DNS Basics for Websites and Email Servers

DNS-signpost.jpg

This article aims to explain what various DNS records are and how to use them. It is aimed at people hosting websites and email servers on a home server such as a raspberry pi.

How DNS Works

DNS stands for Domain Name System. In a nutshell, it's the system that we use to translate human readable domain names (e.g. samhobbs.co.uk) into the Internet Protocol (IP) addresses for those services (e.g. 195.166.151.235).

The DNS system has a strict hierarchy, and lookups are performed recursively using a client/server model. This means that when your computer asks for the IP address for "subdomain.example.com", the DNS resolver you are using starts at the top and works backwards to find the address. The servers at the top of the pyramid (root name servers) direct clients to the name servers reponsibe for Top Level Domains (TLD, e.g. .com), and that server in turn is able to tell the client which name server is authoritative for the second level domain (e.g. example.com), and so on. Usually for small sites, the DNS records for your domain are managed by your Domain Name Registrar.

The DNS resolver doesn't have to perform all these lookups every time, because each record has a Time To Live (TTL) in seconds, which tells the client how long they can cache the information for until it should be refreshed. That's Time To Live (live free), not Live (live electrical circuit), which is how I first read it!

There are loads of different types of DNS record, so I've picked the most important ones you might need or want to use. These are:

  1. DNS A - used to map a host name to an IP address
  2. Mail Exchanger (MX) - used to tell clients which hostnames are used for email services
  3. Sender Policy Framework (SPF) - used to define which servers are allowed to send email from your domain name
  4. Pointer (PTR) - the opposite of DNS A, this record maps an IP address to the hostname

For a website, you only need a DNS A record. For an email server, you need at least a DNS A record and an MX record; PTR and SPF records will help you get your email through spam filters.

I'll be illustrating how to set up the different types of record using Namecheap, my Domain Name Registrar, as an example. If you haven't registered a domain name yet, I'd recommend Namecheap -avoid GoDaddy if you can, since they have some pretty horrible pricing practices and consistently back the wrong side when it comes to internet censorship acts like SOPA and PIPA.

DNS A

This record is the most basic type. It maps a domain name to an IP address.

Most home internet connections have IP addresses that are dynamically allocated from a pool controlled by your Internet Service Provider (ISP). This means that your Wide Area Network (WAN) IP address can change periodically, or when you power cycle your router. To get around this you can use dynamic dns to update your DNS records when your IP address changes. If you can get one, you should use a static IP address because it cuts out this additional layer of complexity.

A DNS A record is really simple. This is what it looks like in the Namecheap control panel:

DNS-A.png

The image above actually shows two separate records, one for my root domain name (that's the @, which you can read as "no subdomain"), and another for my domain name preceded by www..

The IP address is my static WAN IP, and I chose a high value for the TTL of 60000 seconds (over 16.5 hours) because it never changes, so it's helpful to allow DNS resolvers to cache the data for as long as possible. If you have a dynamic IP address you should choose a much lower value like 1800s.

If you want to do a DNS lookup yourself from the terminal, you can install a utility called dig:

sudo apt-get update
sudo apt-get install dnsutils

DNS A records can be looked up using this command:

dig samhobbs.co.uk

You should get output like this:

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> samhobbs.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48863
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samhobbs.co.uk.                        IN      A

;; ANSWER SECTION:
samhobbs.co.uk.         45464   IN      A       195.166.151.235

;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Feb 01 14:39:41 GMT 2015
;; MSG SIZE  rcvd: 59

You can see in the answer section the IP address and the remaining number of seconds the information is valid for, as determined by the TTL. If you do a second lookup, you should see this number decrease.

Mail Exchanger (MX)

The MX record specifies the hostnames that are available to receive email for your domain. Since a domain can have more than one SMTP server, this is a prioritised list, where each domain name is given a number. The lower the number is, the higher the priority.

