What a DNS MX Record Does and How to Fix MX Record Failures
Estimated reading time: 10 minutes
DNS (Domain Name System) records are the important parts of DNS that store the information about a domain and its resources. Every type of a DNS record has a distinct function. DNS records determine mail servers for the domain, map domain names to IP addresses and IPs to domain names, specify the authoritative name servers for the domain, aliases one domain name to another, hold arbitrary text data for various purposes, such as SPF, DKIM, and DMARC configuration, and other.
In this article, we examine a DNS MX record and its importance for email delivery, explain the common issues with an MX record configuration and provide troubleshooting tips.
What is an MX Record?
An MX (Mail Exchange) record is a type of DNS record used to specify the mail servers responsible for receiving email messages on behalf of a domain. These records direct email traffic, ensuring that messages sent to addresses within a domain are routed to the correct email server.
What is the Functionality of an MX Record on a DNS Server?
MX records are essential for successful sending and receiving of email messages. The receiver’s domain must have a published MX record to ensure the routing of inbound messages to the right mail servers. For the sender’s domain, even though it is not technically required to have an MX record in DNS, it’s highly recommended as many servers refuse emails from domains without an MX record for security reasons.
With that said, DNS MX records serve these purposes:
- Email delivery. MX records ensure successful email sending and delivery to the intended recipients;
- Flexibility. MX records allow receiving emails on a domain different from your main website, which increases flexibility and makes email handling be independent of your main website hosting;
- Reduced downtime. MX records allow the distribution of email traffic among several servers to balance load, reduce downtime, prevent outages and delivery delays, and guarantee effective mail flow;
- Increased credibility. Email authentication mechanisms such as SPF, DKIM, and DMARC are enhanced by properly configured MX records. By ensuring that your emails come from approved sources, these procedures increase credibility and trust. In order to fight spam and phishing and improve the chances of emails being delivered successfully, email servers regularly check these records.
How Do MX Records Work?
When someone sends you an email message, MX records work as follows:
- The sender’s email client forwards the message to the outgoing mail server.
- The sender’s message transfer agent (MTA) sends a query to DNS to determine an MX record on the receiver’s domain.
- The DNS server sends a response to the MTA providing available MX records and their priority values.
- The sender’s MTA connects to the mail exchange server denoted by the MX record via SMTP. If there are more than one MX record, the MTA begins with the one with the highest priority and continues with the list until an SMTP connection is established.
- The message is delivered to the destination mailbox.
What is MX Record Priority?
If you have one MX record in DNS, the MTA will use it to establish an SMTP connection with no alternatives. But if you have more than one MX record, the MTA has to determine which of the several MX records to use. This is where the MX record priority helps.
When adding an MX record in DNS, most DNS hosting companies require that you enter the Priority number for the MX record to allow the MTA’s to determine which mail exchange server for your domain to connect to. The Priority numbers are 0, 10, 20, 30, etc. The lower the number, the higher the Priority, i.e. 0 means the highest priority.
Some companies may call this field Preference and want you to choose between Low, Medium, and High.
If you have one MX record, you can set any Preference value or Priority number. But for multiple MX records, specify the Priority number wisely.
Example:
| mydomain.com | Record type | Priority | Value | TTL |
| @ | MX | 10 | host1.mydomain.com | 36000 |
| @ | MX | 20 | host2.mydomain.com | 36000 |
In this scenario, because 10 (higher priority) is less than 20, the MTA will always attempt to connect to the host1 first. If the connection fails, the MTA will fall back to the host2.
It is also possible to add MX records with the same priority – the message transfer agent will choose the server for the first delivery attempt randomly.
A recommended practice is to have multiple MX records, so you have backup incoming email servers configured in case the primary server is experiencing downtime. Additionally, it is recommended to set up different MX records for mail routing server (higher priority) and for domain validation.
How to Add a DNS MX Record
The majority of email service providers come with MX records already configured for end users. However, you will need to change MX records on your domain if you want to route inbound emails from your domain server to another server. Usually, the process of adding an MX record is as follows:
- Login to your domain hosting account.
- Navigate to the DNS management panel.
- Delete any existing MX records if necessary.
- Click to add a new record.
- Enter the following values. The email provider will supply these details.
Hostname: this is your domain name. A hostname simply indicates the domain emails will be sent to.
Type: MX
Value: the email server address (MX address of the provider).
Priority: the number or value that indicates which mail server will be used first if multiple MX records exist.
TTL: this is time to live. TTL specifies the time in seconds for how long Domain Name Servers will use the record before checking for update. Normally, it’s set to Auto – 3600.
How to Check a DNS MX Record
One of the easiest ways to check your domain’s MX records is by using online tools like MXToolbox, Google Workspace Toolbox, NsLookup, Zoho Toolkit, GlockApps MX Record Checker and others.
You enter your domain name to perform an MX record lookup, and the tool will display the current MX records associated with your domain.
Reviewing the results allows you to confirm that your mail servers are correctly configured and prioritized, ensuring reliable email delivery, and balance load.
