Share via


Configure DNS records for Exchange 2010 multiple-server install

 

Estimated time to complete: 15 to 20 minutes

Now that you've configured your Exchange 2010 and Exchange 2013 servers, it's time to change your DNS records to direct connections to your new Exchange 2013 server. You'll move the host names (for example, mail.contoso.com) users have been using to connect to Outlook Web Access, Autodiscover, and so on, from your Exchange 2010 server to your Exchange 2013 server. When an Exchange 2010 user tries to open their mailbox, the Exchange 2013 server will proxy their request and communicate with the Exchange 2010 server on their behalf. Configuring DNS includes the following:

  • Change the primary host names, such as mail.contoso.com, autodiscover.contoso.com, and owa.contoso.com (if used) to point to the external, publically-accessible, IP address of the Exchange 2013 Client Access server with your public DNS provider.

  • Change the primary host names, such as mail.contoso.com (or internal.contoso.com if you're using different internal host names) and owa.contoso.com (if used) to point to the internal machine name of the Exchange 2013 Client Access server on your internal DNS servers.

Important

Read this topic completely before starting.
You might need to make changes to your firewall to support the new Exchange 2013 server. You might need to add new firewall rules, add an external IP address for your Exchange 2013 server, or make other configuration changes. If your organization has a network management group, a security review process, or change management process, you may need to request permission to perform these changes or have someone else make them for you.

How do I configure my public DNS records?

To send users to your Exchange 2013 Client Access server, you need to configure the existing DNS host (A) record with your external DNS provider. The public DNS records should point to the external IP address or FQDN of your Internet-facing Exchange 2013 Client Access server and use the externally accessible FQDNs that you've configured on your Client Access server. The following are examples of recommended DNS records that you should create to enable mail flow and external client connectivity.

Note

Instead of changing the DNS records to point your public DNS records to a new external IP address for your Exchange 2013 Client Access server, you can reconfigure your firewall to route connections for the original IP address to the Exchange 2013 server instead of the Exchange 2010 server. The Exchange 2010 Client Access server no longer needs to be accessible from the Internet because all connections will be proxied by the Exchange 2013 server. If you choose to reconfigure your firewall, you don't need to change your public DNS records.

Important

Before you make any changes to your DNS records, we strongly recommend that you reduce the time to live (TTL) values of each DNS record you want to change to its minimum interval. The TTL value determines how long a DNS record stays cached on DNS servers. A smaller interval, such as 5 or 10 minutes, will allow you to reverse any changes faster in the event you need to revert back to your original configuration. If you do need to change the TTL of your DNS records, don't make any other changes until the original TTL interval has passed.

FQDN DNS record type Value

contoso.com

MX

Mail.contoso.com

mail.contoso.com

A

172.16.10.11

owa.contoso.com

CNAME

Mail.contoso.com

autodiscover.contoso.com

A

172.16.10.11

How do I configure my internal DNS records?

You choose whether you want users to use the same URL on your intranet and on the Internet to access your Exchange server or whether they should use a different URL. What you choose depends on the addressing scheme you have in place already or that you want to implement. If you’re implementing a new addressing scheme, we recommend that you use the same URL for both internal and external URLs. Using the same URL makes it easier for users to access your Exchange server because they only have to remember one address. Regardless of the choice you make, you need to make sure you configure a private DNS zone for the address space you configure. For more information about administering DNS zones, see Administering DNS Server.

Configure internal and external URLs to be the same

To send users to your Exchange 2013 Client Access server, you need to configure the existing DNS host (A) record on your internal DNS servers. The internal DNS records should point to the internal host name and IP address of your Exchange 2013 Client Access server. The internal host names you use should match the external host names, for example, mail.contoso.com and owa.contoso.com. The following are examples of recommended DNS records that you should create to enable mail flow and external client connectivity.

Important

Before you make any changes to your DNS records, we strongly recommend that you reduce the time to live (TTL) values of each DNS record you want to change to its minimum interval. The TTL value determines how long a DNS record stays cached on DNS servers. A smaller interval, such as 5 or 10 minutes, will allow you to reverse any changes faster in the event you need to revert back to your original configuration. If you do need to change the TTL of your DNS records, don't make any other changes until the original TTL interval has passed.

FQDN DNS record type Value

mail.contoso.com

CNAME

Ex2013CAS.corp.contoso.com

owa.contoso.com

CNAME

Ex2013CAS.corp.contoso.com

autodiscover.contoso.com

A

192.168.10.10

Configure different internal and external URLs

To send users to your Exchange 2013 Client Access server, you need to configure the existing DNS host (A) record on your internal DNS servers. The internal DNS records should point to the internal host name and IP address of your Exchange 2013 Client Access server. The following are examples of recommended DNS records that you should create to enable mail flow and external client connectivity.

Important

Before you make any changes to your DNS records, we strongly recommend that you reduce the time to live (TTL) values of each DNS record you want to change to its minimum interval. The TTL value determines how long a DNS record stays cached on DNS servers. A smaller interval, such as 5 or 10 minutes, will allow you to reverse any changes faster in the event you need to revert back to your original configuration. If you do need to change the TTL of your DNS records, don't make any other changes until the original TTL interval has passed.

FQDN DNS record type Value

internal.contoso.com

CNAME

Ex2013CAS.corp.contoso.com

autodiscover.contoso.com

A

192.168.10.10

How do I know this worked?

To verify that you have successfully configured your public DNS records, do the following:

  1. Open a command prompt and run nslookup.exe.

  2. Change to a DNS server that can query your public DNS zone.

  3. In nslookup, look up the record of each FQDN you created. Verify that the value that's returned for each FQDN is correct.

Now, verify that you can access your Exchange 2013 server using your primary host name. Using a computer outside of your internal network, open your favorite browser and browse to the Outlook Web Access URL of the Exchange 2013 server, for example, https://mail.contoso.com/owa. Perform the two following tests:

  • Log into an Exchange 2013 mailbox   Log into an Exchange 2013 mailbox and verify that you can access the contents of the mailbox without any certificate warnings or other errors. Log out and close your browser. If you need to create a new Exchange 2013 mailbox, see Create user mailboxes.

  • Log into an Exchange 2010 mailbox   Log into an Exchange 2010 mailbox. When you log into this mailbox, you will be proxied to your Exchange 2010 Client Access server (the URL in the browser address bar stay the same). Verify that you are logged in successfully, that you can access the contents of the mailbox, and that you don't receive any certificate warnings or other errors.

  • Test inbound and outbound mail flow   Send a message from an external mail provider, such as outlook.com, to Exchange 2013 and Exchange 2010 mailboxes. Verify that the message is received successfully. Reply to the message from each mailbox and verify that the external recipient receives the message. You can also examine the message headers of the messages you sent and received to verify the path the message took using the Message Analyzer in the Microsoft Remote Connectivity Analyzer.

With the exception of the mail flow test, repeat the previous tests from a computer inside your network to test your internal DNS configuration. If you've configured your internal DNS records to use the same host names as your external DNS, attempt to access an Exchange 2013 and Exchange 2010 mailbox using those host names, for example mail.contoso.com or owa.contoso.com. If you've configured your internal DNS records to use a different host name, attempt to access an Exchange 2013 and Exchange 2010 mailbox using the internal host name, for example internal.contoso.com.

Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.