Web Protection and Exchange

If the local DNS is configured for Web Protection, and there is an on-premises Exchange server, the Exchange server should NOT be configured to use the Web Protection DNS resolvers. This can cause mail flow issues.

The Transport Server needs to use alternate DNS servers for resolution of EXTERNAL Domain names. The PowerShell commands below can be used to set these values:

Command Example:

1. Set-transportserver -identity <server name> -ExternalDNSServers  x.x.x.x, y.y.y.y

2. The values for the ExternalDNSServers is a comma delimited list of DNS server IPs to be used for external DNS resolution.  

3. The ExternalDNSServers parameter specifies the list of external DNS servers that the server queries when resolving a remote domain. DNS servers are specified by IP address. The default value is an empty list ({}). To enter multiple values and overwrite any existing entries, use the following syntax:<value1>,<value2>... 
4. If the values contain spaces or otherwise require quotation marks, you need to use the following syntax: "<value1>","<value2>"...
5. To add or remove one or more values without affecting any existing entries, use the following syntax: @{Add="<value1>","<value2>"...; Remove="<value1>","<value2>"...}.
6. The exact commands might vary between versions of Exchange.