Forum Discussion

Girish_kumar's avatar
Girish_kumar
Copper Contributor
Jun 23, 2023

DNS records for Exchange online

We have some critical application sending alert notification mails to a particular email domain. We have recently faced an issue where all the external domains were not reachable for an extended period of time. Though the root cause was not clear, the issue was our local dns unable to forward to the public DNS/name servers. So all the emails including the alert emails failed to deliver from our local SMTP server

So as a preventive activity, we want to make sure that at least the alert mails will be delivered even if similar issue occurs in future. For this,

-we have created a forward lookup zone and a host record for the email domain in the local DNS

-Created an MX record for the email domain matching with its public dns record

-Created a forward lookup zone and a host record for the email server as in the mx record

After making these changes in the local dns for the mail domain, we found all the mails to this domain is queued-up with out any outbound connection in the smtp log

 

Are we missing something? Do we need any additional record in the local dns to make this working?

 

When we revert the changes, the mails including the queued-up mails are getting delivered

 

other details:

-Our target mail domain where the alert mails are to be delivered is on O365  

-Our environment consists of a collection of Azure VMs(Windows) inside an Azure VNET. 

-All the VMs are part of windows Active directory(Not Azure Directory)

hosted in VM. We have two such AD servers(primary and secondary) and the DNS is integrated with the these.

-We have an SMTP virtual server configured to send out emails to public mail servers(configured with valid host record, PTR and SPF and hence no issue on the SMTP server.

In short we are trying to have all the dns records required for O365 to receive the email delivered with the help of local DNS server, instead of depending on public dns servers. And this is not for all the public email domains, but only for a single mail domain where our alert emails are to be delivered.

 

Any help will be highly appreciated.

email
exchange
outlook
  • MathieuVandenHautte's avatar
    MathieuVandenHautte
    Steel Contributor
    Jun 25, 2023
    Hy Girish,

    Regarding "Our environment consists of a collection of Azure VMs(Windows) inside an Azure VNET", please note that outbound SMTP connections using TCP port 25 are now blocked at the Vnet-level.
  • Girish_kumar's avatar
    Girish_kumar
    Copper Contributor
    Jun 25, 2023
    We are not facing any issue for sending mails from SMTP server from Azure VNET. It's working fine now and before as well. During during the incident period there was an issue in resolving email domains. And we want have a solution to get notified if isuue occurs again in future
    • MathieuVandenHautte's avatar
      MathieuVandenHautte
      Steel Contributor
      Jun 26, 2023

      Hi Girish,

      Thank your for the feedback.

      Your best option is using a third party DNS Monitoring Tool.

    • Girish_kumar's avatar
      Girish_kumar
      Copper Contributor
      Jun 26, 2023
      Oops.
      I am not looking for a monitoring tool.

      I want to confirm if Target mail servers have any DNS records other than hist and MX records to enable successful delivery to them.
      • Girish_kumar's avatar
        Girish_kumar
        Copper Contributor
        Jun 29, 2023
        Can anyone help me with the required DNS records for office 365 for the successfully receipt of the mail. My understanding is given below:

        1. Host(A) record for the email domain(contosso.com)
        2. MX record @email domain(@contosso.com) containing the hostname of the actual email server to which the email should be delivered.
        3. A host record for the email server

        Apart from the above, do we need anything else?

Resources