Exchange Online – Review your DNS configuration to avoid mail flow failures

Starting March 22, 2021, Exchange Online (ExO) and Exchange Online Protection (EOP) DNS infrastructure will be updated to enable Extension Mechanisms for DNS (EDNS) to allow sending DNS data in larger UDP packet which is required for DNSSEC.

To prepare for this change, the ExO team has been already reviewing existing Office 365 tenant to ensure they are compliant and notification has been sent to tenant with potential issues through a message on Message Center.

If you are not sure, made changes on your DNS or want to be sure and validate, you can use the new EDNS validation tool from the Remote Connectivity Analyzer (

After ENDS is enabled and you have a misconfigured DNS, you will get ServerFailure delivery errors.

You can access the EDNS validation tool from the RCA home page, under the Office 365 blade, or through the direct link


To use the ENDS validation, just enter the DNS records of your on-premises connectors (you know the DNS record you define when running the Exchange Configuration Wizard) – you can add multiple records using a comma separated list


For the purpose of this post, I have validated my real connector and an additional record which is not related to Exchange Online mail flow.