Email migration - DNS Records

[HCHTech]

I'm migrating a small client (6 employees) to O365 Hosted Exchange this weekend. They were popping email from their web hoster in the past, so this should have been simple. As is normal for these migration jobs, I try to time the DNS cutover for Friday evening so that propagation is finished by Monday morning when folks come back to work.

In checking on the propagation progress this morning with whatismydns.net, I noticed that no sites had the new value yet. Hmmm. It had been about 20 hours since the change, and I had set the TTL to 5 minutes. The original MX record had a TTL of an hour, so some sites should have gotten the new info by now, I'd think.

I had used the @ symbol for the name field of the MX record, which was apparently the problem. The previous 2 MX records had the domain name. To be clear:

Original MX records were:

10 customerdomain.com originalmailserver1 MX 3600
20 customerdomain.com originalmailserver2 MX 3600

I added:

0 @ something.mail.protection.outlook.com MX 300

I know I've done this several times in the past without problems. The 0 record should take priority over the 10 and 20 records once the DNS change propagates. Then, after you're sure mail is flowing to the new system, you delete the old MX records.

So in this case, 20 hours passed and the 0 record had not propagated to any of the checked sites.

I went in and changed the zero record to replace the "@" name with "customerdomain.com" to match the other records, and within just a few minutes, I could see it beginning to propagate. So what's up with that?

I thought I understood that the @ just meant "whatever the domain name is", but I guess not, or at least not for this vendor. Or maybe it's because there wasn't a CNAME record for @?

 

[Slaters Kustum Machines]

It just depends on the DNS host/provider. Some of them do goofy things.

 

[nlinecomputers]

It just depends on the DNS host/provider. Some of them do goofy things.

This. It depends on the software they run for the nameserver. Not all have the same syntax.

 

[YeOldeStonecat]

I rarely use the "@" for anything, never for MX.
It's good to check the TTL ahead of time, sometimes if I'm on a tight cutover...a week ahead of time I'll dial down that TTL to a super low value..and then kick back up to standard 3600 a few days after the cutover.

 

[Markverhyden]

Something does not sound right. I've done my far share and delays of several hours were common 10 years ago. Lately though it's usually done with 10 minutes. Late last year one took 25 minutes or so.

Yep, don't use @ in an MX record. I always use the full FQDN. Sure you are using the authoritative DNS for that domain? What does whois and host show for the domain.

 

[HCHTech]

It's all working now (only took 10 minutes after I fixed the MX Record). I guess I'm guilty for not suspecting the @ address would be a problem. I looked in the Microsoft tenant to find out the required MX, SPF & CNAME records, and just copied and pasted each of them into the DNS. The suggest MX record there used the "@" so I just pasted it in. I only do a few of these per year, not enough to feel like I'm an authority - I just follow my checklist and usually it all works fine.

 

[HCHTech]

It's good to check the TTL ahead of time, sometimes if I'm on a tight cutover...a week ahead of time I'll dial down that TTL to a super low value..and then kick back up to standard 3600 a few days after the cutover.

Yep, I'm with you there - that's early on my checklist - haha. Take it down to 5 minutes 2 or 3 days before the cutover, move it back to an hour 2 or 3 days after everything is confirmed working.