Thursday , August 17 2017

Configuring Public DNS and MX records for exchange 2013

Lets see what are the Public DNS records we need to Configure for Exchange 2013/Exchange 2016  (Client Access / mail flow / Autodiscover)

Create A record – Mail.CareExchange.in

and point to the Exchange 2013 Server or Exchange 2016 Server .

If the server is load balanced – You will have to point to the VIP (Virtual IP of the load balancer)

Which will be the internet facing server  for your Webmail and all other URLs

Create a A Record – autodiscover.careexchange.in

and point to the Exchange 2013 Server or Exchange 2016 Server .

If the server is load balanced – You will have to point to the VIP (Virtual IP of the load balancer)

Which will be the internet facing server  for your Webmail and all other URLs

Which will serve your outlook and Active Sync phones to send configuration settings automatically.

Create a MX record – and point to the A record you created above for small businesses

Which will serve your mail flow

if you are going to use any Cloud based anti – spam or Anti-Spam Appliances . you will have to point it to their DNS Records or your Anti-spam Appliances.

Required Public IPs – 1

Required Public IPs with One Anti-Spam Server – 2

image

Ports need to be Opened on the firewall

Ports for HTTPS – 443

Port for Mail flow – 25

POP3 – port 110

IMAP – port 143

SMTP – port 25

HTTP – port 80

Secure IMAP (IMAP4-SSL) – port 585

IMAP4 over SSL (IMAPS) – port 993

Secure POP3 (SSL-POP) – port 995

Secure SMTP (SSMTP) – port 465 | Exchange specifically does not support SMTPS (implicit TLS)

Updated – Download as Excel Sheet

image

Note :

If you want to Split Mail flow and Outlook Web App URL. you can also do that .

You can have outlook web app and other URL’s has mail.careexchange.in

and for mail flow you can have mx.careexchange.in

by doing this – the advantage you can re route your mail flow anytime without disturbing anything .

For Reference :

Lets see a practical scenario on create DNS records with one of the public DNS providers

HOST A records – mail.testcareexchange.biz

HOST A records – autodiscover.careexchange.biz

image

MX Records – Testcareexchange.biz

Note : Mail is delivered to the mail exchange server with the lowest preference number (highest priority)

image

Thank you .

Hope the article was informative Smile

About Satheshwaran Manoharan

Satheshwaran Manoharan is an Microsoft Exchange Server MVP , Publisher of CareExchange.in Supporting/Deploying/Designing Microsoft Exchange for some years. Extensive experience on Microsoft Technologies.

Check Also

Administrative Limit for this request was exceeded

Deleting Object from Active Directory Error Windows cannot delete object because : The Administrative limit ...

61 comments

  1. hey,
    i have windows NLB for 2 exchange 2013 Cas servers with one virtual ip, inside. and one public ip from out side. will it work fine as i want to point port 443 and 25 to single Vip..i am using hardware firewall only.
    your quick response will be highly admire.
    regards
    movi

  2. Shouldn’t an SPF record also be included? Great post, helped simplify my diagram 🙂

  3. Hi,

    We are setting Note 10,000 Note users to migrate to Exch2013 hosted using Quest. I am wondering that Quest cannot migrate data directly to exchange (hosted) because when objects created with Quest they are not supported by default.

    How we go about migrate from 3rd party to exchange hosted ?

    thank you in advance

    sanong

  4. Hello,

    Thanks for the post. We have multiple smtp domains, do i need to add autodiscover cname record for each smtp domain on external dns ?

    • You should check for SRV method or Autodiscoverredirect method.
      Autodiscover redirect method is recommended . but it requires an additional public IP.

      search Autodiscoverredirect in website. you can see the Multi-tenant article.

      Thank you.

  5. i am facing a problem of SMTP eror in our exchange server 2013,i am not receiving mails from other mails(gmail,hotmail……) what i do plz tell me the solution i am wating

  6. hi:

    external mails not receiving in my exchange server 2013 plz guide what is the problem

  7. Hi Manoharan,

    I’m trying to follow the configuration of an exchange server that I implemented at home.
    -I Do not have a public IP, I lean on a service Dynamc dns, for ex: home.ns0.net and it is updated with my dynamic ip.

    -I Have been a public DNS name exchangehome01.net on a service provider so I can link the Dynamic DNS service to the public records that I will create.

    When you say:
    Create A record – Mail.CareExchange.in
    and point to the Exchange 2013 Server

    in my case Exchange Server is over the dynamicdns service home.ns0.net so I cant’ create a Record A that point on Exchange Server because the record A support only Ip Address, I have to link the record A to the name home.ns0.net which is the DynDns service.

    Is there a solution for that, and after this first configuration how can I proceed?

  8. What about newly introduced DKIM and DMARC?how do we add them?

  9. pls for the A record in the public dns is the local IP address oe the public ip address

    thanks

  10. First of all very thankful to you for posting the above information.

    I have setup exchange server 2013((xyz.local) in my local internal server ip 192.168.1.10 and i want access exchange server externally with “xyz.com”.

    Can you please let me know the procedure for where can i add my external domain xyz.com in exchange server and which records i need to create in public DNS server and how to map to local internal exchange server..

    I am writing the step wise procedure to configure the external dns setup if u find any mistake please rectify it 
    my public DNS is http://www.xyz.com registred by godaddy.com and have static ip from ISP as 182.76.93.1

    1} I need to port forward the below ports from static ip 182.76.93.1 to my local exchange server local ip 192.168.1.10 

    Ports for HTTPS – 443

    Port for Mail flow – 25

    POP3 – port 110

    IMAP – port 143

    SMTP – port 25

    HTTP – port 80

    Secure SMTP (SSMTP) – port 465

    Secure IMAP (IMAP4-SSL) – port 585

    IMAP4 over SSL (IMAPS) – port 993

    Secure POP3 (SSL-POP) – port 995

    2) To access the godaddy.com controal pane and create a host A record http://www.xyz.com.com and associate the static ip 182.76.93.1 to it.

    3) then i create a MX record mail.xyz.com associate it with A record.

    4) For outlook anywhere i create a A host record owa.xyz.com 182.76.93.1.
     

    This step is ok for external dns setup or anything else is needed.or do i need create DNS records in my local DNS server xyz.local.

  11. Hi Satheshwaran,
    I wonder if you would help me. My internal domain is named Wynbergallen.org. (Not local :()
    I have installed exchange 2013 on a server called mailserver. Outgoing mail works fine.
    I want to direct mail To the exchange server using one of our external domain names, also called Wynbergallen.org. Mailserver has a static external ip.
    Can this setup work and if yes, what mx entries , A host records etc need to be configured??
    I’m lost and have no idea whatsoever now.

  12. Hi
    I implemented Exch Svr 2013, and everything was well configured, and I ve got a public IP of which I have added as an A record to our Corp Web Svr Cpanel DNS, the MX entry was correctly set and mails are dropping in.

    but my problem is that we can not connect to the server with a client (mobile or PC) outside our domain ie (office network) using outlook or any other mail client software. once outlook tries to connect, it keep showing username and password errror.

    Pls what can I do?

  13. any idea what software to install for best anti spam and antivirus on the exchange 2013 server. i don’t want a cloud solution. i just want a software i can install on the server to scan for spam and viruses locally to go very quick and to keep all the mail to my own server

  14. Hi,

    On my Exchange Server 2013 I can send and receive internally. However, when I send externally, it is sent from the mail (even under the sent folder) but the end user doesn’t receive it. I have also tried to send from my personal gmail account to the mailbox but I get a bounce back. So, internally everything is fine, whereas externally I am having problems. I NEED YOUR HELP PLEASE!

    THANKS IN ADVANCE

  15. the public DNS is very confusing and you simplified it very well, many thanks for the article

  16. I would add a reverse mx recorded as well.
    Or revervse ptr.

    Companies are blocking email without this.

  17. Hi Satheshwaran Manoharan,

    I have on-primise Exchange 2013 server with DAG configured with two copies. Inbound mails which flow through email security. I have firewall TP LInk and two ISPs one is comcast and other one is AT&T. Now the problem is I want to have Hight availability on ISP, like one ISP goes down other must take over and we must recieve and send mails.

    Naveen

    • Have 4 Mx . 2 on each ISP. same priority , Round robin,

      You have to use solutions like F5 GTM . and point Name servers to this to achieve the same. (disadvantage of this is Solutions like anti-spam may not work properly as all source emails will be from f5 ip.

  18. Hi Expert

    I have on-primise Exchange 2013 server with DAG configured with two copies. Inbound mails which flow through email security. I have firewall TP LInk and two ISPs one is comcast and other one is AT&T. Now the problem is I want to have Hight availability on ISP, like one ISP goes down other must take over and we must recieve and send mails.

    Naveen

  19. Hi

    I added accepted domain on my exchange control panel “ecp”
    I want to know how to configure the new accepted domain in public DNS server. what records I have to add.

    I have a problem that when someone send email to the newly added domain, he get error message says no such a user or user unknown

  20. Hi

    I added accepted domain on my exchange control panel “ecp”
    I want to know how to configure the new accepted domain in public DNS server. what records I have to add.

    I have a problem that when someone send email to the newly added domain, he get error message says no such a user or user unknown

  21. Hi Satheshwaran Manoharan,

    My queston is far from this topic, but it is related to exchange server 2010 or 2013. Since I am a be ginner, i would like to ask on how to purchase license of exchange server. Is it the license per device or per user of exchange server? What is the difference of both licenses?

  22. Hi Satheshwaran Manohram,

    I have configured new exchange server 2016 in my organization.
    My question is that which types of record will have to create on godady public DNS lets suppose my domain name is veltestdc.in and external Public IP address is 185.154.3.109.
    its need to be create record for the smtp,IMAP and POP separately?

    Your valuable reply on above will be greatly appreciated.

  23. Good morning,

    I just setup an exchange 2013 CU15 but was unable to send outbound mail

  24. Good evening, I would be grateful if you could me out. I just set up exchange server 2013 CU15. The configuration is below:

    Mailbox and Client Access on same server: 10.0.0.20
    Edge Server : 10.0.0.14

    Edge transfer already synchronized with the client access/mailbox server successfully.

    I still find it difficult to send mail outside. Do I still need a create a SEND Connector despite the fact that there is an Edge Synchronization (which has already create two send connectors on the client access/mailbox server.

    Also how do I setup Public and Internal DNS Records?

    Thanks

    • On a subscribed Edge Transport server, the default Receive connector is configured to listen for connections from internal Mailbox servers in the subscribed Active Directory site and anonymous connections from the Internet. After the message is categorized by the Transport service on the Edge Transport server, the message is queued locally for delivery to the Internet by using the dedicated Send connector that’s created during the Edge Subscription.

      https://technet.microsoft.com/en-us/library/aa998825(v=exchg.150).aspx

      Edge Subscriptions should be sufficient.

      • Hi,

        We have two cas server and two mailbox server. we have two ISP in our data center. The exchange service published through one ISP. (both the ISPs configured in our domain PTR records). we need to use another ISP as a backup link (two MX records) for mail send and receive. Is it possible? if yes plz share the details.

  25. Thank you for the insightful article. We are changing the domain name due to a rebrand. running exchange 2013 and AD 2008. Any tips to go with

  26. Hai,
    I am a beginner to exchange, I have a doubt regarding sending mails to external. In created a free domain and hosted that domain. Now advice me on where I should create the DNS files either on exchange server or in the place where I hosted my domain. And how to point it to my exchange server… Expecting your support. Thanks

  27. Definitely believe that which you stated. Your favorite reason appeared to be on the web the
    simplest thing to be aware of. I say to you, I certainly get
    irked while people consider worries that they
    just don’t know about. You managed to hit the nail upon the top and also defined out the
    whole thing without having side-effects , people could take a signal.
    Will likely be back to get more. Thanks

  28. Hi,

    I am hoping you can help me out with this scenario. I have Server 2012 R2 on my host PC. The Server is a Domain Controller with “domain name.local”. I recently installed Exchange 2013 and after installation “https://server_name.domain _name/ecp” will default to OWA, and all login fails with either error 500 or invalid username or password.

    “https://server_name/ecp have the same result.

    1. How can I gain access to ECP
    2. Can a .local domain work with Exchange Server ?

    Thanks.

  29. Our exchange server is hosted in different domain and we would like our internal clients to access it or get their outlook clients connected through the public DNS, the problem is we can only resolve to the internal exchange server not to the public IP so my question is how i can point my DNS server to resolve the external exchange sever to the public DNS, another point, if I put my primary forwarder on the DNS server to the public google DNS, i can resolve the external exchange server to the public DNS. But I can’t reolve it if I return it my forwarders to the internal DNS severs IPs. Please guide me on how to fix this issue.

  30. Our domain name is : a.b.c.com
    exchange server name: mail.g.c.com

    Our exchange is hosted in our parent domain, out of our internal network.

    in our child domain we have an internal DNS which is where i want to create a pointer or record for the Public IP of the exchange sever.

    In our DNS Sever we don’t have a forwarder to our exchange domain but it’s coming to us as an integrated AD forwarder from parent so when i want to create an a record , it will craete it attached to the inetranl domain name : mail.g.c.com.a.b.c.com but i want to create a record like this only mail.g.c.com

    How I can do that?

Leave a Reply

Your email address will not be published.