The image below shows my MX settings:
MX.png

These settings are probably more complicated than yours will be - a basic MX record will have just one entry pointing to the hostname of your email server (ususally yourdomain.com or mail.yourdomain.com). You can see from the settings that I have two servers that can receive mail for my domain: samhobbs.co.uk and backup.samhobbs.co.uk (which is a different physical server in a different location, with a separate internet connection).

When a client wants to know where to send an email addressed to foo@samhobbs.co.uk, they look up the MX record, which tells them to try samhobbs.co.uk first and backup.samhobbs.co.uk if that fails (backup has a higher number = lower priority). They then look up the DNS A record for the hostname to get the IP address, and then make a connection and perform the transaction.

My backup server is actually an MX backup - if my main server is unavailable, it accepts email from other servers addressed to my domain and forwards it on to the primary server when it is back online. In addition to performing MX backup services for my main server, the backup server accepts email sent to it directly (foo@backup.samhobbs.co.uk) which is what the third record is for.

To look up MX records, use this command:

dig samhobbs.co.uk MX

The output should look like this:

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> samhobbs.co.uk MX                                  
;; global options: +cmd                                                                      
;; Got answer:                                                                               
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35900                                    
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1                         
                                                                                             
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samhobbs.co.uk.                        IN      MX

;; ANSWER SECTION:
samhobbs.co.uk.         60000   IN      MX      10 samhobbs.co.uk.
samhobbs.co.uk.         1800    IN      MX      20 backup.samhobbs.co.uk.

;; Query time: 208 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Feb 01 15:16:01 GMT 2015
;; MSG SIZE  rcvd: 82

The MX record for backup.samhobbs.co.uk is separate (dig backup.samhobbs.co.uk):

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> backup.samhobbs.co.uk MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33203
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;backup.samhobbs.co.uk.         IN      MX

;; ANSWER SECTION:
backup.samhobbs.co.uk.  1800    IN      MX      10 backup.samhobbs.co.uk.

;; Query time: 218 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Feb 01 15:33:26 GMT 2015
;; MSG SIZE  rcvd: 66

Sender Policy Framework (SPF)

The SPF record is used to tell other servers which IP addresses and hostnames are allowed to send email from your domain name. Some services such as gmail look for either a PTR record or an SPF record and flag email as spam if neither of these is found, so it's quite important to define one for your domain.

The record itself is defined as a TXT record:

SPF-record.png

The important part of the record is:

v=spf1 mx a ~all

The first part v=spf1 says that this record is SPF version 1. The middle of the record mx a says that servers should accept email from servers with a matching MX record or DNS record. The end part ~all defines what to do with sources that haven't matched one of the earlier statements, the tilde (~) means soft fail. This lets the recipient server decide what to do with the message, normally this means it will be accepted but flagged as spam. A minus (-) means the recipient server should reject the message, but most services don't implement this so it's a bit pointless.

Note that earlier versions allowed you to specify "PTR" as a match in the middle part, but this is default behaviour now and the option is depreciated.

If you want to do a DNS lookup for a SPF record, you can use this command:

dig samhobbs.co.uk txt

The output should look like this:

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> samhobbs.co.uk txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61893
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samhobbs.co.uk.                        IN      TXT

;; ANSWER SECTION:
samhobbs.co.uk.         1800    IN      TXT     "v=spf1 mx a ~all"

;; Query time: 170 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Feb 01 15:49:41 GMT 2015
;; MSG SIZE  rcvd: 153

Pointer (PTR)

A pointer record is the opposite of a DNS A record: it maps an IP address to a hostname. If you can set one of these, it pretty much guarantees that you won't have any problems with your email being marked as spam.

Unlike the other DNS records, you can't change this record with your DNS provider. For this one, you're at the mercy of your ISP, and since it changes the information associated with an IP address you will only be able to do this if you have a static IP address.

Many ISPs won't let you change your PTR record. Luckily, my ISP (Plusnet) is one of the good ones, and they changed it to samhobbs.co.uk without a charge :)

To look up a PTR record you can use this command along with the IP address you got from the DNS A lookup:

dig -x 195.166.151.235

The output should look something like this:

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> -x 195.166.151.235
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44108
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;235.151.166.195.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:
235.151.166.195.in-addr.arpa. 43200 IN  PTR     samhobbs.co.uk.

;; Query time: 37 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Feb 01 16:07:32 GMT 2015
;; MSG SIZE  rcvd: 85

That's it! Those four records are everything you should need to get your website and email server running properly.

If you have any problems, let me know!

Type: 

Comments

yeah, my PTR is with Sky Broadband (bb.sky.com) and I get the feeling sky wont allow any change toit. Anyone here have any success with Sky?

I see that you are with plusnet... can I ask how you went about getting it changed?

I asked about changing the PTR on the PlusNet forums and was told it was possible and that all I had to do is send a message to tech support. Sure enough, I sent a message and they changed it within 24h!

The technical support at PN is great, they're very friendly towards people hosting at home - a static IP was just a one-off £5 admin fee, no monthly charge like a lot of the American ISPs.

Hopefully Sky will let you, all you can do is ask.

Sam

cheers for all the info... do you have a business/commercial account with plusnet? or is it just a standard home user account you have? BB or Fibre? sorry for the questions, but I've looked into Plusnet before, but this may finally cause me to jump ship.

It's a normal/home package, unlimited fiber. Would definitely recommend - can't say what speed you'll get where you live but in terms of tech support they're great.

Sam

Hi,

I'm using Raspbian and for some strange reason I'm getting the following when trying to get dig:

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package dig

Any tip?

Cheers,

Joao

Sorry, I typed the wrong package name! dig is provided by the package dnsutils, so type:

sudo apt-get update
sudo apt-get install dnsutils

Sam

My MX record and txt records are returning with SOA's. Apparently that is a "Negative" response. Any idea what would cause this?
I tried to upload my log, but it was shut down by the spam filter.

Thanks!

Hi,

I think I know what you mean. Sorry about the spam filter, it's definitely not as good as I'd like (it's an external service. Apparently it thinks that comment was profanity!).

Here's what you tried to post:

pi@raspberrypi ~ $ dig yellowranch.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> yellowranch.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30448
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0
;; QUESTION SECTION:
;yellowranch.com. IN A
;; ANSWER SECTION:
yellowranch.com. 1800 IN A 127.0.1.1
;; AUTHORITY SECTION:
yellowranch.com. 171961 IN NS dns3.name-services.com.
yellowranch.com. 171961 IN NS dns1.name-services.com.
yellowranch.com. 171961 IN NS dns5.name-services.com.
yellowranch.com. 171961 IN NS dns2.name-services.com.
yellowranch.com. 171961 IN NS dns4.name-services.com.
;; Query time: 89 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Mar 21 20:10:54 2015
;; MSG SIZE rcvd: 158

Then the dig on my MX...

pi@raspberrypi ~ $ dig yellowranch.com MX
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> yellowranch.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17224
;; flags: qr rd ra
; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;yellowranch.com. IN MX
;; AUTHORITY SECTION:
yellowranch.com. 1093 IN SOA dns1.name-services.com. info.name-services.com. 2002050701 10800 3600 604800 3600
;; Query time: 145 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Mar 21 20:08:42 2015
;; MSG SIZE rcvd: 93

That's about as far as I got before I decided to put the macbook away for the evening. Any ideas?

It looks a bit like any changes you made to your DNS records hadn't propagated by the time you checked them (it's not necessarily instant, you have to wait for the cached records to time out before they get looked up again by name servers).

Sam

Hi Sam

So my next problem............!

I am using namecheap and my ISP is TalkTalk who give me a dynamic IP address.

