What DNS zones are absolutely necessary for Exchange Hybrid 2013/2007 (365) environment

K B
K B used Ask the Experts™
on
If I was going to use autod feature of Set-HybridConfiguration:

Set-HybridConfiguration –Domains "contoso.com, fabrikam.com", "autod:wingtiptoys.com"

… which is now found in the GUI of the Hybrid Configuration Wizard…

As a hypothetical, would I need ANY DNS zones at all (either internal or external) for fabrikam.com or contoso.com?

Could they be non-existent with the exception of MX records externally?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Peter HutchisonSenior Network Systems Specialist

Commented:
You need MX, TEXT, SPF and a CNAME record which are needed to verify that you are the owner of the domain and for autodiscover to work for Outlook and mobile devices.
Commented:
you must include all names on the certificate and you only need to utilize external DNS zones for autodiscover...internal is not needed for autoD ...Externally, you can save some money by creating completely unsupported SRV records (to point to your AutoD domain), for example:

SRV record
_autodiscover._tcp.contoso.com to point to autodiscover.wingtiptoys.com

...however, you will get a redirect popup (not a cert warning) when creating a new outlook profile externally. Microsoft says SRV records prohibit free/busy cross org sharing (federation)..I dont see that.
we happended to block all autodiscover.contoso.com, autodiscover.fabrikam.com and autodiscover.wingtiptoys.com from going outside the network to force use of SCP record (with the firewall)....this is a special case though...not for everyone at all.  If you don't do that (AND you don't have internal DNS records for autodiscover) Outlook 2013+ looks for all the autodiscover records at one time (Even if it has the information it needs to from the SCP) in an attempt to cache them (just in case i guess,,or for speed)...so it will look to Public DNS.. that is a bit inefficient.  SO ... if you are like us and have 40 domains primarySMTP domains used in your Exchange and do not want to create split brain for all of them.. you might try to block (BUT if you have a non domain joined machines on your network setting up or using corp outlook profiles... just setup the split brain)
K B

Author

Commented:
spent DAYS on this.. Microsoft has zero documentation explaining how their statement of:

With the Autodiscover domain feature, you have the option of setting one of your SMTP domains as the Autodiscover domain. When doing so, you remove the following requirements:

The need to create an Autodiscover record for all SMTP domains in DNS, except for the domain you set as the Autodiscover domain
The need to include the Autodiscover FQDN for all SMTP domains used in the SAN certificate

... IS ONLY FOR INTERNAL DNS.. EXTERNALLY THIS STATEMENT IS FALSE

FOR IT TO BE SUPPORTED YOU NEED TO HAVE EVERY SINGLE NAME ON THE CERTIFICATE

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial