DNS Configuration: Can You Use MX Records Without A Records for Email-Only Domains?


2 views

Yes, it's technically valid to configure a domain with only MX records and no A records when the sole purpose is email handling. The relevant RFCs (RFC 1035 for DNS and RFC 5321 for SMTP) don't mandate the existence of A records when MX records are present.

For our example domain abcd.com with mail server at mail.provider.com:

; DNS zone file for abcd.com
$TTL 3600
@    IN    SOA    ns1.provider.com. admin.provider.com. (
                  2023111501 ; serial
                  3600       ; refresh
                  900        ; retry
                  604800     ; expire
                  86400 )    ; minimum

@    IN    NS     ns1.provider.com.
@    IN    NS     ns2.provider.com.
@    IN    MX     10 mail.provider.com.

This configuration works because:

  • Email sending: Your SMTP server connects to recipient servers using the MX records of the destination domain
  • Email receiving: Other servers find your MX record pointing to mail.provider.com which has its own A record

Some legacy systems might perform DNS checks that expect A records, though this is increasingly rare. Modern email infrastructure won't have issues.

While optional, including SPF improves deliverability. Example for a Google Workspace setup:

@    IN    TXT    "v=spf1 include:_spf.google.com ~all"

Use dig to verify your configuration:

dig MX abcd.com +short
# Should return: 10 mail.provider.com.

When configuring a domain purely for email services (like abcd.com in your example), it's technically valid to have only MX records without A records in your DNS zone. The relevant RFCs (specifically RFC 2181) state that MX records don't require corresponding A records for the domain itself.

For receiving email:

abcd.com.     3600    IN    MX    10 mail.provider.com.

This setup works because:

  • Receiving servers query MX records directly
  • They connect to the specified mail server (mail.provider.com)
  • The domain's A record isn't involved in this process

For sending email, most MTAs will:

  1. Check for SPF records (if present)
  2. Verify DKIM signatures (if configured)
  3. Not require the domain to have an A record

Here's a complete DNS configuration for an email-only domain:

; Zone file for abcd.com
@        3600    IN    SOA    ns1.provider.com. admin.abcd.com. (2023081501 3600 900 1209600 3600)
@        3600    IN    NS     ns1.provider.com.
@        3600    IN    NS     ns2.provider.com.
@        3600    IN    MX     10 mail.provider.com.
@        3600    IN    TXT    "v=spf1 include:provider.com ~all"
_dmarc   3600    IN    TXT    "v=DMARC1; p=none; rua=mailto:admin@provider.com"

While technically valid, some edge cases might occur:

  • Ancient mail servers might perform unnecessary A record lookups
  • Some email validation tools might flag this as a "warning" (though not an error)
  • Web-based email interfaces might expect the domain to resolve

Use these diagnostic commands to verify proper setup:

dig MX abcd.com +short
dig TXT abcd.com +short
dig A abcd.com +short  # Should return empty if correctly configured

For comprehensive testing:

nslookup -type=MX abcd.com
nslookup -type=TXT abcd.com
telnet mail.provider.com 25  # Verify SMTP connectivity