Microsoft Exchange team releases Exchange Server Security Updates (SUs) when vulnerabilities are discovered. You don't…
Configure internal DNS Exchange 2016
After installing Exchange Server 2016, the next step is to configure internal DNS in Exchange 2016. It’s essential to keep the same namespace internal and external. We will create a couple of forward lookup zones in Active Directory and test the namespaces. In the next article, we will configure external DNS for Exchange 2016. In this article, you will learn how to configure internal DNS in Exchange 2016.
Table of contents
Configure namespaces with Pinpoint DNS
Important: Read the article Exchange 2016 namespace design and planning before you go further.
You can configure the DNS zones internally with Pinpoint DNS or Split DNS. I recommend to configure it with Pinpoint DNS. By using Pinpoint DNS instead of Split DNS, you don’t have to maintain the internal DNS.
Both the records that we are going to add will look like the following.
Record Type DNS Name Internal IP Address
----------- -------- -------------------
A mail.exoip.com 192.168.1.52
A autodiscover.exoip.com 192.168.1.52An architecture view of the Exchange 2016 namespace is shown below in the topology.
Create Pinpoint DNS zone for mail
Open DNS Manager. Right-click on Forward Lookup Zones and select New Zone… from the context menu.
Click Next.
Keep the default settings. Click Next.
Keep the default settings. Click Next.
In the Zone Name field, enter your external domain name (in our example mail.exoip.com).
We will manually create all the records in this zone, so select Do not allow dynamic updates. Click Next.
Click Finish.
Create A record for mail
Expand Forward Lookup Zones. In the left pane, right-click on mail.exoip.com zone and select New Host (A or AAAA) from the context menu.
In the IP address field, type the internal IP of your Exchange server. In our example, it is 192.168.1.52. Do you have a load balancer? Add that address. Click Add Host.
Host record mail.exoip.com is created. Click OK.
After creating the record, the PinPoint DNS zone should look similar to the example shown below.
The next step is to configure the same for autodiscover.
Create Pinpoint DNS zone for autodiscover
Open DNS Manager. Right-click on Forward Lookup Zones and select New Zone… from the context menu.
Click Next.
Keep the default settings. Click Next.
Keep the default settings. Click Next.
In the Zone Name field, enter your external domain name (in our example autodiscover.exoip.com).
We will manually create all the records in this zone, so select Do not allow dynamic updates. Click Next.
Click Finish.
Create A record for autodiscover
Expand Forward Lookup Zones. In the left pane, right-click on autodiscover.exoip.com zone and select New Host (A or AAAA) from the context menu.
In the IP address field, type the internal IP of your Exchange server. In our example, it is 192.168.1.52. Do you have a load balancer? Add that address. Click Add Host.
Host record autodiscover.exoip.com is created. Click OK.
After creating the record, the PinPoint DNS zone should look similar to the example shown below.
In the next step, we will verify the Pinpoint DNS for both zones.
Verify Pinpoint DNS zones
Log into Exchange Server or another system in the LAN network. Resolve both the mail and autodiscover DNS records or ping both of the DNS records. The answer will be the Exchange Server or load balancer IP address. That depends on the setup. In our example, it’s the Exchange Server. It’s essential to verify that it’s an internal DNS. Run PowerShell as administrator and use the Resolve-DnsName cmdlet.
PS C:\> Resolve-DnsName mail.exoip.com
Name Type TTL Section IPAddress
---- ---- --- ------- ---------
mail.exoip.com A 3600 Answer 192.168.1.52
PS C:\> Resolve-DnsName autodiscover.exoip.com
Name Type TTL Section IPAddress
---- ---- --- ------- ---------
autodiscover.exoip.com A 3600 Answer 192.168.1.52
PS C:\> ping mail.exoip.com
Pinging mail.exoip.com [192.168.1.52] with 32 bytes of data:
Reply from 192.168.1.52: bytes=32 time<1ms TTL=128
Reply from 192.168.1.52: bytes=32 time<1ms TTL=128
Reply from 192.168.1.52: bytes=32 time<1ms TTL=128
Reply from 192.168.1.52: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.52:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
PS C:\> ping autodiscover.exoip.com
Pinging autodiscover.exoip.com [192.168.1.52] with 32 bytes of data:
Reply from 192.168.1.52: bytes=32 time<1ms TTL=128
Reply from 192.168.1.52: bytes=32 time<1ms TTL=128
Reply from 192.168.1.52: bytes=32 time<1ms TTL=128
Reply from 192.168.1.52: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.52:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0msEverything is looking great.
Log into Exchange with the newly configured namespace
Open your favorite browser and log into EAC with the newly configured DNS namespace, https://mail.yourdomain.com/ecp. Change yourdomain to yours. In our example, it's the address https://mail.exoip.com/ecp.
You can keep logging into Exchange Admin Center with https://localhost/ecp, even if you have configured the newly DNS namespace.
A certificate warning will show up in your browser. We will cover Exchange certificates in the next article.
Accept the risk and continue.
The Exchange Admin Center screen will show up. You can log in with your credentials.
You did successfully log into the Exchange Admin Center.
Reach the OWA address with https://mail.yourdomain.com/owa. In our example, it's https://mail.exoip.com/owa.
Keep reading: Exchange 2016 firewall ports for mail flow and clients »
Conclusion
In this article, you learned how to configure internal DNS in Exchange 2016. You learned why and how to configure the namespaces. Test the configuration with the Resolve-DnsName cmdlet. You can also ping the records that you have configured.
Did you enjoy this article? You may also like Configure ReFS volume Exchange 2013/2016/2019. Don't forget to follow us and share this article.
What Others Are Reading
I see that if you created two type A records in the exoip.com zone (mail and autodiscover) is better than creating two zone mail.exoip.com and autodiscover.exoip.com.
What is the added value using your approach?
Creating a zone with exoip.com and adding both the A records mail.exoip.com and autodiscover.exoip.com will work. That’s what called Split DNS.
If you have a website running on exoip.com or any other records, you must add the records to the internal DNS. If you don’t, the records will not resolve for the users on the internal network.
By using Pinpoint DNS (in this article) instead of Split DNS, you don’t have to maintain the internal DNS.