Create DNS records at any DNS hosting provider

Check the Domains FAQ if you don't find what you're looking for.

Check our list of host-specific instructions to find your host and follow the steps to add all the records you need.

If you don't know the DNS hosting provider or domain registrar for your domain, see Find your domain registrar or DNS hosting provider.

To set up the records yourself, these are the records to add. Note that your verification record and MX record are unique to your domain. To set them up, you'll need to get and use a specific "token" value for your domain. The steps below explain how to do that.

Important

The exact name of the boxes or fields you type or paste the information into, to create each type of DNS record, are different for each DNS host. Your DNS host may have Help on their website to assist you in mapping the instructions we show here to the exact fields on their website. Remember to check to see if we have step-by-step instructions for your DNS host in Create DNS records for Microsoft 365. > Some DNS hosts don't let you create all of the required record types, which causes service limitations in Microsoft 365. If your domain's host doesn't support SRV, TXT, or CNAME records, for example, we recommend that you transfer your domain to a DNS host that does support all required records. For a fast, automated process setting up with Microsoft 365, we recommend that you transfer your domain to GoDaddy.

Note

Typically it takes just a few minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Find and fix issues after changing your domain name or DNS records.

Add a TXT or MX record for verification

Note

You will create only one or the other of these records. TXT is the preferred record type, but some DNS hosting providers don't support it, in which case you can create an MX record instead.

Before you use your domain with Microsoft 365, we have to make sure that you own it. Your ability to log in to your account at your domain registrar and create the DNS record proves to Microsoft 365 that you own the domain.

Note

This record is used only to verify that you own your domain; it doesn't affect anything else. You can delete it later, if you like.

Find the area on your DNS hosting provider's website where you can create a new record.

  1. Sign in to your DNS hosting provider's website.

  2. Choose your domain.

  3. Find the page where you can edit DNS records for your domain.

Create the record.

  1. Depending on whether you are creating a TXT record or an MX record, do one of the following:

    • If you create a TXT record, use these values:

      Record Type Alias or Host Name Value TTL
      TXT Do one of the following: Type @ or leave the field empty or type your domain name.
      Note: Different DNS hosts have different requirements for this field.
      MS=ms XXXXXXXX
      Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Microsoft 365.
      How do I find this?
      Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.
    • If you create an MX record, use these values:

      Record Type Alias or Host Name Value Priority TTL
      MX Type either @ or your domain name. MS=ms XXXXXXXX
      Note: This is an example. Use your specific Destination or Points to Address value here, from the table in Office 365.
      How do I find this?
      For Priority, to avoid conflicts with the MX record used for mail flow, use a lower priority than the priority for any existing MX records.
      For more information about priority, see What is MX priority?
      Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.
  2. Save the record.

Now that you've added the record at your domain registrar's site, you'll go back to Microsoft 365 and request Microsoft 365 to look for the record.

When Microsoft 365 finds the correct TXT record, your domain is verified.

  1. In the admin center, go to the Settings > Domains page.

  2. On the Domains page, select the domain that you are verifying.

  3. On the Setup page, select Start setup.

  4. On the Verify domain page, select Verify.

Note

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Add MX record to route email

Add an MX record so email for your domain will come to Microsoft 365. When you update your domain's MX record, all new email for anyone who uses your domain will now come to Microsoft 365. Any email you already have will stay at your current email host, unless you decide to migrate email and contacts to Microsoft 365.

Task

Find the page where you can create records for your domain.

  1. Sign in to your DNS host's website.

  2. Choose your domain.

  3. Find the page where you can edit DNS records for your domain.

The MX record you'll add includes a value (the Points to address value) that looks something like this: <MX token>.mail.protection.outlook.com, where <MX token> is a value like MSxxxxxxx.

The MX record you'll add includes a value (the Points to address value) that looks something like this: <MX token>.mail.protection.outlook.de, where <MX token> is a value like MSxxxxxxx.

  1. On your DNS host's website, add a new MX record.

    Now you'll get the information for the MX record from Microsoft 365.

  2. For the MX record (in the step above), copy the Points to address value.

    You'll use this value in the record you're creating on your DNS host's site, as described in the next step.

  3. In the new MX record on your DNS host's site, make sure that the fields are set to precisely the following values:

    • Record Type: MX

    • Priority: Set the priority of the MX record to the highest value available, which is typically 0.

      For more information about priority, see What is MX priority?

    • Host Name: @

    • Points to address: Paste the Points to address value that you just copied from Microsoft 365 here.

    • TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.

  4. Save the record.

Remove any other MX records.

If you have any MX records for this domain that send email to someplace other than Microsoft 365, delete them all.

Add three CNAME records

Follow the steps below to add the three CNAME records that are required for Microsoft 365. If additional CNAME records are listed in Microsoft 365, add those following the same general steps shown here.

On your DNS host's website, you'll create three new CNAME records, typically one at a time.

  1. In the boxes for each new record, type or copy and paste the following values. After you add each of the first three new records, choose to create another CNAME record.

    Record Type
    Host
    Points to
    TTL
    CNAME (Alias)
    autodiscover
    autodiscover.outlook.com
    1 hour
    CNAME (Alias)
    lyncdiscover
    webdir.online.lync.com
    1 hour
    CNAME (Alias)
    sip
    sipdir.online.lync.com
    1 hour

    Note

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc. > These records do not apply to Exchange, Lync, or Skype for Business hybrid deployments.

  2. When you've finished, save the records.

Follow the steps below to add the three CNAME records that are required for Microsoft 365. If additional CNAME records are listed in Microsoft 365, add those following the same general steps shown here.

On your DNS host's website, you'll create three new CNAME records, typically one at a time.

  1. In the boxes for each new record, type or copy and paste the following values. After you add each of the first three new records, choose to create another CNAME record.

    Record Type
    Host
    Points to
    TTL
    CNAME (Alias)
    autodiscover
    autodiscover-outlook.office.de
    1 hour
    CNAME (Alias)
    lyncdiscover
    webdir.online.skype.de
    1 hour
    CNAME (Alias)
    sip
    sipdir.online.lync.de
    1 hour

    Note

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc. > These records do not apply to Exchange, Lync, or Skype for Business hybrid deployments.

  2. When you've finished, save the records.

Follow the steps below to add the three CNAME records that are required for Microsoft 365. If additional CNAME records are listed in Microsoft 365, add those following the same general steps shown here.

On your DNS host's website, you'll create three new CNAME records, typically one at a time.

  1. In the boxes for each new record, type or copy and paste the following values. After you add each of the first three new records, choose to create another CNAME record.

    Record Type
    Host
    Points to
    TTL
    CNAME (Alias)
    autodiscover
    autodiscover.partner.outlook.cn
    1 hour
    CNAME (Alias)
    lyncdiscover
    webdir.online.partner.lync.cn
    1 hour
    CNAME (Alias)
    sip
    sipdir.online.partner.lync.cn
    1 hour

    Note

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc. > These records do not apply to Exchange, Lync, or Skype for Business hybrid deployments.

  2. When you've finished, save the records.

Add two CNAME records for Mobile Device Management (MDM) for Microsoft 365

Important

If you have Mobile Device Management (MDM) for Microsoft 365, then you must create two additional CNAME records. Follow the procedure that you used for the other four CNAME records, but supply the values from the following table. > (If you do not have MDM, you can skip this step.)

Record Type
Host
Points to
TTL
CNAME (Alias)
enterpriseregistration
enterpriseregistration.windows.net
1 hour
CNAME (Alias)
enterpriseenrollment
enterpriseenrollment.manage.microsoft.com
1 hour

Important

If you have Mobile Device Management (MDM) for Microsoft 365, then you must create two additional CNAME records. Follow the procedure that you used for the other four CNAME records, but supply the values from the following table. > (If you do not have MDM, you can skip this step.)

Record Type
Host
Points to
TTL
CNAME (Alias)
enterpriseregistration
enterpriseregistration.microsoftonline.de
1 hour
CNAME (Alias)
enterpriseenrollment
enterpriseenrollment-s.manage.microsoft.com
1 hour

Add a TXT record for SPF to help prevent email spam

Important

You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft 365. Instead, add the required Microsoft 365 values to the current record so that you have a single SPF record that includes both sets of values.

On your DNS host's website, edit the existing SPF record or create a new TXT record for SPF.

Important

SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. To protect against these, once you have set up SPF, you should also configure DKIM and DMARC for Microsoft 365. To get started, see Use DKIM to validate outbound email sent from your domain in Microsoft 365. Next, see Use DMARC to validate email in Microsoft 365.

  1. In the boxes for the new record, type or copy and paste the set of values below that apply to your situation.

    Record Type
    Host
    TXT Value
    TTL
    TXT (Text)
    @
    v=spf1 include:spf.protection.outlook.com -all
    Note: We recommend copying and pasting this entry, so that all of the spacing stays correct.
    1 hour

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.

  2. When you've finished, save the record.

  3. To validate your SPF record, use one of these SPF validation tools

Important

You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft 365. Instead, add the required Microsoft 365 values to the current record so that you have a single SPF record that includes both sets of values.

On your DNS host's website, edit the existing SPF record or create a new TXT record for SPF.

Important

SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. To protect against these, once you have set up SPF, you should also configure DKIM and DMARC for Microsoft 365. To get started, see Use DKIM to validate outbound email sent from your domain in Microsoft 365. Next, see Use DMARC to validate email in Microsoft 365.

