Beware Using CNAME and MX at the Same Time

Here's a cautionary tale about DNS configuration. A chap who shall remain nameless recently reconfigured his domain, in a way that caused some of his incoming email to go missing.

He controlled the domain, which was set up something like this: A A A MX

If you already understand how DNS records work, this is pretty straightforward stuff (albeit a simplified example). To explain:

  • There's a Web server at (that's the first two A records).
  • The Web server is accessible with or without the www (that's why there's two A records for the same IP address).
  • There's an email server at (that's the third A record).
  • The domain advertises that email should be sent to the email server (that's what the MX record does).

Our friend looked at this and thought, "That's messy. Why are we specifying the IP address of the Web server in two places? Wouldn't it be simpler to use an alias?" So, he changed the first DNS record so that is an alias of Now it reads: CNAME A A MX

(A CNAME record basically denotes an alias -- it stands for canonical name.)

All seemed well. Web browsers connected to the right place and a test email message worked fine. However, he soon discovered that some email wasn't reaching him any more.

To cut a long story short, it turns out that some mail servers ignore the MX records if there's a CNAME. Instead, they simply follow the CNAME pointer and try to deliver the email there. In other words, they were trying to deliver email to his Web server!

This cautionary tale is a classic example of why you shouldn't mix CNAME and MX records.

... Richi Jennings, with thanks to Cloudmark's Dave Kelly and Oracle's John Haxby

Post a comment

You must be logged in to post a comment. To comment, first join our community.