Exchange DNS Configuration

Posted: February 9, 2010 in Exchange Server
Tags: , , , ,

I have seen a number of question over the past few months regarding DNS configuration for an Exchange Server, incorrectly configured DNS can cause your server to be rejected by receiving servers that are performing certain types of checks on the mail it receives.

One of the most common of these is the rDNS lookup, basically checking that the server sending the message actually exists.

I will try to cover the correct configuration here for hosting your own mail server and sending mail out via DNS rather than a smarthost, this configuration is not as important if you send via a 3rd party relay.

MX Configuration

The MX record(s) for your domain provide systems sending you e-mail with the correct path for your mail server, if your using a relay/SPAM service then your MX record will be configured to use their servers hostnames. If your hosting your own server then the MX record will be configured with your servers IP address.

Step 1

Confirm the External IP address your server is using, this can be achieved by simply going to http://whatsmyip.org from your Exchange server, at the very top of the screen this will provide you with your IP address.

Step 2

Create an A record in the DNS that controls your EXTERNAL domain name, this is the part after the @ in your e-mail address. I always use mail.domainname.com but you don’t have to, it doesn’t matter what you use as long as it’s consistent.

Step 3

Configure the MX record to use the A record you have configured in Step 2. Don’t use IP addresses or CNAME records as this can throw up errors on DNS lookups. If you only have 1 a single connection to the internet then only setup 1 MX record, and avoid giving it a value of 0, use 5 or 10 this will be your PRIMARY MX.

If you have a second connection to the internet that has a different IP address that you use for backup purposes in case your main line goes down then add a secondary MX with an A record that is configured for this IP address with a higher value, of say 20.

If you only have a single server, avoid the temptation to setup multiple MX records either setting up two MX records pointing to the same IP address as this is a complete waste of time, or one pointing to your own server and one pointing to a backup MX server hosted for you as this will get targeted by spammers and you will be forwarding spam from your secondary MX to your Exchange server.

Step 4

Contact your ISP, you will need to configure a Reverse DNS, also referred to as a PTR (pointer) record. This is against your IP address so can only be done by the company that provide your internet connection. Whilst a generic rDNS record will work, any systems doing strict lookup will fail your server if it doesn’t match the A record configured in Step 2 so therefore it is best practice to configure your rDNS to use mail.domainname.com

Step 5

Modify your send connector/SMTP Connector. Depending which version of Exchange Server you are using this process will be different.

In Exchange 2007 & 2010 the Send Connector will need to be modified.
Open Exchange Management Console, navigate to Organisation Configuration > Hub Transport > Send Connector and right click on the send connector configured for internet usage and select properties.

On the first screen you will see a FQDN box this should match the A record you created in Step 2. For consistency you may also want to do the same on the Internet Receive Connector which is located under Server Configuration > Hub Transport and by default it will be the one that starts with Default

In Exchange 2003 you will need to modify the properties of the SMTP Virtual Server.
Open Exchange System Manager, navigate to Administrative Groups > First Administrative Group > Servers > Servername > Protocols > SMTP and right click on the Default SMTP Virtual Server select properties.

Under the delivery tab click Advanced and enter the A record you created in Step 2 for the Fully Qualified Domain Name

Summary

In summary then your DNS configuration should look like this:

  • A record mail.domainname.com configured for IP address of your server
  • MX record for domainname.com configured to use A record mail.domainname.com
  • rDNS configured to use mail.domainname.com
  • Send Connector/Receive Connector in Exchange 2007 FQDN set to: mail.domainname.com
  • SMTP Virtual Server in Exchange 2003 FQDN set to: mail.domainname.com
Advertisements
Comments
  1. […] Make sure your External DNS is configured properly, follow my guide here: https://demazter.wordpress.com/2010/02/09/exchange-dns-configuration/ […]

  2. […] The final part is the DNS Configuration.  You need to configure the MX record for the new domain to use the A record that matches your rDNS (PTR) record.  This is the only think that needs to be changed.  As your Exchange server will connect to recipient SMTP services using the same IP address regardless of what domain you are sending from you only need 1 rDNS record.  The DNS configuration for Exchange is explained in more detail in my post here: https://demazter.wordpress.com/2010/02/09/exchange-dns-configuration/ […]

  3. Michael says:

    Right on. Thank you for the best documentation i’ve come across outlining the intricacies of setting up your eMail Server’s foundation for Exchange 2007/2010

    Thank you

  4. Rob says:

    Excellent documentation, only problem is I can’t change my DEFAULT receive connector’s FQDN to MAIL.DOMAIN.COM it says:

    ——————————————————–
    Microsoft Exchange Error
    ——————————————————–
    The following error(s) occurred while saving changes:

    set-receiveconnector
    Failed
    Error:
    When the AuthMechanism parameter on a Receive connector is set to the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server “SERVER.DOMAIN.LOCAL”, the NetBIOS name of the transport server “SERVER”, or $null.

    Do I need to remove the default generated receive connector and replace with a new one?

    Thank you.

    • demazter says:

      This happens if you have Exchange Services ticked on the permission tab.

      If you have a multiple Exchange server configuration then this is a requirement so you won’t be able to change the FQDN.

  5. […] Exchange DNS Configuration February 20105 comments and 1 Like on WordPress.com, 4 […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s