What DNS zones are absolutely necessary for Exchange Hybrid 2013/2007 (365) environment

If I was going to use autod feature of Set-HybridConfiguration:

Set-HybridConfiguration –Domains "contoso.com, fabrikam.com", "autod:wingtiptoys.com"

… which is now found in the GUI of the Hybrid Configuration Wizard…

As a hypothetical, would I need ANY DNS zones at all (either internal or external) for fabrikam.com or contoso.com?

Could they be non-existent with the exception of MX records externally?
LVL 9
K BAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Peter HutchisonSenior Network Systems SpecialistCommented:
You need MX, TEXT, SPF and a CNAME record which are needed to verify that you are the owner of the domain and for autodiscover to work for Outlook and mobile devices.
K BAuthor Commented:
you must include all names on the certificate and you only need to utilize external DNS zones for autodiscover...internal is not needed for autoD ...Externally, you can save some money by creating completely unsupported SRV records (to point to your AutoD domain), for example:

SRV record
_autodiscover._tcp.contoso.com to point to autodiscover.wingtiptoys.com

...however, you will get a redirect popup (not a cert warning) when creating a new outlook profile externally. Microsoft says SRV records prohibit free/busy cross org sharing (federation)..I dont see that.
we happended to block all autodiscover.contoso.com, autodiscover.fabrikam.com and autodiscover.wingtiptoys.com from going outside the network to force use of SCP record (with the firewall)....this is a special case though...not for everyone at all.  If you don't do that (AND you don't have internal DNS records for autodiscover) Outlook 2013+ looks for all the autodiscover records at one time (Even if it has the information it needs to from the SCP) in an attempt to cache them (just in case i guess,,or for speed)...so it will look to Public DNS.. that is a bit inefficient.  SO ... if you are like us and have 40 domains primarySMTP domains used in your Exchange and do not want to create split brain for all of them.. you might try to block (BUT if you have a non domain joined machines on your network setting up or using corp outlook profiles... just setup the split brain)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
K BAuthor Commented:
spent DAYS on this.. Microsoft has zero documentation explaining how their statement of:

With the Autodiscover domain feature, you have the option of setting one of your SMTP domains as the Autodiscover domain. When doing so, you remove the following requirements:

The need to create an Autodiscover record for all SMTP domains in DNS, except for the domain you set as the Autodiscover domain
The need to include the Autodiscover FQDN for all SMTP domains used in the SAN certificate

... IS ONLY FOR INTERNAL DNS.. EXTERNALLY THIS STATEMENT IS FALSE

FOR IT TO BE SUPPORTED YOU NEED TO HAVE EVERY SINGLE NAME ON THE CERTIFICATE
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.