By default, DNS uses User Datagram Protocol (UDP) for queries, and it replies with a DNS payload limit of 512 bytes. Larger replies are truncated, and this leads to a later handling through Transmission Control Protocol (TCP) with more overhead. In this case, TCP is not enabled outgoing. Therefore, verification fails if the TXT record of the federation proof is too large.
- Manually change the hosts file on the hybrid server or servers to include the following information:Note This server has TCP outgoing access permissions.
- Add the domain to the Exchange federation list by running the following Windows PowerShell command:For example, run the following command:
Add-FederatedDomain –DomainName <SmtpDomain>
Add-FederatedDomain –DomainName contoso.com
- Remove the hosts file entry that you added in step 1.