Tuesday, April 19, 2016

g suite - Mail bouncing when using a CNAME for domain root and load balancing



We recently moved to EC2 and started using amazon's elb for load balancing. We're using CloudFlare for DNS which allows us to use a cname the domain root. However, we occasionally have people tell us that our emails are bouncing with some variation of the following error:




first.last@ourdomain.com... Deferred: Connection refused by our-production-loadbalancer.elb.amazonaws.com.



We are using google apps for mail and our MX records are configured properly, so I'm not sure at what point the mail clients or servers are attempting to resolve our domain and receiving the cname record instead.



Does anyone understand why the MX records would be ignored? Is this a result of using a CNAME? I would imagine that the same thing could/would happen if we pointed an A record at an IP address that was also not accepting mail.


Answer



If you have a domain example.invalid:



; example.invalid
$TTL    604800

@       IN      SOA     ns1.example.invalid. root.example.invalid. (
                     2006020201 ; Serial
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800); Negative Cache TTL
;
@       IN      NS      ns1
        IN      MX      10 mail
        IN      CNAME   anotherdomain.invalid



You are saying:




Hey, you can find example.invalid under whatever address anotherdomain.invalid can be found. And btw, any MX records SRV records or other stuff for example.invalid is also whatever anotherdomain.invalid tells you. That means Mail sent to example.invalid will use the MX record of anotherdomain.invalid




References:





-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...