  1. In the boxes for the new record, type or copy and paste the set of values below that apply to your situation.

    Record Type Host TXT Value TTL
    TXT (Text) @ v=spf1 include:spf.protection.outlook.de -all
    We recommend copying and pasting this entry, so that all of the spacing stays correct.
    1 hour

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.

  2. When you've finished, save the record.

  3. To validate your SPF record, use one of these SPF validation tools

Important

You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you'll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don't create a new one for Microsoft 365. Instead, add the required Microsoft 365 values to the current record so that you have a single SPF record that includes both sets of values.

On your DNS host's website, edit the existing SPF record or create a new TXT record for SPF.

Important

SPF is designed to help prevent spoofing, but there are spoofing techniques that SPF cannot protect against. To protect against these, once you have set up SPF, you should also configure DKIM and DMARC for Microsoft 365. To get started, see Use DKIM to validate outbound email sent from your domain in Microsoft 365. Next, see Use DMARC to validate email in Microsoft 365.

  1. In the boxes for the new record, type or copy and paste the set of values below that apply to your situation.

    Record Type Host TXT Value TTL
    TXT (Text) @ v=spf1 include:spf.protection.partner.outlook.cn -all> [!NOTE]> We recommend copying and pasting this entry, so that all of the spacing stays correct. 1 hour

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.

  2. When you've finished, save the record.

  3. To validate your SPF record, use one of these SPF validation tools

Add two SRV records

On your DNS host's website, you'll create two new SRV records, typically one at a time. That is, after you add the first SRV record at the website, choose to create another SRV record.

  1. In the boxes for each new record, type or copy and paste the following values. (See the notes below for creating SRV records when your DNS host doesn't have all of these as separate fields.)

    Record Type
    Name
    Target
    Protocol
    Service
    Priority
    Weight
    Port
    TTL
    SRV (Service)
    @
    (Or leave blank, if @ is not allowed)
    sipdir.online.lync.com
    _tls
    _sip
    100
    1
    443
    1 hour
    SRV (Service)
    @
    (Or leave blank, if @ is not allowed)
    sipfed.online.lync.com
    _tcp
    _sipfederationtls
    100
    1
    5061
    1 hour

    Note

    For Name: If your DNS host doesn't allow setting this to @, leave it blank. Use this approach only when your DNS host has separate fields for the Service and Protocol values. Otherwise, see the Service and Protocol notes below.

    For Service and Protocol: If your DNS host doesn't provide these fields for SRV records, you must specify the Service and Protocol values as the record's Name value. (Note: Depending on your DNS host, the Name field might be called something else, like: Host, Hostname, or Subdomain.) To set up the combined value, you create a single string, separating the values with a dot. For example: Name: _sip._tls

    For Priority, Weight, and Port: If your DNS host doesn't provide these fields for SRV records, you must specify them as the record's Target value. (Note: Depending on your DNS host, the Target field might be called something else, like: Content, IP Address, or Target Host.) To set up the combined value, you create a single string, separating the values with spaces and ending with a dot. The values must be included in this order: Priority, Weight, Port, Target. For example: Target: 100 1 443 sipdir.online.lync.com.

    Variation for Priority, Weight, and Port: Some DNS hosts provide some, but not all, of the required fields separately. For these DNS host sites, specify the values that aren't shown separately as a combined string, in order, for the record's Target value. (Note: Depending on your DNS host, the Target field might be called something else, like: Content, IP Address, or Target Host.) To set up the combined value, you create a single string for the fields that aren't shown individually, separating the values with spaces. The values must be included in order , leaving out the values that have separate fields available: Priority, Weight, Port, Target. For example, when Priority has a separate field, concatenate only the Weight, Port, and Target values: Target: 1 443 sipdir.online.lync.com

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.

  2. When you've finished, save the records.

    Note

    Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

On your DNS host's website, you'll create two new SRV records, typically one at a time. That is, after you add the first SRV record at the website, choose to create another SRV record.

  1. In the boxes for each new record, type or copy and paste the following values. (See the notes below for creating SRV records when your DNS host doesn't have all of these as separate fields.)

    Record Type
    Name
    Target
    Protocol
    Service
    Priority
    Weight
    Port
    TTL
    SRV (Service)
    @
    (Or leave blank, if @ is not allowed)
    sipdir.online.lync.de
    _tls
    _sip
    100
    1
    443
    1 hour
    SRV (Service)
    @
    (Or leave blank, if @ is not allowed)
    sipfed.online.lync.de
    _tcp
    _sipfederationtls
    100
    1
    5061
    1 hour

    Note

    For Name: If your DNS host doesn't allow setting this to @, leave it blank. Use this approach only when your DNS host has separate fields for the Service and Protocol values. Otherwise, see the Service and Protocol notes below.

    For Service and Protocol: If your DNS host doesn't provide these fields for SRV records, you must specify the Service and Protocol values as the record's Name value. (Note: Depending on your DNS host, the Name field might be called something else, like: Host, Hostname, or Subdomain.) To set up the combined value, you create a single string, separating the values with a dot. > For example: Name: _sip._tls

    For Priority, Weight, and Port: If your DNS host doesn't provide these fields for SRV records, you must specify them as the record's Target value. (Note: Depending on your DNS host, the Target field might be called something else, like: Content, IP Address, or Target Host.) To set up the combined value, you create a single string, separating the values with spaces and ending with a dot. The values must be included in this order: Priority, Weight, Port, Target. > For example: Target: 100 1 443 sipdir.online.lync.de.

    Variation for Priority, Weight, and Port: Some DNS hosts provide some, but not all, of the required fields separately. For these DNS host sites, specify the values that aren't shown separately as a combined string, in order, for the record's Target value. (Note: Depending on your DNS host, the Target field might be called something else, like: Content, IP Address, or Target Host.) To set up the combined value, you create a single string for the fields that aren't shown individually, separating the values with spaces. The values must be included in order , leaving out the values that have separate fields available: Priority, Weight, Port, Target. > For example, when Priority has a separate field, concatenate only the Weight, Port, and Target values: Target: 1 443 sipdir.online.lync.de

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.

  2. When you've finished, save the records.

    Note

    Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

On your DNS host's website, you'll create two new SRV records, typically one at a time. That is, after you add the first SRV record at the website, choose to create another SRV record.

  1. In the boxes for each new record, type or copy and paste the following values. (See the notes below for creating SRV records when your DNS host doesn't have all of these as separate fields.)

    Record Type
    Name
    Target
    Protocol
    Service
    Priority
    Weight
    Port
    TTL
    SRV (Service)
    @
    (Or leave blank, if @ is not allowed)
    sipdir.online.partner.lync.cn
    _tls
    _sip
    100
    1
    443
    1 hour
    SRV (Service)
    @
    (Or leave blank, if @ is not allowed)
    sipfed.online.partner.lync.cn
    _tcp
    _sipfederationtls
    100
    1
    5061
    1 hour

    Note

    For Name: If your DNS host doesn't allow setting this to @, leave it blank. Use this approach only when your DNS host has separate fields for the Service and Protocol values. Otherwise, see the Service and Protocol notes below.

    For Service and Protocol: If your DNS host doesn't provide these fields for SRV records, you must specify the Service and Protocol values as the record's Name value. (Note: Depending on your DNS host, the Name field might be called something else, like: Host, Hostname, or Subdomain.) To set up the combined value, you create a single string, separating the values with a dot. > For example: Name: _sip._tls

    For Priority, Weight, and Port: If your DNS host doesn't provide these fields for SRV records, you must specify them as the record's Target value. (Note: Depending on your DNS host, the Target field might be called something else, like: Content, IP Address, or Target Host.) To set up the combined value, you create a single string, separating the values with spaces and ending with a dot. The values must be included in this order: Priority, Weight, Port, Target. > For example: Target: 100 1 443 sipdir.online.partner.lync.cn.

    Variation for Priority, Weight, and Port: Some DNS hosts provide some, but not all, of the required fields separately. For these DNS host sites, specify the values that aren't shown separately as a combined string, in order, for the record's Target value. (Note: Depending on your DNS host, the Target field might be called something else, like: Content, IP Address, or Target Host.) To set up the combined value, you create a single string for the fields that aren't shown individually, separating the values with spaces. The values must be included in order , leaving out the values that have separate fields available: Priority, Weight, Port, Target. > For example, when Priority has a separate field, concatenate only the Weight, Port, and Target values: Target: 1 443 sipdir.online.partner.lync.cn

    For TTL: Set this value to 1 hour or to the equivalent in minutes ( 60 ), seconds ( 3600 ), etc.

  2. When you've finished, save the records.

    Note

    Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you've made to update across the Internet's DNS system. If you're having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

More about updating DNS records

If you know how to update DNS records at your domain's DNS host, use the Microsoft 365 DNS values to edit records at your domain's DNS host, for example, to set up an MX record or SPF record. Find the specific values to use by following these steps, or view them in the domains setup wizard as you step through it.

If you need some help figuring out how to add the required DNS records see Set up your domain (host-specific instructions, first gather the information you need to create Microsoft 365 DNS records. Then use the general steps in this topic to set up your domain's DNS records so you can use your domain with Microsoft 365 services, like email.

If you don't have a website that you use with your custom domain, you can have Microsoft 365 set up and manage DNS records for your domain instead of doing all the setup yourself. Learn about the two options for setting up and managing DNS records for a custom domain in Microsoft 365.