You are here: Home > OpenBSD mail server: DNS

No Hair Github Pages

Setting up a mailserver on OpenBSD 6.9: DNS

A. DNS

In my experience, and speaking as someone who has run my own nameservers locally with BIND, with everyDNS (RIP), DYN, and dynu.com, that most of my errors were here. This is largely because articles (including this one) use the BIND format to describe DNS records but hosting services often use an interface to set DNS records which does not at all look like a BIND record. Vultr is no exception. I'm going to stick to BIND format though as you may be using another hosting service and I don't want to get bogged down in those particular specifics.

1. First, set up DNS for the mail server at your DNS provider

A Record:

smtp.example.com  A  1.2.3.4

MX Records:

example.com   MX   1   smtp.example.com.
@             MX   2   smtp.example.com.

2. SPF Records:

example.com. IN TXT "v=spf1 a ip4:1.2.3.4 mx ~all"

3. DKIM and DMARC Records: See following section.

4. CAA Records: See Certificates section following.

5. Reverse DNS (rDNS), forward-confirmed reverse DNS (FCrDNS), and PTR records:

If you have static IP at home or business, you probably need to contact your ISP to have them set up reverse DNS. If you have a VPS or shared hosting, usually you can create PTR records in the administration panel or request it from your hosting company. If you have your own DNS servers, you probably already have your own mail server.

The format of the PTR record is:

4.3.2.1.in-addr.arpa. 7200 IN PTR mail.example.com.

Forward-confirmed DNS requires that an A record references the name and IP and a PTR record references the same IP and name, like so:

mail	   3600  IN  A   1.2.3.4
4.3.2.1.in-addr.arpa.	7200  IN  PTR   mail.example.com.

6. Test if DNS resolution is working. You can use https://mxtoolbox.com/ to check all your DNS records for confirmation.

Also, you can use https://multirbl.valli.org/ to check rDNS AND FCDNS.For additional reading:

• IRCnow DNS for mail
• GFI.com mail delivery and dns

Next: Set up DKIM and DKMARC

Previous: Prerequisites

Posted by Gordon, No Hair Github Pages, August 12, 2021

© nohair.net and the author

For comments, corrections, and addenda, email: gordon[AT]nohair.net

Github Pages index | Nohair.net | Links | Surfcams