Hosting the mail server on a Pi as per your tutorials I am able to receive emails, however I am not able to send emails, below are a couple of the error messages that I have received;

This is the mail system at host x

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

host gmail-smtp-in.l.google.com[64.233.167.26] said:
Our system has detected that this message
is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to
Gmail, 550-5.7.1 this message has been blocked. Please visit 550 5.7.1
https://support.google.com/mail/answer/188131 for more information.
i10si8396751wij.0 - gsmtp (in reply to end of DATA command)

=====================

This is the mail system at host x.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

host mx-eu.mail.am0.yahoodns.net[188.125.69.79]
said: 553 5.7.1 [BL21] Connections will not be accepted from x
because the ip is in Spamhaus's list; see
http://postmaster.yahoo.com/550-bl23.html (in reply to MAIL FROM command)

I have read your DNS Basics tutorial and added an SPF record as per your example.

Since I have a dynamic IP I assume that I cannot set a Pointer (PTR) record.

Do you know is this problem caused by namecheap or TalkTalk?

Can I do anything to allow my emails to be received by the recipient?

Thanks for your help.

Simon

You may have to get a static IP address, it looks like your dynamic IP address is on at least one blocklist.

Note - your email server can send email fine, the other servers are just configured in a way that is very strict. My server would accept the email, but possibly mark it as spam. Test it if you like!

What's your domain name? I'll check your SPF record just to be sure, it looks like the problem is the blacklist though.

Sam

Hi Sam

My domain is simonaeast.com

Thanks for your help

I can't find an SPF record for your domain. Here's my query:

nemo ~ $ dig simoneast.com TXT

; <<>> DiG 9.10.0 <<>> simoneast.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER&lt:<- opcode: QUERY, status: NOERROR, id: 58253
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;simoneast.com.                 IN      TXT

;; AUTHORITY SECTION:
simoneast.com.          3527    IN      SOA     ns1.webcity.com.au. hostmaster.simonea
st.com. 20030501 10800 3600 604800 10800

;; Query time: 19 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 12 06:51:36 BST 2015
;; MSG SIZE  rcvd: 107

Compare that to my site (ignore the google site verification thing)...

nemo ~ $ dig samhobbs.co.uk TXT

; <<>> DiG 9.10.0 <<>> samhobbs.co.uk TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60302
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;samhobbs.co.uk.                        IN      TXT

;; ANSWER SECTION:
samhobbs.co.uk.         1800    IN      TXT     "v=spf1 mx a ~all"
samhobbs.co.uk.         1800    IN      TXT     "google-site-verification=PXDKn_QSrkf7
eYmw7UKtkg2MBEJYBkHXEURqsCeS6SE"

;; AUTHORITY SECTION:
.                       29001   IN      NS      k.root-servers.net.
.                       29001   IN      NS      g.root-servers.net.
.                       29001   IN      NS      i.root-servers.net.
.                       29001   IN      NS      c.root-servers.net.
.                       29001   IN      NS      a.root-servers.net.
.                       29001   IN      NS      m.root-servers.net.
.                       29001   IN      NS      h.root-servers.net.
.                       29001   IN      NS      e.root-servers.net.
.                       29001   IN      NS      j.root-servers.net.
.                       29001   IN      NS      d.root-servers.net.
.                       29001   IN      NS      f.root-servers.net.
.                       29001   IN      NS      b.root-servers.net.
.                       29001   IN      NS      l.root-servers.net.

;; Query time: 36 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 12 06:51:14 BST 2015
;; MSG SIZE  rcvd: 364

Sam

Hi Sam.
When I follow your example I don't get a answer section, here's my results:

; <<>> DiG 9.8.4-rpz2+r1005.12-P1 <<>> gccustomguitars.com.au MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43035
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
gccustomguitars.com.au. IN MX

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Aug 11 52:16:01 2015
;; MSG SIZE rcvd: 40

From what I can see, it's hitting my routers IP address and going no further

Hi,

Your router is the DNS resolver for your LAN, dig doesn't know that the router sent the query on to another nameserver (no error there).

I expect you were just checking before the record had propagated through the nameservers (remember this could take as long as the TTL of the previous record).

