From: Jorey Bump (listjoreybump.com)
Date: Wed Aug 01 2007 - 11:26:45 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Rabbitson wrote:

> This is yet another not strictly postfix related post, please bear with me.
> My question is simple - is it legal/will it cause any problems if a
> domain lists two MX records which eventually resolve to the same IP.
>
> Here is the rationale: I need to migrate an MX used as backup for many
> domains to a different IP. The IP will be released into a pool, and
> possibly reused promptly. If it is assigned to another SMTP server mail
> might be returned due to the 5xx responses such a server might produce.
> One way to deal with that would be to change the MX information for all
> domains, but it will take quite some effort. Another would be to simply
> change the A record of the MX in question until everything is settled
> (all domains list the same MX fqdn).

As you've discovered, it simplifies things if all of your domains
designate the same MX host(s). This allows you to easily make changes
simply by editing the A record(s) of the MX host(s). Some admins that
administer multiple virtual domains make the mistake of creating unique
MX hosts with A records in every domain, all pointing to one or two IP
addresses. In most cases, this is an unnecessary vanity (although some
sites can justify it).

By your description, you have two problems to address immediately:

1. Shorten the TTL for any records that are using the deprecated IP, and
use the same TTL for the new IP wherever it will be returned, even
indirectly (via the MX lookup, for example). You should do this well in
advance, to prevent the lookups from being cached for too long. I
usually use 5 minutes, then gradually increase this, once I'm sure
everything is working properly. You don't want to leave the short TTL
for too long, as some sites may consider it to be "spammy".

2. Do not release the deprecated IP into the pool prematurely. If you
can, set up an interface alias so the machine can listen on the
deprecated IP and the new IP simultaneously. Hopefully, you are still on
the same network and this is a possibility. Once you've made your final
changes, sit back and evaluate, then make sure you've allowed the TTL to
expire and release the deprecated IP. If you can't listen on both IP
addresses simultaneously, consider shutting down SMTP for the duration
of the TTL, to force mail to be queued by remote hosts and to prevent a
new machine from rejecting mail when it acquires the old IP. 5 minutes
of downtime shouldn't be a major inconvenience, at least not compared to
accidentally rejecting mail.

And to answer your question, no, it shouldn't be a problem if multiple
MX records resolve to the same IP address, as long as it's the right one.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]