I own and operate a single dedicated server that offers shared web hosting space to my clients including email services. Is it possible to have multiple MX records for each client domain, and have each of those client MX records point to IP addresses in different subnets but still only use that one server for email?
We have received a warning in a DNS checking system that warns of only having one MX record as well as warning that our NS and MX records are not in different subnets.
Will this make a difference to the incoming load on the mail server? Is this even a valid problem? How can we handle the issues that the DNS check is referring to? I don't know how to handle the warning that the MX records should be on a different subnet from each other. Where can I learn more about these topics?
Best Answer
It is not uncommon to have a single server that is the sole provider of email for a domain. There is no requirement that a domain have multiple receiving mail servers or that those mail servers be in different subnets. It is a best practice, certainly, but no RFC is being broken by not doing those things.
What DNS check are you using? I think they are being very aggressive with their warnings, unless they are simply listing those as suggestions or "best practices." Furthermore, are your clients experiencing any problems or complaining?
Having two MX records point to the same mail server will have no effect on load.
Yes, it's a valid problem. However you have to gauge just how much redundancy you need and what services your customers are satisfied with. Two MX records pointing to one server does nothing except keep up appearances. The same goes for NS records. Having two mail servers for your domain that are both synced and accepting mail for the same email addresses is adding redundancy to your systems. However you can certainly operate a set of mail domains on one server and thus have only one MX record without "breaking anything. Please make sure that you protect yourself through adequate backup and restoration procedures that give you acceptable Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
You can assign multiple IP addresses to your server and have your mail daemon listen on those multiple IP addresses. Then create an A record for each IP address, and then attendant MX records that point to the A records. Does that "solve" it? It satisfies the letter of the law but not the spirit. It suppresses that warning from whichever DNS check you're using, but it doesn't solve the underlying issue that the warning intends to alert you to. The warning is telling you to have two email servers, not just two MX records.
To truly solve the issue, have two mail servers if possible.
That is, in my opinion, a very aggressive suggestion. Technically you could once again satisfy the letter of the law, if not the spirit. You could have your server provider give you an IP address on a different subnet but the same VLAN that your server is on and assign it to an interface. It would do nothing but take your money and introduce fruitless complexity, however.
I would recommend DNS and Bind by Cricket Liu as a good place to start. Also, inspect pertinent RFCs and seek to understand them.
TL;DR
The warnings that you are receiving are telling you about your system's shortcoming in measuring up to best practices. They are not absolutely necessary to the safe operation of a mail system. Unless you have the time and money to invest in another server, you may safely ignore those warnings insofar as you also take due diligence to backup your data and practice proper, timely restorations.