Fortinet black logo

Cookbook

Configuring DNS records

Copy Link
Copy Doc ID c8d3a4a2-3e1b-11ea-9384-00505692583a:571351
Download PDF

Configuring DNS records

Regardless of your private network topology, in order for external MTAs to deliver email to the FortiMail unit, you must configure the public MX record for each protected domain to indicate that the FortiMail unit is its email gateway.

For example, if the FQDN of the FortiMail unit is fortimail.example.com, and example.com is a protected domain, the MX record for example.com would be:

example.com IN MX 10 fortimail.example.com

A record must also exist to resolve the host name of the FortiMail unit into an IP address:

FortiMail IN A 10.10.10.1

If your FortiMail unit will relay outgoing email, you should also configure the public reverse DNS record. The public IP address of the FortiMail unit, or the virtual IP address on a firewall or router that maps to the private IP address of the FortiMail unit, should be globally resolvable into the FortiMail unit’s FQDN. If it is not, reverse DNS lookups by external SMTP servers will fail.

For example, if the public network IP address of the FortiMail unit is 10.10.10.1, and fortimail.example.com is the FQDN of the FortiMail unit, a public DNS server’s reverse DNS zone file for the 10.10.10.0/24 subnet might contain:

1 IN PTR fortimail.example.com

Configuring DNS records

Regardless of your private network topology, in order for external MTAs to deliver email to the FortiMail unit, you must configure the public MX record for each protected domain to indicate that the FortiMail unit is its email gateway.

For example, if the FQDN of the FortiMail unit is fortimail.example.com, and example.com is a protected domain, the MX record for example.com would be:

example.com IN MX 10 fortimail.example.com

A record must also exist to resolve the host name of the FortiMail unit into an IP address:

FortiMail IN A 10.10.10.1

If your FortiMail unit will relay outgoing email, you should also configure the public reverse DNS record. The public IP address of the FortiMail unit, or the virtual IP address on a firewall or router that maps to the private IP address of the FortiMail unit, should be globally resolvable into the FortiMail unit’s FQDN. If it is not, reverse DNS lookups by external SMTP servers will fail.

For example, if the public network IP address of the FortiMail unit is 10.10.10.1, and fortimail.example.com is the FQDN of the FortiMail unit, a public DNS server’s reverse DNS zone file for the 10.10.10.0/24 subnet might contain:

1 IN PTR fortimail.example.com