How to Configure Separate MX Records for a Subdomain Mail Server (Gmail + Custom Setup)


3 views

When setting up dedicated mail services for a subdomain while maintaining primary email services (like Gmail), you need to carefully structure your DNS records. The key principle: MX records point to hostnames, which must ultimately resolve to IP addresses via A records.

For your cranketywidgets.com domain with Google Apps and a mailer subdomain:

; Primary domain records
cranketywidgets.com.    IN A     10.24.233.214
cranketywidgets.com.    IN MX    1 aspmx.l.google.com.
cranketywidgets.com.    IN MX    5 alt1.aspmx.l.google.com.
; ... additional Google MX records

; Mailer subdomain records
mailer.cranketywidgets.com. IN A  10.24.233.215
mailer.cranketywidgets.com. IN MX 10 mailer.cranketywidgets.com.

The parent domain's MX records direct to Google's servers, while the subdomain's MX points to its own A record. This creates complete separation between your transactional emails and corporate communications.

Here's how to implement this in AWS CLI:

aws route53 change-resource-record-sets --hosted-zone-id Z1PA6795UKMFR9 \
--change-batch '{
  "Changes": [
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "mailer.cranketywidgets.com",
        "Type": "A",
        "TTL": 300,
        "ResourceRecords": [{"Value": "10.24.233.215"}]
      }
    },
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "mailer.cranketywidgets.com",
        "Type": "MX",
        "TTL": 300,
        "ResourceRecords": [{"Value": "10 mailer.cranketywidgets.com"}]
      }
    }
  ]
}'

After setting up, verify with these commands:

dig MX cranketywidgets.com +short
dig MX mailer.cranketywidgets.com +short
dig A mailer.cranketywidgets.com +short

For email testing, configure your mail server software (Postfix example):

# /etc/postfix/main.cf
myhostname = mailer.cranketywidgets.com
mydomain = mailer.cranketywidgets.com
myorigin = $mydomain
relayhost =
mydestination = $myhostname, localhost.$mydomain, localhost

Ensure proper reverse DNS (PTR record) for your mail server's IP. Implement SPF, DKIM, and DMARC records:

mailer.cranketywidgets.com. IN TXT "v=spf1 ip4:10.24.233.215 -all"
_dmarc.mailer.cranketywidgets.com. IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@cranketywidgets.com"

When implementing a dual-mailserver solution with Google Apps for primary email and a dedicated subdomain for transactional emails, we need to carefully structure the DNS records to avoid conflicts. The key principle is that MX records don't directly contain IP addresses - they point to hostnames that must resolve via A or AAAA records.

Here's the complete zone file configuration for cranketywidgets.com:

; Base domain records
cranketywidgets.com.    IN  A     10.24.233.214
cranketywidgets.com.    IN  MX    1 ASPMX.L.GOOGLE.COM.
cranketywidgets.com.    IN  MX    5 ALT1.ASPMX.L.GOOGLE.COM.
cranketywidgets.com.    IN  MX    5 ALT2.ASPMX.L.GOOGLE.COM.
cranketywidgets.com.    IN  MX    10 ALT3.ASPMX.L.GOOGLE.COM.
cranketywidgets.com.    IN  MX    10 ALT4.ASPMX.L.GOOGLE.COM.

; Mailer subdomain records
mailer.cranketywidgets.com. IN  A     203.0.113.45
mailer.cranketywidgets.com. IN  MX    10 mailer.cranketywidgets.com.

For cloud DNS providers like AWS Route 53, you'd create these records through their UI:

# AWS CLI example for Route 53 (would need proper hosted zone ID)
aws route53 change-resource-record-sets \
  --hosted-zone-id Z1PA6795UKMFR9 \
  --change-batch '{
    "Changes": [{
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "mailer.cranketywidgets.com",
        "Type": "MX",
        "TTL": 300,
        "ResourceRecords": [{
          "Value": "10 mailer.cranketywidgets.com"
        }]
      }
    }]
  }'

After setting up the records, verify with dig/nslookup:

dig MX cranketywidgets.com +short
dig MX mailer.cranketywidgets.com +short
dig A mailer.cranketywidgets.com +short

For SMTP testing, use Telnet to verify the mailer subdomain accepts connections:

telnet mailer.cranketywidgets.com 25
EHLO example.com
MAIL FROM: <noreply@mailer.cranketywidgets.com>

You'll need separate SPF records for each mail flow:

cranketywidgets.com. IN TXT "v=spf1 include:_spf.google.com ~all"
mailer.cranketywidgets.com. IN TXT "v=spf1 ip4:203.0.113.45 -all"

For proper email authentication, configure DKIM for both domains. Example for the mailer subdomain:

mailer._domainkey.cranketywidgets.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."
_dmarc.mailer.cranketywidgets.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@cranketywidgets.com"