Let us say we own the zone mywebservice.com.
I would like each of my customers to get their own subdomain, such as customer.mywebservice.com.
customer.mywebservice.com needs to be a CNAME to a given server offsite. Since that site manages its own equipment and can change addresses at any point in time, the CNAME is a requirement.
People also need to be able to send email to [email protected], which would require a simple MX record.
However, and this is where I'd like some guidance:
According to RFC 1034:
If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different.
I have also verified that my DNS server will refuse to serve up anything but a CNAME for hosts that use them.
So, it seems that I may have a losing situation. If I want to use the MX record, I need to use an A instead of a CNAME.
Can anyone think of any workarounds? Thanks!
Unfortunately, what you're running into is a limitation of the DNS specification. Having an MX record for the same hostname as is defined as a CNAME record will fail in most DNS server implementations. Some older DNS servers will allow this, but they have been mostly phased out in favor of newer, more secure implementations.
Instead of using CNAME records, you will need to use 'A' records with the IP addresses of the customer sites directly instead of aliasing the names.
After a lot of work and research here, I have found an acceptable solution. First, it is important that we all follow the RFCs. I patched my DNS server to violate the RFC, and I discovered that several other major DNS servers would not respect the change.
The appropriate move is to put the MX on the host that the CNAME points to. So, if customer.mywebservice.com is a CNAME to the A record loadbalancer.mywebservice.com, it is proper to also build an MX record for loadbalancer.mywebservice.com. I have verified that this works with all major resolvers.
If a MX query is made for customer.mywebservice.com, the resolver library will follow the CNAME and get the proper MX for the final A record. Hurrah!
You have a requirement that the customers must be able to change the address, have you considered allowing the customer to dynamically update their own record? With dynamic dns you could use the A record, and the customer could change the record as needed. It would take a bit of work, but you could each individual sub-domain as a separate zone so you can make sure a customer can only touch their own zone.
I haven't tried it but gnudip appears to be an open source tool for facilitating dynamic updates without having to deal with authentication and setting up lots of zones on your DNS server.
If your MX records will be the same for all of these records, then you could attempt to use a DNAME to redirect XYZ.mywebservice.com to hosting.mywebservice.com. Under hosting.mywebservice.com add your relavent MX and A records.
I must say that I have never utilized DNAME records in production, but you can read more about them in RFC2672.
Does the RHS of the customer.mywebservice.com CNAME have an MX entry?
If so, then the mail server will use that MX to find the mail server to use. Hopefully you can control that.
Michael Gorsuch's answer is largely correct, the CNAME -> A+MX chain does work... mostly. However, it does trigger some bad behavior in certain MTAs. What I've found running this solution at a decent amount of scale:
It's not clear yet how pervasive these issues are (google/hotmail/yahoo/etc all seem to deal with this correctly), but they certainly have us looking about for better solutions.
A possible and valid solution would be to create a basic hostname for all your customers and set it to the
A
andAAAA
record of the the off-site webserver and yourMX
, then CNAME all your customers' domains to that single hostname. That way you will only have to change one record when the off-site's IP address changes.It is the only valid and possible way, as CNAME is an alias for a complete set of records, not just
A
.MX and CNAME are completely separate records - first one determines the mail server for given domain, second gives the address for a domain. This should work: