Create DNS records for Office 365 at any DNS hosting provider

We're updating this article! Send an email and let us know what you'd like to see.
Email: Office 365 Admin Content Feedback

Telephone

Want some help?                                   

Call support.

Before you use these steps, check the drop down below to see if your domain registrar has it's own set of instructions. If not, you can follow the general steps in this article.

If you don’t know the DNS hosting provider or domain registrar for your domain, see Find your domain registrar or DNS hosting provider.

The general steps are included in this article. But you may be able to find step-by-step instructions that are specific to your DNS host's website. Check to see if your domain's DNS host is listed in Create DNS records for Office 365.

Why update DNS records? Watch the video

To set up the records yourself, these are the records to add. Note that your verification record and MX record are unique to your domain. To set them up, you'll need to get and use a specific “token” value for your domain. The steps below explain how to do that.

Important: The exact name of the boxes or fields you type or paste the information into, to create each type of DNS record, are different for each DNS host. Your DNS host may have Help on their website to assist you in mapping the instructions we show here to the exact fields on their website. Remember to check to see if we have step-by-step instructions for your DNS host in Create DNS records for Office 365.

Some DNS hosts don’t let you create all of the required record types, which causes service limitations in Office 365. If your domain's host doesn’t support SRV, TXT, or CNAME records, for example, we recommend that you transfer your domain to a DNS host that does support all required records. For a fast, automated process setting up with Office 365, we recommend that you transfer your domain to GoDaddy.

If you have a SharePoint Online Public Website, you can set it up to use your custom domain for the website URL address, like www.your_domain.com.

Note:  Typically it takes just a few minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you’re having trouble with mail flow or other issues after adding DNS records, see Find and fix issues after changing your domain name or DNS records.

Add a TXT or MX record for verification

Note:  You will create only one or the other of these records. TXT is the preferred record type, but some DNS hosting providers don’t support it, in which case you can create an MX record instead.

Before you use your domain with Office 365, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Office 365 that you own the domain.

Note:  This record is used only to verify that you own your domain; it doesn’t affect anything else. You can delete it later, if you like.

Find the area on your DNS hosting provider’s website where you can create a new record.
  1. Sign in to your DNS hosting provider’s website.

  2. Choose your domain.

  3. Find the page where you can edit DNS records for your domain.

Create the record.
  1. Depending on whether you are creating a TXT record or an MX record, do one of the following:

    • If you create a TXT record, use these values:

      Record Type

      Alias or Host Name

      Value

      TTL

      TXT

      Do one of the following: Type @ or leave the field empty or type your domain name.

      Note: Different DNS hosts have different requirements for this field.

      MS=msXXXXXXXX

      Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Office 365.
      How do I find this?

      Set this value to 1 hour or to the equivalent in minutes (60), seconds (3600), etc.

    • If you create an MX record, use these values:

      Record Type

      Alias or Host Name

      Value

      Priority

      TTL

      MX

      Type either @ or your domain name.

      MS=msXXXXXXXX

      Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Office 365.
      How do I find this?

      For Priority, to avoid conflicts with the MX record used for mail flow, use a lower priority than the priority for any existing MX records.

      For more information about priority, see What is MX priority?

      Set this value to 1 hour or to the equivalent in minutes (60), seconds (3600), etc.

  2. Save the record.

Now that you've added the record at your domain registrar's site, you'll go back to Office 365 and request Office 365 to look for the record.

When Office 365 finds the correct TXT record, your domain is verified.

  1. Go to the Domains page.

  2. On the Manage domains page, select the domain that you are verifying and then, in the Action column for that domain, choose Start setup.

    O365-BP-Verify-1-2

  3. On the Add this TXT record to show you own domain_name page, choose Okay, I've added the record.

    O365-BP-Verify-1-3

  4. Choose Next.

    O365-BP-Verify-1-4

Note:  Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you’re having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Back to top

Add MX record to route email

Add an MX record so email for your domain will come to Office 365. When you update your domain's MX record, all new email for anyone who uses your domain will now come to Office 365. Any email you already have will stay at your current email host, unless you decide to migrate email and contacts to Office 365.

Tip: Instead of switching all of your company's email to Office 365, you can pilot Office 365 email with just a few email addresses.

Task

Find the page where you can create records for your domain.

  1. Sign in to your DNS host’s website.

  2. Choose your domain.

  3. Find the page where you can edit DNS records for your domain.

The MX record you'll add includes a value (the Points to address value) that looks something like this: <MX token>.mail.protection.outlook.com, where <MX token> is a value like MSxxxxxxx.

  1. On your DNS host’s website, click to add a new MX record.

    Now you'll get the information for the MX record from Office 365.

  2. For the MX record (in the step above), copy the Points to address value.

    You'll use this value in the record you're creating on your DNS host's site, as described in the next step.

  3. In the new MX record on your DNS host's site, make sure that the fields are set to precisely the following values:

    • Record Type: MX

    • Priority: Set the priority of the MX record to the highest value available, which is typically 0.

      For more information about priority, see What is MX priority?

    • Host Name: @

    • Points to address: Paste the Points to address value that you just copied from Office 365 here.

    • TTL: Set this value to 1 hour or to the equivalent in minutes (60), seconds (3600), etc.

  4. Save the record.

Remove any other MX records.

If you have any MX records for this domain that send email to someplace other than Office 365, delete them all.

Back to top

Add four CNAME records

Follow the steps below to add the four CNAME records that are required for Office 365. If additional CNAME records are listed in Office 365, add those following the same general steps shown here.

On your DNS host’s website, you'll create four new CNAME records, typically one at a time.

  1. In the boxes for each new record, type or copy and paste the following values. After you add each of the first three new records, choose to create another CNAME record.

