Verify DNS records
Estimated time to complete: 5 minutes
To enable Outlook 2016, Outlook 2013, Outlook 2010, and mobile clients, to connect to mailboxes in Office 365, you need to configure an Autodiscover record on your public DNS. Autodiscover automatically configures client settings so that users don't need to know server names or other technical details to configure their mail profiles. We also recommend that you configure a Sender Policy Framework (SPF) record to ensure that destination email systems trust messages sent from your domain via your on-premises servers and Office 365.
How do I do create an Autodiscover and SPF DNS record?
You need to configure the following public DNS records to enable Autodiscover lookups for the on-premises organization, allow Office 365 to connect to a Mailbox server, and ensure that all the messages from your domain appear to originate from Office 365:
Autodiscover record The Autodiscover DNS record for your on-premises organization needs to refer requests for autodiscover.contoso.com to your on-premises Mailbox servers. You can use either a CNAME DNS record or an A DNS record. A CNAME DNS record must refer to the FQDN of an on-premises Exchange 2016 server that has the Mailbox server role installed. An A DNS record must point to the external IP address of an Exchange 2016 Mailbox server or your firewall, depending on your network configuration.
SPF record The SPF record for your organization uses the Sender ID Framework. The Sender ID Framework is an email authentication protocol that helps prevent spoofing and phishing by verifying the domain name from which email messages are sent. Sender ID validates the origin of email messages by verifying the IP address of the sender against the alleged owner of the sending domain.
This table shows examples of the public DNS records that you need to configure for your hybrid deployment.
| Hybrid requirement | DNS record | DNS record type | Target and value |
|---|---|---|---|
Required for all hybrid deployments |
autodiscover.contoso.com |
CNAME or A |
If using CNAME DNS: mail.contoso.com If using A DNS: External IP address of an Exchange 2016 Mailbox server or firewall |
Recommended as a best practice for all hybrid deployments |
SPF |
TXT |
v=spf1 include:spf.protection.outlook.com ~all |
Refer to your public DNS host's Help for more information about how to add a CNAME or TXT record to your DNS zone.
How do I know this worked?
To verify that you've configured the Autodiscover DNS record for the on-premises organization correctly, do the following on an Internet-accessible computer that can perform DNS lookups.
Important
Depending on your DNS configuration, it may take an hour or more for changes to DNS to replicate across the Internet.
Open a Windows command prompt.
Run the following command.
nslookup autodiscover.contoso.com
Information similar to the following example should be returned if you've correctly configured the DNS CNAME record. If you’ve configured a DNS A record, your results may be different. The IP address returned will be different than the address in the example below.
Server: dns.corp.contoso.com
Address: 192.168.1.10
Non-authoritative answer:
Name: mail.contoso.com
Address: 65.55.94.54
Aliases: autodiscover.contoso.com
To validate that you’ve configured the SPF record correctly, verify that you’ve correctly entered the TXT record value listed in the table above.
Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums