I'm trying to configure DNS for handling mail across multiple subdomains, where each subdomain has its own mail server. My goal is to route mail for user@%subdomain%.example.com to the server hosted under %subdomain%.example.com.
Example of desired configuration:
- Mail for [email protected] should be handled by abcde.example.com server
- Mail for [email protected] should be handled by xyz.example.com server
And so on for all possible subdomains. There are many subdomains, so manually adding an MX record for each one is not an option.
What might work
_smtp._tcp.*.example.com. IN SRV 0 0 25 %.example.com.
This configuration looks logical, but I'm not sure how well it's supported by mail servers. I don't know if something similar is possible for IMAP and POP3.
My questions
- What DNS records need to be created to implement such a routing?
- Is it possible to set up a wildcard MX record that will automatically route mail to the corresponding subdomain?
- If a wildcard MX record is not possible, how can the process of creating MX records for new subdomains be automated (preferably in a way that doesn't take much time, perhaps using dynamic DNS)?
What doesn't work
- Wildcard routing of all subdomains to a single domain, like
IN MX 10 central-mail.example.com.
. Such a configuration is only acceptable if the email can then be routed to the correct server without needing to decrypt the packet content (like SNI in TLS/SSL).
I would appreciate a detailed explanation of the necessary DNS records and any additional recommendations.
You don't need any configuration.
If no MX records exists, it will be delivered to the hostname, e.g.
[email protected]
will be delivered toxyz.example.com
. This is stated in RFC 5321, section 5.1:None. If Vidarlo's answer (i.e. this already being the default behavior when no records exist) doesn't meet your needs due to overly strict spam filtering, then the other answer is "you cannot do this kind of wildcard with DNS alone".
_smtp
is not supported by any mail provider (and if I recall correctly, forbidden by specification) because MX records already exist and work the same way. Mail clients would be looking for the_submission[s]
service.Aside from that, this is generally not a valid way to use wildcards – they can only be used as the leftmost component – and neither DNS in general nor SRV records specifically have any provision for
%
or other substitution.Certain DNS servers can have server-side logic to do fancier things (e.g. some have Lua scripts) but standard DNS configuration can't do this.
Depends entirely on your DNS hosting platform. Some have HTTP-based APIs, others don't. ("Dynamic DNS" is not a magic feature; it's just another API.) A standalone server may use text zonefiles that can be generated, or may support RFC2136 dynamic updates, or may let you insert records into SQL database. Active Directory supports three different APIs (RFC2136, MS-RPC, LDAP).