Verifying DNS Design and Configuration

Collapse All

Topic Last Modified: 2005-05-05

Before you can verify your DNS configuration, ensure that your DNS design conforms to the following conditions:

Each domain controller runs DNS.
Existing recursive name resolution is used as configured for the organization. If no method is in place, use root hints on all servers.

The following table shows the preferred method of configuring DNS. Several other valid configurations exist. However, the configuration in the table is the preferred method. The table also shows how to configure the zone for each Exchange domain.

Preferred DNS configuration

Design element	Design
Zone type	Active Directory-integrated
Dynamic updates	Secure dynamic updates only
Scavenging	Enabled

When SMTP queries DNS, it always queries for MX records first. If an internal MX record exists and/or it is incorrectly configured, your internal mail delivery may not work.

For detailed steps about how to verify that MX Records do not point to the FQDN of an Exchange Server, see How to Verify that MX Records Do Not Point to the FQDN of an Exchange Server.

For detailed steps about how to verify that MX Records do not point to an internal domain, see How to Verify that MX Records Do Not Point to an Internal Domain.

Configuring DNS for Inbound Mail

DNS plays a vital role in Internet mail delivery. To receive Internet mail, the following settings are necessary:

A mail exchanger (MX) record for your mail server must exist on your external DNS server. You can use the Nslookup tool to determine if your MX records are configured correctly. Ensure that the mail servers you use as bridgehead servers or Internet mail servers have an MX record on your external DNS servers.
For external DNS servers to resolve your mail server's MX record and contact your mail server, your mail server must be accessible from the Internet. You can use the telnet program to determine if other servers can access your mail server.
Your Exchange Server must be configured to contact a DNS server or to resolve DNS names.
Your DNS server must be configured correctly.

Note:
It is recommended, although not required, that you use the DNS Server service in Microsoft Windows® 2000 or Windows Server 2003. The guidelines in the topics listed in the For More Information section apply to the DNS Server service in Windows 2000 and Windows Server 2003.

For detailed steps about how to use Nslookup to verify MX record configuration, see How to Use Nslookup to Verify MX record configuration.

For detailed steps about how to use Telnet to ensure Internet accessibility, see How to Use Telnet to Ensure Internet Accessibility.

Configuring DNS for Outbound Mail

You can use one of two methods to configure DNS for outbound mail:

You can configure Exchange Server to rely on your internal DNS servers. These servers resolve external names on their own, or use a forwarder to an external DNS server. Exchange Server relies on your DNS servers to resolve domain names. Generally, you configure your Exchange Servers as DNS clients of your internal DNS server. On your internal DNS server, configure an external forwarder to point to trusted external DNS servers.
You can configure Exchange Server to use a dedicated external DNS server.

For detailed steps about how to configure DNS settings on the Exchange Server, see How to Configure DNS Settings on the Exchange Server.

For detailed steps about how to configure settings on the DNS server, see How to Configure Settings on the DNS Server.

For detailed steps about how to configure external DNS servers on an outbound SMTP virtual server, see How to Configure External DNS Servers on an Outbound SMTP Virtual Server.

For detailed steps about how to use the DNS Resolver to verify DNS configuration, see How to Use the DNS Resolver to Verify DNS Configuration.

For detailed steps about how to use Nslookup to verify DNS configuration, see How to Use Nslookup to Verify DNS Configuration.

For More Information

The following topics explain how to verify each of these settings.