DNS: Subdomains that Require Both an MX Record and a CNAME
Unfortunately, what you're running into is a limitation of the DNS specification. Having an MX record for the same hostname as is defined as a CNAME record will fail in most DNS server implementations. Some older DNS servers will allow this, but they have been mostly phased out in favor of newer, more secure implementations.
Instead of using CNAME records, you will need to use 'A' records with the IP addresses of the customer sites directly instead of aliasing the names.
After a lot of work and research here, I have found an acceptable solution. First, it is important that we all follow the RFCs. I patched my DNS server to violate the RFC, and I discovered that several other major DNS servers would not respect the change.
The appropriate move is to put the MX on the host that the CNAME points to. So, if customer.mywebservice.com is a CNAME to the A record loadbalancer.mywebservice.com, it is proper to also build an MX record for loadbalancer.mywebservice.com. I have verified that this works with all major resolvers.
If a MX query is made for customer.mywebservice.com, the resolver library will follow the CNAME and get the proper MX for the final A record. Hurrah!
customer.mywebservice.com needs to be a CNAME to a given server offsite. Since that site manages its own equipment and can change addresses at any point in time, the CNAME is a requirement.
Can anyone think of any workarounds? Thanks!
You have a requirement that the customers must be able to change the address, have you considered allowing the customer to dynamically update their own record? With dynamic dns you could use the A record, and the customer could change the record as needed. It would take a bit of work, but you could each individual sub-domain as a separate zone so you can make sure a customer can only touch their own zone.
I haven't tried it but gnudip appears to be an open source tool for facilitating dynamic updates without having to deal with authentication and setting up lots of zones on your DNS server.
If your MX records will be the same for all of these records, then you could attempt to use a DNAME to redirect XYZ.mywebservice.com to hosting.mywebservice.com. Under hosting.mywebservice.com add your relavent MX and A records.
I must say that I have never utilized DNAME records in production, but you can read more about them in RFC2672.
Does the RHS of the customer.mywebservice.com CNAME have an MX entry?
If so, then the mail server will use that MX to find the mail server to use. Hopefully you can control that.