How to Fix MX Record Failures
If an MX record checker returns issues with your domain’s MX record, it’s important to have them fixed as soon as possible in order your domain can be validated and can receive inbound messages successfully.
Below are the common issues that cause MX record failures and troubleshooting tips:
An MX Record Points to CNAME
A CNAME record is used to create an alias for a domain, referencing another domain name instead of the actual hostname. Typically, CNAME records point to an A record (for IPv4) or an AAAA record (for IPv6).
How to fix:
According to the RFC standards for MX records, pointing an MX record to a CNAME is strictly prohibited. Point your MX records directly to an A record or AAAA record.
MX Record is Missing Valid A or AAAA Record
An MX record includes the hostname of the mail server handling emails for the domain and a priority value. Inbound emails are routed to the IP address of the specified hostname, which is defined in the A or AAAA record in DNS.
An A record (address record) links a domain name to its corresponding IPv4 address, effectively “translating” the domain name into a machine-readable IP address. An AAAA record links a domain name to its corresponding IPv6 address.
How to fix:
When setting up MX records for your domain, you have to also publish valid A (AAAA) records for the mail servers defined by the MX records.
For instance, if an A record for mydomain.com is as follows:
| Host name | Record type | IP address | TTL |
| A | 111.222.333.444 | 36000 |
An MX record would be as follows:
| mydomain.com | Record type | Priority | Value | TTL |
| @ | MX | 10 | mail.mydomain.com | 36000 |
Mail Servers are Missing PTR Records
A DNS Pointer (PTR) record associates an IP address with a domain name, effectively performing the reverse function of an A record, which maps a domain name to an IP address.
PTR records are essential for reverse DNS lookups, where the query starts with an IP address and retrieves the corresponding domain name. Reverse DNS lookups are often used for verification in email delivery and network diagnostics. Some email anti-spam filters use reverse DNS to verify the domain names associated with email addresses by checking if their corresponding IP addresses are linked to legitimate email servers.
How to fix:
Publish PTR records for all of the mail servers defined by the MX records to ensure successful reverse DNS lookup checks.
Follow these steps to add a PTR record:
1. Identify the Mail Server’s IP Address.
Find the IP address of your mail server using a command-line tool:
$ host [mail.yourdomain.com]
2. Find Your IP Netblock.
A Netblock is the range of IP addresses that your addresses are in. These blocks are usually owned by your ISP (Internet Service Provider). Enter the IP address you got in step 1 into the MXToolbox ARIN lookup tool. The answer will show the IP Netblock that your address is in and the organization that owns your address.
3. Delegate Your IP Block to Your DNS Provider’s Name Servers.
Ask the provider identified in step 2 to delegate your IP block to your DNS provider’s name servers. Typically, an ISP will only delegate the reverse DNS if you have 256 IPs (a full class C) or more, but some providers can make an exception. If your provider doesn’t agree to delegate the reverse DNS to your DNS provider’s name servers, then you will have to set up your reverse DNS with that provider.
If your provider agrees to delegate your IP block to another provider, you need to give them the list of name servers you want to have your reverse zone delegated to. You will also need to ask them for the zone name for your block. This is a special zone (domain) that ends with “in-addr.arpa” for IPv4 and “ip6.arpa” for IPv6.
4. Create a PTR Record.
PTR records are published under IP Addresses in the DNS management console.
Enter the following values for a PTR record:
Name: the reverse zone name.
System: the hostname of the A record you are using to point to your mail server followed by a dot.
TTL: 3600, for example.
Save the record.
For example, the PTR record for the IP address 192.0.2.255 would be stored under “255.2.0.192.in-addr.arpa”:
| Name | Record type | System | TTL |
| 255.2.0.192.in-addr.arpa | PTR | mail.mydomain.com. | 36000 |
PTR Record Doesn’t Resolve IP Address Back to Domain Name
If the syntax of your zone is not correct, reverse DNS will not resolve. Your reverse zone must be set up in the same syntax as the delegation.
How to fix:
Double check your IP netblock for accuracy.
Confirm the correct syntax of your zone with your provider.
Ensure you use the correct second-level domain suffix. “in-addr.arpa” is a second-level domain suffix that’s added to all the addresses in IPv4; for IPv6, a PTR record’s address will end with “ip6.arpa”.
Ensure that the hostname used in the System field has a trailing dot. This must be added to keep the reverse DNS domain name from being appended to the end of your record.
Conclusion
It’s mandatory to routinely review, test, and update your domain’s MX records for maintaining a reliable email system. DNS MX records are necessary to guarantee effective and seamless email delivery and routing and ensure proper domain validation. You can distribute incoming email traffic by different servers, make server backups, and improve email server performance by properly establishing MX records.
Related Posts
Email authentication is becoming a big deal. Authentication allows the mailbox provider to confirm that the sender is the one Read more
Learn about SPF, SPF failures including SPF soft fail and SPF hard fail, how to avoid them, and how SPF Read more
A lot of the cyberattacks begin with a phishing email. This emphasizes how crucial email security is. Brands sending email Read more
An email authentication technique called DomainKeys Identified Mail (DKIM) helps safeguard email senders and recipients from spam, spoofing, and phishing. Read more