DNS Configuration for Exchange Server 2010

Posted on 2015-01-31
Last Modified: 2015-02-15
Good afternoon experts,

I am installing my first Exchanger Server and I need some clarification. It's probably really simple but I'm having a hard time finding a straight forward explanation:

Please find below a setup to better understand my issue:

I have a server (SERVER1 IP: that is the Domain Controller and DNS for the network.
I have a second server (SERVER2 IP: where I installed Exchange Server 2010.
My External IP in
My domain name is:

The DNS Entries are as follows:    Start of Authority,    Name Server (NS)   IP:    Name Server (NS)   IP:

The nameserver to contact the server is "mail" so:    Name Server (NS)    IP:

Mail Exchanger Entry     Mail Exchanger (MX)        [10]

Then my A Host:    Host (A)    Host (A)
server1                       Host (A)
server2                       Host (A)
mail                             Host (A)
exchange                   Host (A)
www                           Alias (CNAME)

To test it, I used Outlook web Access to see if I can connect.
I'm know I'm missing something as, internally and externally I cannot use however internally I can use and it works.

The router is not the issue as all the ports are open and the MX records have also been modified for the Domain Name's DNS entries.

Using NSLOOKUP, here are my results:

then set type =mx MX preferences = 10, mail exchanger =      internet address =

lastly, set type=ns
Server: localhost
Address: nameserver = nameserver =      internet address =      internet address =            internet address =

I'm not sure what's wrong but I suspect that I'm missing a step in the DNS that connects the or to the actual server (SERVER2) whis is the Exchange Server.

I really hope someone can help me out.

Cheers and thank for taking the time :)
Question by:TSIsolutions
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 20

Assisted Solution

by:Satya Pathak
Satya Pathak earned 100 total points
ID: 40581922
follow the below KB woudl help you to understand how to configure a DNS  with Exchange enviroment
LVL 78

Accepted Solution

arnold earned 200 total points
ID: 40581978
The issue is not with DNS, the issue is that you need to create a rule on your firewall allowing connection attempts on your public IP port 25 to get to your exchange server port 25.

Dealing with access to OWA it is he same, you need to create a path on port 443 of your existing external IP to the internal. The second thing you need to add to the IIS configuration for OWA to also treat requests for, but since you use secure, you may need a certificate using a SAN and

Double check what people outside your domain will see as a response.  Run the Sam nslookup queries but use an external DNS server
nslookup -q=mx

Since you've not included a domain name, we have to rely on your description to assess what is wrong and what needs fixing.  Your issue could be all together something else I.e. A restriction on the incoming connector to only allow requests from network, ......
LVL 11

Assisted Solution

hecgomrec earned 200 total points
ID: 40583954
Since Exchange 2007 it is recommended to use the same names for your exchange server internally and external access.

For exchange to be accessed from outside your organization you will have to have an MX record and a DNS name created for your server name:  Then you will have to create a rule on your firewall to either pass all request or just some ports (25, 80, 443, etc.) to IP to your internal exchange server's IP (

Second step will be to go to your DC/DNS server ( and create an MX record and a Host record for  --->

Last step, make sure your server internal and external names match,  Open the EMC, Under Server Configuration, Client Access, locate in the middle of the screen: Outlook Web App tab open the properties and check that internal and external URL in the General tab match (, repeat the process for the others tabs to match your domain name and the virtual path needed.

This should take care of the access problem, Now if you still have problems check if you have installed a valid certificate to handle all your services.  Click on Server configuration, in the middle on the screen locate available installed certificates under "Exchange Certificates" tab.  Here, if you don't have a valid certificate you must get one and install it following your CERT Authority provider, remember the certificate should include all possible names the server will have (,,, etc.).

Hope that helps!!!

Author Closing Comment

ID: 40611493
Good afternoon,

Sorry for the late reply and thanks for the comments. In my case it turns out that the firewall on the router for port 25 was poiting to a different IP address.
Additionally, the previous IT company had installed SMTP service on the the server while we created a connector on port 25. Because of that the binding to the connector was failing because the port was already in use.
I feel a bit stupid as I had seen the port opened on the firewall rules but did not notice the IP address it was pointing to another IP address.
As soon as I changed it, and removed the SMTP service, everything was fine.

Thanks again guys :)

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question