DNS Configuration for Exchange Server 2010

Posted on 2015-01-31
Last Modified: 2015-02-15
Good afternoon experts,

I am installing my first Exchanger Server and I need some clarification. It's probably really simple but I'm having a hard time finding a straight forward explanation:

Please find below a setup to better understand my issue:

I have a server (SERVER1 IP: that is the Domain Controller and DNS for the network.
I have a second server (SERVER2 IP: where I installed Exchange Server 2010.
My External IP in
My domain name is:

The DNS Entries are as follows:    Start of Authority,    Name Server (NS)   IP:    Name Server (NS)   IP:

The nameserver to contact the server is "mail" so:    Name Server (NS)    IP:

Mail Exchanger Entry     Mail Exchanger (MX)        [10]

Then my A Host:    Host (A)    Host (A)
server1                       Host (A)
server2                       Host (A)
mail                             Host (A)
exchange                   Host (A)
www                           Alias (CNAME)

To test it, I used Outlook web Access to see if I can connect.
I'm know I'm missing something as, internally and externally I cannot use however internally I can use and it works.

The router is not the issue as all the ports are open and the MX records have also been modified for the Domain Name's DNS entries.

Using NSLOOKUP, here are my results:

then set type =mx MX preferences = 10, mail exchanger =      internet address =

lastly, set type=ns
Server: localhost
Address: nameserver = nameserver =      internet address =      internet address =            internet address =

I'm not sure what's wrong but I suspect that I'm missing a step in the DNS that connects the or to the actual server (SERVER2) whis is the Exchange Server.

I really hope someone can help me out.

Cheers and thank for taking the time :)
Question by:TSIsolutions
LVL 20

Assisted Solution

by:Satya Pathak
Satya Pathak earned 100 total points
ID: 40581922
follow the below KB woudl help you to understand how to configure a DNS  with Exchange enviroment
LVL 77

Accepted Solution

arnold earned 200 total points
ID: 40581978
The issue is not with DNS, the issue is that you need to create a rule on your firewall allowing connection attempts on your public IP port 25 to get to your exchange server port 25.

Dealing with access to OWA it is he same, you need to create a path on port 443 of your existing external IP to the internal. The second thing you need to add to the IIS configuration for OWA to also treat requests for, but since you use secure, you may need a certificate using a SAN and

Double check what people outside your domain will see as a response.  Run the Sam nslookup queries but use an external DNS server
nslookup -q=mx

Since you've not included a domain name, we have to rely on your description to assess what is wrong and what needs fixing.  Your issue could be all together something else I.e. A restriction on the incoming connector to only allow requests from network, ......
LVL 11

Assisted Solution

hecgomrec earned 200 total points
ID: 40583954
Since Exchange 2007 it is recommended to use the same names for your exchange server internally and external access.

For exchange to be accessed from outside your organization you will have to have an MX record and a DNS name created for your server name:  Then you will have to create a rule on your firewall to either pass all request or just some ports (25, 80, 443, etc.) to IP to your internal exchange server's IP (

Second step will be to go to your DC/DNS server ( and create an MX record and a Host record for  --->

Last step, make sure your server internal and external names match,  Open the EMC, Under Server Configuration, Client Access, locate in the middle of the screen: Outlook Web App tab open the properties and check that internal and external URL in the General tab match (, repeat the process for the others tabs to match your domain name and the virtual path needed.

This should take care of the access problem, Now if you still have problems check if you have installed a valid certificate to handle all your services.  Click on Server configuration, in the middle on the screen locate available installed certificates under "Exchange Certificates" tab.  Here, if you don't have a valid certificate you must get one and install it following your CERT Authority provider, remember the certificate should include all possible names the server will have (,,, etc.).

Hope that helps!!!

Author Closing Comment

ID: 40611493
Good afternoon,

Sorry for the late reply and thanks for the comments. In my case it turns out that the firewall on the router for port 25 was poiting to a different IP address.
Additionally, the previous IT company had installed SMTP service on the the server while we created a connector on port 25. Because of that the binding to the connector was failing because the port was already in use.
I feel a bit stupid as I had seen the port opened on the firewall rules but did not notice the IP address it was pointing to another IP address.
As soon as I changed it, and removed the SMTP service, everything was fine.

Thanks again guys :)

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Find out what you should include to make the best professional email signature for your organization.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question