Exchange Server Split-Brain DNS Configuration
Exchange Server DNS settings are very important to make exchange server work in a proper way.
Without the Exchange server DNS record in place, one cannot even think of the exchange server to work properly.
As you may be aware that, Microsoft Exchange is highly dependent on Active Directory and DNS.
So in this article, we are going to see how we can set up DNS for the Exchange server.
Let’s take a scenario of how to set up split DNS for exchange 2016
As we installed active directory on our server, and active directory integrated DNS is in place,
In this example, we have our local DNS by the name of “techjack.local”
But the domain name which will be used for internet email is “techijack.in” i.e public domain
So, now the point comes on how to use this public domain to work with our emails.
As at the present stage, our all the active directory user have their account set on .local DNS.
However, if you use domain techijack.local with exchange it will work, but only internally in the organization.
Still, you can configure it to send email outside but it won’t receive any email from the internet.
At this stage, we have to think about proper namespace.
It is recommended to use split DNS so that the same namespace can be used for internal and external DNS.
In order to resolve the external DNS query, we have to create a new zone by the name of techijack.in
How to configure Namespace For Exchange Server
As you install an Exchange server you can access it by computer name, which is a default setting.
It is very important to configure the correct namespace.
We will use the same namespace for internal and external DNS.
Our internal queries will be resolved by the internal DNS server and external will be resolved by public DNS.
The namespace is as follows.
- Ecp: External & Internal URL: https://mail.techijack.in/ecp
- Ews: External & Internal URL https://mail.techijack.in/EWS/Exchange.asmx
- Mapi: External & Internal URL: https://mail.techijack.in/mapi
- Microsoft Active Sync: External & Internal URL: https://mail.techijack.in/Microsoft-Server-ActiveSync
- OAB: External & Internal URL: https://mail.techijack.in/OAB
- OWA: External & Internal URL: https://mail.techijack.in
- Autodiscover: https://autodiscover.techijack.com/autodiscover/autodiscover.xml
Except for Autodiscover all the above namespace can be configure via virtual directories.
Note: Create Autodiscover scope via exchange management shell
” Get-ClientAccessService | Set-ClientAccessService –AutoDiscoverServiceInternalUri
Exchange Server DNS Record Settings
However, we will have to create a few records on our local Internal server for newly created zone i.e techijack.in
Host A by the name of Mail pointing to exchange server IP.
Host A by the name of autodiscover point to exchange server IP.
However, if you want to use IMAP, POP & SMTP as a separate namespace.
You will have to create these namespaces as well. Like
Create Host A for Imap pointing to exchange server.
Another Host A for POP pointing to the exchange server.
And finally, Host A for SMTP points to the exchange server.
Note: If you are using IMAP, pop and SMTP namespace, make sure to include it in SSL certificate as well.
Furthermore, we have to create these records on our public DNS as well.
Make sure you do all the exchange server DNS settings in the correct way.
If you see the above picture, you will find the same records on .public DNS as well as pointing to Exchange public IP.
Moreover, Mx record for domain techijack.in is pointing to mail.techijack.in
SPF & Dmarc records are also present in our public-facing DNS.
You can generate SPF and dmarc TXT record from mxtoolbox.com
Note: As public IP is installed on a router or firewall, you need to forward the related port to exchange.
For Example, IMAP port 587 should be forwarded to exchange and the same goes with other protocols as well.
How Exchange Server DNS Works
Now if someone does a query for https://mail.techijack.in/owa from internal organization.
we have an internal DNS record in place for mail.techijack.in, our internal DNS will resolve the query.
As a result, the client computer will be able to access outlook on the web.
If the client does the same query from the internet.
It will go to the public DNS first and there we have mail.techijack.in pointing to our firewall or router IP.
Query lands to the router and will look for the record mail.techijack.in
As we have mail.techijack.in in internal DNS pointing exchange IP where our owa directory resides
Also, port https 443 is forwarded to the exchange server IP.
The client will be able to access the webpage for the outlook on the web.
Furthermore, you can have a look at the video below for more clearance.
However, you can also ask for support as well as assistance on this by emailing on firstname.lastname@example.org
So, In order to set your exchange server DNS settings.
Watch Exchange server DNS Record for internal and external DNS, Spilt Brain.