EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 5 Jan 2022, 06:14 AM   #1
camner
Cornerstone of the Community
 
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
A record for mail.mydomain.com?

As FM recommends, my custom domain has its DNS hosted by FM, with an A record that points to the IP address of my web host (external to FM). This has worked well for many years.

Today I received an email from my webhost telling me that the automatic renewal of my SSL certificate was not valid for the subdomain mail.mydomain.com because it points to an IP address that is not on the same server as mydomain.com].

I looked at the DNS records at FM, and I noticed that there is an A record for mail.mydomain.com that points to FM (so the SSL error message makes sense).

This leads me to wonder what the purpose is of an A record for mail.mydomain.com. I can't imagine ever wanting anyone to try to visit that URL.

Is there any reason I can't just turn off that A record?
camner is offline   Reply With Quote

Old 5 Jan 2022, 08:53 AM   #2
hydrostarr
Member
 
Join Date: Jul 2003
Posts: 55
I managed several Tuffmail-based domains for ~15 years with only MX and anti-spam-verification (like TXT, SRV, maybe CNAME, maybe SRV?) DNS records. Of these domains, I never had one that contained website-specific, A or AAAA records.

This leads me to think that web-related (https://) A and AAAA records are unnecessary for Fastmail, unless you're leveraging Fastmail's web user interface (to perform non-IMAP, non-SMTP, web-only logins to the https//mail.mydomain.com webpage) with your custom domains -- which sounds like something you are specifically not doing. As such, I would feel comfortable deleting the 'mail.*' A and AAAA records and running a few tests to confirm email's still working -- but only after getting some additional feedback on this thread, just as you're doing. :-)

I just took a look at one of my Fastmail-DNS-hosted domains (I recently did the Tuffmail-->Fastmail move per Tuffmail shutting down) whose records retain all the Fastmail-configured default settings, and I see nothing there that would change my thinking.

I'm sure there's others on here that may be able to offer better or more-experienced feedback.

Last edited by hydrostarr : 5 Jan 2022 at 01:20 PM.
hydrostarr is offline   Reply With Quote
Old 5 Jan 2022, 12:38 PM   #3
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
As I understand it, the A record for mail.domian.com tends usually only to be used for services like OWA that allow browser access to the mail service. However, I have a vague memory that Fastmail used to allow you to connect to the Fastmail logon page by going to mail.yourdomain.com if everything is correctly set up. Have you tried this for your domain? If my recollection is correct, you will only lose that specific functionality if mail.yourdomain.com A records and SSL are not set up correctly.
BritTim is offline   Reply With Quote
Old 5 Jan 2022, 01:39 PM   #4
camner
Cornerstone of the Community
 
Join Date: Jul 2002
Location: Tacoma, WA
Posts: 642
Thanks for the reply.

When I go to mail.mydomain.com in Chrome, I first get the warning about it being insecure (because of the lack of SSL). If I click through and tell Chrome "go there anyway," I get this message:
mail.mydomain.com normally uses encryption to protect your information. When Chrome tried to connect to mail.mydomain.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be mail.mydomain.com or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit mail.mydomain.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
I doubt it will work later, because my web host's automatic SSL certificate renewal process failed with mail.mydomain.com as I explained in my original post.

Anyway, I have no need for mail.mydomain.com, so I'll just turn it off in FM's DNS settings.
camner is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 05:06 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy