{"id":3058,"date":"2025-08-03T00:00:00","date_gmt":"2025-08-03T00:00:00","guid":{"rendered":"https:\/\/anderson.nl\/?p=3058"},"modified":"2025-08-07T17:32:42","modified_gmt":"2025-08-07T17:32:42","slug":"inbound-smtp-dane-en-dnssec-inschakelen-op-exchange-online","status":"publish","type":"post","link":"https:\/\/anderson.nl\/?p=3058","title":{"rendered":"Inbound SMTP DANE en DNSSEC inschakelen op Exchange Online"},"content":{"rendered":"\n<p>Waarom moeten we DANE en DNSSEC inschakelen?<\/p>\n\n\n\n<p><strong>DNSSEC<\/strong> (Domain Name System Security Extensions) Voorkomt dat DNS-records worden gemanipuleerd tijdens transport. Dit beschermt tegen man-in-the-middle-aanvallen waarbij kwaadwillenden je DNS-verkeer onderscheppen of vervalsen.<\/p>\n\n\n\n<p><strong>DANE<\/strong> (DNS-based Authentication of Named Entities) Verifieert via DNS of het TLS-certificaat van de ontvangende mailserver echt is. Dit voorkomt TLS downgrade attacks, waarbij een aanvaller probeert de versleuteling van e-mailverkeer uit te schakelen.<\/p>\n\n\n\n<p>Samen zorgen ze ervoor dat je e-mailverkeer via Microsoft 365 niet alleen versleuteld is, maar ook dat de route en certificaten betrouwbaar zijn<\/p>\n\n\n\n<p>Het instellen doe je in een paar korte stappen, belangrijk is dat de volgorde hieronder aangehouden wordt en geen stappen worden overgeslagen.<\/p>\n\n\n\n<p><strong>Testen<\/strong><br>Test eerst op <a href=\"http:\/\/internet.nl\">http:\/\/internet.nl<\/a> bij <strong>Test your email<\/strong> wat de huidige staat van je domein is. Aan het einde willen wel alles op 100% hebben staan.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1009\" height=\"391\" src=\"http:\/\/anderson.nl\/wp-content\/uploads\/2025\/08\/Emailtest01.jpg\" alt=\"Eerste test\" class=\"wp-image-3061\" style=\"width:521px;height:auto\"\/><\/figure>\n\n\n\n<p><strong>Controle<\/strong><br>Zorg ervoor dat je zeker weet dat je toegang hebt tot de DNS zodat je het MX Record kan aanpassen. Zorg er voor dat je als admin kan aanmelden in de Microsoft 365 omgeving.<\/p>\n\n\n\n<p><strong>Aanpassen MX Record<\/strong><br>Meld je aan bij je Hostingprovider of het bedrijf waar je DNS staat, in dit voorbeeld gebruik ik CloudFlare.<br>Het huidige record moet aangepast worden naar<strong> TTL<\/strong> van<strong> 60<\/strong> seconden en een <strong>Priority<\/strong> van <strong>10<\/strong>.<img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"63\" class=\"wp-image-3063\" style=\"width: 600px;\" src=\"http:\/\/anderson.nl\/wp-content\/uploads\/2025\/08\/DNS01.jpg\" alt=\"CloudFlare DNS\"><br>Start nu PowerShell op en voer de onderstaande regels uit.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Kopieer\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Connect-ExchangeOnline -ShowProgress $true -ShowBanner:$false\nEnable-DnssecForVerifiedDomain -DomainName \"jouwdomein.nl\"<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Connect-ExchangeOnline<\/span><span style=\"color: #D4D4D4\"> -ShowProgress <\/span><span style=\"color: #569CD6\">$true<\/span><span style=\"color: #D4D4D4\"> -ShowBanner:<\/span><span style=\"color: #569CD6\">$false<\/span><\/span>\n<span class=\"line\"><span style=\"color: #DCDCAA\">Enable-DnssecForVerifiedDomain<\/span><span style=\"color: #D4D4D4\"> -DomainName <\/span><span style=\"color: #CE9178\">&quot;jouwdomein.nl&quot;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Kopieer\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>MxValue                           Result  ErrorData\n-------                           ------  ---------\ntechblogdemo-nl.d-v1.mx.microsoft Success<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D4D4D4\">MxValue                           Result  ErrorData<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">-------                           ------  ---------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">techblogdemo-nl.d-v1.mx.microsoft Success<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Je hebt nu het nieuwe MX Record, voeg deze nu toe bij je DNS provider, met <strong>TTL<\/strong> van<strong> 60<\/strong> seconden en een <strong>Priority<\/strong> van <strong>0<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1121\" height=\"148\" src=\"http:\/\/anderson.nl\/wp-content\/uploads\/2025\/08\/DNS02.jpg\" alt=\"CloudFlare DNS\" class=\"wp-image-3071\"\/><\/figure>\n\n\n\n<p><strong>Inschakelen Inbound SMTP DANE<\/strong><br>Gebruik het onderstaande commando om Inbound SMTP DANE in te schakelen.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Kopieer\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Enable-SmtpDaneInbound -DomainName \"jouwdomein.nl\"<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Enable-SmtpDaneInbound<\/span><span style=\"color: #D4D4D4\"> -DomainName <\/span><span style=\"color: #CE9178\">&quot;jouwdomein.nl&quot;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-disabled\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Kopieer\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Result  ErrorData\n------  ---------\nSuccess<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D4D4D4\">Result  ErrorData<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">------  ---------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">Success<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><strong>Controle uitvoeren<\/strong><br>Ga naar https:\/\/mxtoolbox.com en controleer of de oude en de nieuwe MX records aanwezig zijn.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"678\" height=\"163\" src=\"http:\/\/anderson.nl\/wp-content\/uploads\/2025\/08\/MXtoolbox01.jpg\" alt=\"MXtoolbox\" class=\"wp-image-3073\"\/><\/figure>\n\n\n\n<p>Als beide records erin staan verwijder je nu het oude MX Record bij je DNS Provider.<\/p>\n\n\n\n<p><strong>Test<\/strong><br>Test nu opnieuw met https:\/\/internet.nl of alles nu op 100% staat.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"676\" height=\"302\" src=\"http:\/\/anderson.nl\/wp-content\/uploads\/2025\/08\/Internet.nl02.jpg\" alt=\"internet.nl Test\" class=\"wp-image-3080\" style=\"width:567px;height:auto\"\/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Waarom moeten we DANE en DNSSEC inschakelen? DNSSEC (Domain Name System Security Extensions) Voorkomt dat DNS-records worden gemanipuleerd tijdens transport. Dit beschermt tegen man-in-the-middle-aanvallen waarbij kwaadwillenden je DNS-verkeer onderscheppen of vervalsen. DANE (DNS-based Authentication of Named Entities) Verifieert via DNS of het TLS-certificaat van de ontvangende mailserver echt is. Dit <a href=\"https:\/\/anderson.nl\/?p=3058\" class=\"btn btn-link continue-link\">Lees verder<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,11,1,12],"tags":[],"class_list":["post-3058","post","type-post","status-publish","format-standard","hentry","category-exchange-server","category-microsoft-365","category-niet-gecategoriseerd","category-office-365"],"_links":{"self":[{"href":"https:\/\/anderson.nl\/index.php?rest_route=\/wp\/v2\/posts\/3058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/anderson.nl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/anderson.nl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/anderson.nl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/anderson.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3058"}],"version-history":[{"count":19,"href":"https:\/\/anderson.nl\/index.php?rest_route=\/wp\/v2\/posts\/3058\/revisions"}],"predecessor-version":[{"id":3087,"href":"https:\/\/anderson.nl\/index.php?rest_route=\/wp\/v2\/posts\/3058\/revisions\/3087"}],"wp:attachment":[{"href":"https:\/\/anderson.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/anderson.nl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/anderson.nl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}