I just checked, and get this response:

nemo ~ $ dig gccustomguitars.com.au MX

; <<>> DiG 9.10.0 <<>> gccustomguitars.com.au MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55964
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gccustomguitars.com.au.                IN      MX

;; ANSWER SECTION:
gccustomguitars.com.au. 3600    IN      MX      10 mx.gccustomguitars.com.au.

;; Query time: 167 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 10 09:20:20 BST 2015
;; MSG SIZE  rcvd: 70

Sam

OK Thanks for that Sam

I just tried it again and got this:

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> gccustomguitars.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28131
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;gccustomguitars.com.au. IN A

;; ANSWER SECTION:
gccustomguitars.com.au. 1857 IN A 165.228.72.215

;; AUTHORITY SECTION:
gccustomguitars.com.au. 3925 IN NS ns2.netregistry.net.
gccustomguitars.com.au. 3925 IN NS ns3.netregistry.net.
gccustomguitars.com.au. 3925 IN NS ns1.netregistry.net.

;; ADDITIONAL SECTION:
ns1.netregistry.net. 3213 IN A 203.55.143.10
ns2.netregistry.net. 3442 IN A 203.55.143.100
ns3.netregistry.net. 3442 IN A 203.55.142.11

;; Query time: 28 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Aug 12 13:55:29 2015
;; MSG SIZE rcvd: 173

Should I have the "additional" entries as listed ?
I'm assuming now that I can't connect to my mail server because there are conflicting IP addresses ???

No, that's all fine, it's just giving additional info about the nameservers (the hostnames match the authority section).

By the way, last first output you posted was for looking up the MX record, but the output you posted above is querying the A record... did you mean to do that?

Sam

Yeah, sorry, should have posted that one instead, just trying to setup Thunderbird to test email and it's just not happening.
Will attach the MX records for you to have a look at.

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> gccustomguitars.com.au mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15970
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gccustomguitars.com.au. IN MX

;; Query time: 3 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Aug 12 15:59:41 2015
;; MSG SIZE rcvd: 40

As you can see, no answer records.
Any ideas why I'm not getting them ?
I've been following your Raspberry PI tutorial on setting up a web server, which by the way is probably the best one I've come across.
Very informative and you are the only one I've come across that actually helps out users when they do hit a stumbling block.

regards

Günter

I don't know why, that's really odd. Maybe your ISP's nameserver is badly configured? For me, your mx record points to your mx subdomain, which doesn't have a DNS A record... so it seems you have two problems!

Try specifying a custom nameserver, like this...

dig @8.8.8.8 gccustomguitars.com.au mx

That IP address is for one of Google's public nameservers, nice and easy to remember!

Glad you are finding the tutorials useful.

Sam

You need to create a DNS A record for the mx subdomain - your MX record is telling people that the mail server is at mx.gccustomguitars.com.au, but there's no way to resolve that hostname because there's no A record.

Alternatively, if the A record for your root domain gccustomguitars.com.au is already pointing at your Pi's IP address, just change the MX record to point at gccustomguitars.com.au, not mx.gccustomguitars.com.au.

Sam

Thanks for the help Sam.
I finally got email working, sending is fine, just can't receive emails.
Will have a look and see if I can find anything obvious ??

I think it's still your MX record - when I look it up now, I don't get any answer at all.

The missing MX record will prevent you from receiving email (because nobody knows the IP address of your server) but you'll be able to send fine, so that fits.

Sam

OK, I think I've got it working now ?
Added the MX record, when I DIG for my domain I now get an answer with 10 mydomain.com.au
In the Thunderbird settings for SMTP, should I just use my domain name as the server or add smtp.xxxxx to the front ?

I'm trying a few different ways but none seem to work at the moment ?

The DNS looks fine now, I can connect to your server on ports 993 and 465, but I can't telnet to port 25.

Have you forwarded that port to your Pi?

Thunderbird settings should just have gccustomguitars.com.au.

