Export (0) Print
Expand All
17 out of 25 rated this helpful - Rate this topic

External DNS records for Office 365

 

Applies to: Office 365 Enterprise

Topic Last Modified: 2014-04-09

Summary: Describes the kinds of external DNS records that are used with Office 365 services, such as CNAME, TXT, MX, SPF, HOST, and SRV.

While planning your Office 365 deployment, it’s helpful to know all the possible external DNS records you may need. The following tables outline the record types, purpose, and values of these DNS records. You can use this list for planning with your internal teams or as a reference post-deployment.

The sections below are organized by service in Office 365. You will need all of the records if you have deployed the full Office 365 suite (for example you have an M or E3 license). If you have a different license that does not include all of the services, you will only need the records associated with the services you have deployed.

Looking for step-by-step guidance on creating these records? Read the article Create DNS records for Office 365

 

DNS record

Purpose

Value to use

CNAME

(Suite)

Used by Office 365 to direct authentication to the correct identity platform More Information

Alias: msoid

Target: clientconfig.microsoftonline-p.net

TXT

(Domain verification)

Used by Office 365 to verify only that you own your domain. It doesn’t affect anything else.

Host: @ (or, for some DNS hosting providers, your domain name)

TXT Value: A text string provided by Office 365

The Office 365 Add a domain wizard provides the values that you use to create this record.

 

DNS record

Purpose

Value to use

CNAME

(Exchange Online)

Helps Outlook clients to easily connect to the Exchange Online service by using the Autodiscover service. Autodiscover automatically finds the correct Exchange Server host and configures Outlook for users.

Alias: Autodiscover

Target: autodiscover.outlook.com

MX

(Exchange Online)

Sends incoming mail for your domain to the Exchange Online service in Office 365. If you want mail delivery to go to your old mail system, you will want to leave the existing MX records with a higher preference/priority.

Domain: For example, contoso.com

Target email server: <MX token>.mail.protection.outlook.com

Preference/Priority: 0/low

What is MX priority?

SPF (TXT)

(Exchange Online)

Helps to prevent other people from using your domain to send spam or other malicious email. Sender policy framework (SPF) records work by identifying the servers that are authorized to send email from your domain.

NoteNote:
Ensure any existing SPF records for other email distribution software remain in place (such as records for marketing email).

TXT Name @

Values: v=spf1 include:spf.protection.outlook.com –all

NoteNote:
If the firewall or proxy server blocks TXT lookups on an external DNS, you should also add this record to the internal DNS record.

TXT

(Exchange federation)

Used for Exchange federation for hybrid deployment.

TXT record 1: For example, contoso.com and associated custom-generated, domain-proof hash text (for example, Y96nu89138789315669824)

TXT record 2: For example, exchangedelegation.contoso.com and associated custom-generated, domain-proof hash text (for example, Y3259071352452626169)

CNAME

(Exchange federation)

Helps Outlook clients to easily connect to the Exchange Online service by using the Autodiscover service when your company is using Exchange federation. Autodiscover automatically finds the correct Exchange Server host and configures Outlook for your users.

Alias: For example, Autodiscover.service.contoso.com

Target: autodiscover.outlook.com

 

DNS record

Purpose

Value to use

SRV

(Lync Online)

Allows your Office 365 domain to share instant messaging (IM) features with clients other than Skype by enabling SIP federation.

Service: _sipfederationtls

Protocol: _TCP

Priority: 100

Weight: 1

Port: 5061

Target: Sipfed.online.lync.com

NoteNote:
If the firewall or proxy server blocks SRV lookups on an external DNS, you should add this record to the internal DNS record.

SRV

(Lync Online)

Used by Lync Online to coordinate the flow of information between Lync clients.

Service: _sip

Protocol: _TLS

Priority: 100

Weight: 1

Port: 443

Target: sipdir.online.lync.com

CNAME

(Lync Online)

Used by the Lync client to help find the Lync Online service and sign in.

Alias: sip

Target: sipdir.online.lync.com

For more information, see Ensuring Your Network Works With Lync Online.

CNAME

(Lync Online)

Used by the Lync mobile client to help find the Lync Online service and sign in.

Alias: lyncdiscover

Target: webdir.online.lync.com

You’re in luck, there are no required external DNS records for SharePoint Online to function. Here is more guidance on working with the SharePoint URL.

 

DNS record

Purpose

Value to use

Host (A)

Used for single sign-on (SSO). It provides the endpoint for your off-premises users (and on-premises users, if you like) to connect to your Active Directory Federation Services (AD FS) federation server proxies or load-balanced virtual IP (VIP).

Target: For example, sts.contoso.com

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.