    Record Type

    Host

    Points to

    TTL

    CNAME (Alias)

    autodiscover

    autodiscover.outlook.com

    1 hour

    CNAME (Alias)

    lyncdiscover

    webdir.online.lync.com

    1 hour

    CNAME (Alias)

    msoid

    clientconfig.microsoftonline-p.net

    1 hour

    CNAME (Alias)

    sip

    sipdir.online.lync.com

    1 hour

    Notes: For TTL: Set this value to 1 hour or to the equivalent in minutes (60), seconds (3600), etc.

    These records do not apply to Exchange, Lync, or Skype for Business hybrid deployments.

  2. When you've finished, save the records.

Add two CNAME records for Mobile Device Management (MDM) for Office 365

Important: If you have Mobile Device Management (MDM) for Office 365, then you must also create the following two CNAME records.

Record Type

Host

Points to

TTL

CNAME (Alias)

enterpriseregistration

enterpriseregistration.windows.net

1 hour

CNAME (Alias)

enterpriseenrollment

enterpriseenrollment.manage.microsoft.com

1 hour

Back to top

Add a TXT record for SPF to help prevent email spam

Important: You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Office 365. Instead, add the required Office 365 values to the current record so that you have a single SPF record that includes both sets of values. Need examples? Check out these details and sample SPF records. To validate your SPF record, you can use one of these SPF validation tools.

On your DNS host’s website, edit the existing SPF record or create a new TXT record for SPF.

Important: SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. In order to protect against these, once you have set up SPF, you should also configure DKIM and DMARC for Office 365. To get started, see Use DKIM to validate outbound email sent from your domain in Office 365. Next, see Use DMARC to validate email in Office 365.

  1. In the boxes for the new record, type or copy and paste the set of values below that apply to your situation.

    • If you use email with Exchange Online only (not with SharePoint Online), use these values:

      Record Type

      Host

      TXT Value

      TTL

      TXT (Text)

      @

      v=spf1 include:spf.protection.outlook.com -all

      1 hour

    Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.

    For TTL: Set this value to 1 hour or to the equivalent in minutes (60), seconds (3600), etc.

  2. When you've finished, save the record.

  3. To validate your SPF record, use one of these SPF validation tools.

Back to top

Add two SRV records

On your DNS host’s website, you'll create two new SRV records, typically one at a time. That is, after you add the first SRV record at the website, choose to create another SRV record.

  1. In the boxes for each new record, type or copy and paste the following values. (See the notes below for creating SRV records when your DNS host doesn't have all of these as separate fields.)

    Record Type

    Name

    Target

    Protocol

    Service

    Priority

    Weight

    Port

    TTL

    SRV (Service)

    @

    (Or leave blank, if @ is not allowed)

    sipdir.online.lync.com

    _tls

    _sip

    100

    1

    443

    1 hour

    SRV (Service)

    @

    (Or leave blank, if @ is not allowed)

    sipfed.online.lync.com

    _tcp

    _sipfederationtls

    100

    1

    5061

    1 hour

    Notes: 

    • For Name: If your DNS host doesn't allow setting this to @, leave it blank. Use this approach only when your DNS host has separate fields for the Service and Protocol values. Otherwise, see the Service and Protocol notes below.

    • For Service and Protocol: If your DNS host doesn't provide these fields for SRV records, you must specify the Service and Protocol values as the record’s Name value. (Note: Depending on your DNS host, the Name field might be called something else, like: Host, Hostname, or Subdomain.) To set up the combined value, you create a single string, separating the values with a dot.

      For example: Name: _sip._tls

    • For Priority, Weight, and Port: If your DNS host doesn't provide these fields for SRV records, you must specify them as the record’s Target value. (Note: Depending on your DNS host, the Target field might be called something else, like: Content, IP Address, or Target Host.) To set up the combined value, you create a single string, separating the values with spaces and ending with a dot. The values must be included in this order: Priority, Weight, Port, Target.

      For example: Target: 100 1 443 sipdir.online.lync.com.

    • Variation for Priority, Weight, and Port: Some DNS hosts provide some, but not all, of the required fields separately. For these DNS host sites, specify the values that aren't shown separately as a combined string, in order, for the record’s Target value. (Note: Depending on your DNS host, the Target field might be called something else, like: Content, IP Address, or Target Host.) To set up the combined value, you create a single string for the fields that aren't shown individually, separating the values with spaces. The values must be included in order, leaving out the values that have separate fields available: Priority, Weight, Port, Target.

      For example, when Priority has a separate field, concatenate only the Weight, Port, and Target values: Target: 1 443 sipdir.online.lync.com

    • For TTL: Set this value to 1 hour or to the equivalent in minutes (60), seconds (3600), etc.

  2. When you've finished, save the records.

Note:  Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you’re having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Back to top

More about updating DNS records

If you know how to update DNS records at your domain's DNS host, use the Office 365 DNS values to edit records at your domain's DNS host, for example, to set up an MX record or SPF record. Find the specific values to use by following these steps, or view them in the domains setup wizard as you step through it.

If you need some help figuring out how to add the required DNS records and your DNS host isn't listed in Create DNS records for Office 365, first gather the information you need to create Office 365 DNS records. Then use the general steps in this topic to set up your domain's DNS records so you can use your domain with Office 365 services, like email.

If you don't have a website that you use with your custom domain, you can have Office 365 set up and manage DNS records for your domain instead of doing all the setup yourself. Learn about the two options for setting up and managing DNS records for a custom domain in Office 365.

Back to top

Still need help?

Get help from the Office 365 community forums Admins: Sign in and create a service request Admins: Call Support

Back to top

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×