What is a DNS MX record?

There are several types of records - or Resource Records as they are called - in the Domain Name System (DNS). This page explains what the MX record is and how it's used.

The purpose of a DNS MX record #

The MX record tells a mailserver which server they can connect to in order to deliver the e-mails for that domain.

The value of an MX record is almost always a domain name, that in turn will be an A record to translate to an IP address.

What does it mean if an MX record changes? #

Changes to the MX records could indicate a change in your e-mail provider setup. If you're migrating to a new e-mail provider or have received instructions from your e-mail provider to change MX records, this could be intentional.

If you did not expect a change to your MX records, it could be that someone has changed them on your behalf and could now control all incoming e-mail sent to your domain name.

Given how important our relience on e-mail is (2FA or password resets, authorization, authentication, ...) this should be investigated with high priority by contacting your domain or nameserver provider.

The structure of a DNS MX record #

Here's an example of an MX record for our own domain name:

ohdear.app.		3600	IN	MX	10 mx.mailprotect.be.
ohdear.app.		3600	IN	MX	50 mx.backup.mailprotect.be.

The structure of the record follows a simple format:

<host>          <TTL>   IN  MX  <priority> <value>

There are two special values when it comes to creating an MX record:

• priority: the priority indicates a preference, the lower the priority, the more that mailserver is preferred to be used
• value: this contains the hostname of the mailserver to connect to

The priority should be seen as a preference, not a guarantee. The sending mailserver will first try to deliver e-mail on the lowest priority mailserver.

Should that fail, it can try the next priority, and so on. This allows you to specify a preferred mailserver and a back-up mailserver.

Special use cases of DNS MX records #

Has to point to an A or AAA record #

An MX record has to point directly to either an A record or a AAAA record.

The MX record can not point to a CNAME but instead has to point to a hostname that can be instantly queried for either the IPv4 or IPv6 record.

MX null records #

A special value for MX records can be a "null record" or a "no service MX record". Null records are MX records that tell the client this domain accepts no e-mail.

If we wanted to indicate, explicitly, that our domain would never accept e-mail, we would create a record like this:

ohdear.app.		3600	IN	MX	0 .

The priority would be 0 and the value would be a single dot ".".

Fun fact: the domain example.com - which is often used in testing or example documentation, has to explicitly indicate that it doesn't accept email just to avoid millions of emails trying to get delivered:

example.com.		86400	IN	MX	0 .

Imagine not having that null record option and trying to deliver all those emails!