Sam

Yes, port 25 is forwarded in the router. I think I screwed up something on the Pi and have reloaded my last good image of the disk that I backed up.
Will reload and try a telnet session again to resolve the problem.
I know I screwed up because I was getting a "trying to connect 163.xxx instead of my real IP address

Hi Sam,

I've followed everything above and on the mail server tutorial (thanks again for the help on dovecot, etc), but I'm still not connected via my android phone. I'm with TalTalk and am not sure whether or not I've a static or dynamic ip address with them (probably dynamic)...but here are the digs for the a, mx, txt and ptr...the ptr one looks a bit weird to me as its web60.extendcp.co.uk, which I think should be different...anyway, any advice is welcomed:

pi@raspberrypi ~ $ dig courseworkresources.com

; <<>> DiG 9.9.5-9+deb8u3-Raspbian <<>> courseworkresources.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26750
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;courseworkresources.com. IN A

;; ANSWER SECTION:
courseworkresources.com. 8253 IN A 217.199.187.60

;; Query time: 6 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Oct 16 17:06:49 UTC 2015
;; MSG SIZE rcvd: 68

pi@raspberrypi ~ $ dig courseworkresources.com MX

; <<>> DiG 9.9.5-9+deb8u3-Raspbian <<>> courseworkresources.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13369
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;courseworkresources.com. IN MX

;; ANSWER SECTION:
courseworkresources.com. 8217 IN MX 10 mail.courseworkresources.com.

;; Query time: 6 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Oct 16 17:06:57 UTC 2015
;; MSG SIZE rcvd: 73

pi@raspberrypi ~ $ dig courseworkresources.com txt

; <<>> DiG 9.9.5-9+deb8u3-Raspbian <<>> courseworkresources.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9249
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;courseworkresources.com. IN TXT

;; ANSWER SECTION:
courseworkresources.com. 8202 IN TXT "v=spf1 a mx a ~all" #Ijust saw this and changed it to "v=spf1 mx a ~all"

;; Query time: 4 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Oct 16 17:07:02 UTC 2015
;; MSG SIZE rcvd: 83

pi@raspberrypi ~ $ dig -x 217.199.187.60

; <<>> DiG 9.9.5-9+deb8u3-Raspbian <<>> -x 217.199.187.60
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51994
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;60.187.199.217.in-addr.arpa. IN PTR

;; ANSWER SECTION:
60.187.199.217.in-addr.arpa. 8182 IN PTR web60.extendcp.co.uk.

;; Query time: 6 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Oct 16 17:07:06 UTC 2015
;; MSG SIZE rcvd: 90

pi@raspberrypi ~ $

Your MX record currently points to mail.courseworkresources.com (note you're using the mail subdomain not the root domain). Anyway, the DNS A record for your mail subdomain points to the same IP address as the DNS A record for the root domain: 217.199.187.60, which is probably not your IP address, as you already guessed.

You can do a search for "what is my ip" to check, and if you do have a dynamic IP address you can (in order of preference):

  1. See if you can get a static IP address from your ISP - it'll save you a lot of hassle, dynamic IP addresses tend to be on spam blocklists etc.
  2. If you can't get a static IP, set up dynamic dns to automatically update your DNS A records when your dynamic IP address changes, see my dynamic DNS tutorial.

Sam

Hi Sam,

My domain provider doesn't have the option for dynamic dns that I can see in the domain management...

I've updated my ip address (still dynamic - but am contacting ISP(talktalk) for static) which is 2.103.246.251 in the A record and also changed the MX to courseworkresources.com...still unsure if I did it correctly, but it looks like this:

A record:
@ 2.103.246.251

MX record:
courseworkresources.com 10

There are no other options to the right of these...

I'm with heartinternet for my domain.

The txt record is now showing the correct data...

Please advise.

Thx

Jo

Looks OK, let me know if it works. You'll have to sort out dynamic DNS or a static IP address if you want things to work long term without manual intervention.

Sam

Pages

Add new comment