '22 09:09

krisku