DNS in Lync Server 2010


Correct configuration of DNS is key to a usable and stable Lync deployment.

  • To discover internal servers or pools for server-to-server communications.
  • To allow clients to discover the Front End pool or Standard Edition server used for various SIP transactions.
  • To allow unified communications (UC) devices that are not logged on to discover the Front End pool or Standard Edition server running Device Update Web Service, obtain updates, and send logs.
  • To allow Ext servers and clients to connect to Edge Servers or the HTTP reverse proxy for instant messaging (IM) or conferencing.
  • To allow Ext UC devices to connect to Device Update Web service through Edge Servers or the HTTP reverse proxy and obtain updates.

 

Standard Edition Server

  • An Internal A record that resolves the fully qualified domain name (FQDN) of the server to its IP address.
Enterprise Edition Pool (with DNS Load Balancing)

  • A set of Internal A records that resolve the FQDN of the pool to the IP address of each server in the pool. There must one A record for each server in the pool.
  • An A record that lists all the deployed Front End Servers
  • An A record (separate to the pool record) that points to the VIP of the hardware load balancer, this is used for the pool's Web Services
Enterprise Edition Pool (with Hardware Load Balancing)

  • An Internal A record that resolves the fully qualified domain name (FQDN) of the Front End pool to the virtual IP (VIP) address of the load balancer.
DNS Records for Automatic client sign-in

  • _sipInternaltls._tcp.<domain>    e.g. An SRV record for _sipInternaltls._tcp.contoso.com domain over port 5061 that maps to pool01.contoso.com
Device Update Web service discovery by (UC) devices

  • An Internal A record with the name ucupdates-r2.<SIP domain> that resolves to the IP address of the Front End pool (or Standard Edition Service) that hosts the Device Update Web service.
DNS records for Simple URLs

  • Refer to the blog post on SimpleURLs here

 


 

Standard Edition Server

FunctionRecord TypeEntryValueInt / Ext
Automatic Client Sign-inSRV 5061_sipInternaltls._tcp.contoso.comPool01.contoso.comInt
Server/Pool discoveryAPool01.contoso.com192.168.6.1Int
Device Update Web ServiceAucupdates-r2.contoso.com192.168.6.1Int
Time ServerSRV 123_ntp._udp.contoso.comDC.contoso.comInt
Simple URL (Meet)AMeet.contoso.com192.168.6.1Int
Simple URL (Dial-in)ADial-in.contoso.com192.168.6.1Int
Simple URL (Admin)AAdmin.contoso.com192.168.6.1Int
Edge InternalALsedge.contoso.com10.2.2.1Int
Ext TLS connectionsSRV 443_sip._tls. contoso.comaccess.contoso.comExt
SIP Access Edge Ext interfaceAaccess.contoso.com10.1.2.1Ext
Web Conferencing Edge Ext interfaceAwebcon.contoso.com10.1.2.2Ext
A/V Edge Ext interfaceAav.contoso.com10.1.2.3Ext
FederationSRV 5061_sipfederationtls._tcp.contoso.comAccess.contoso.comExt
Simple URL (Meet)AMeet.contoso.com10.1.2.4Ext
Simple URL (Dial-in)ADial-in.contoso.com10.1.2.4Ext
Address Box etc. via Reverse ProxyALsrp.contoso.com10.1.2.4Ext
Lync Web Services published via Reverse ProxyAlsweb-ext.contoso.com10.1.2.4Ext
Note: In these examples, Standard Edition Lync Server address is 192.168.6.1, Edge has external addresses 10.1.2.1 – 10.1.2.3 and internal 10.2.2.1, Reverse Proxy is 10.1.2.4


Internal DNS entries for Standard Edition Server
External DNS entries for consolidated Edge



 

Enterprise Pool (DNS Load Balancing)

FunctionRecord TypeEntryValueInt / Ext
Automatic Client Sign-inSRV 5061_sipInternaltls._tcp.contoso.comPool01.contoso.comInt
Server/Pool discoveryAPool01.contoso.com192.168.6.1

192.168.6.2 192.168.6.3
Int
Server accessALS01.contoso.com192.168.6.1Int
Server accessALS02.contoso.com192.168.6.2Int
Server accessALS03.contoso.com192.168.6.3Int
Web ServicesAWebcon.contoso.com192.168.6.10Int
Device Update Web ServiceAucupdates-r2.contoso.com192.168.6.10Int
Time ServerSRV 123_ntp._udp.contoso.comDC.contoso.comInt
Simple URL (Meet)AMeet.contoso.com192.168.6.10Int
Simple URL (Dial-in)ADial-in.contoso.com192.168.6.10Int
Simple URL (Admin)AAdmin.contoso.com192.168.6.10Int
Edge InternalALsedge.contoso.com10.2.2.1Int
Ext TLS connectionsSRV 443_sip._tls. contoso.comaccess.contoso.comExt
SIP Access Edge Ext interfaceAaccess.contoso.com10.1.2.1Ext
Web Conferencing Edge Ext interfaceAwebcon.contoso.com10.1.2.2Ext
A/V Edge Ext interfaceAav.contoso.com10.1.2.3Ext
FederationSRV 5061_sipfederationtls._tcp.contoso.comAccess.contoso.comExt
Simple URL (Meet)AMeet.contoso.com10.1.2.4Ext
Simple URL (Dial-in)ADial-in.contoso.com10.1.2.4Ext
Address Box etc. via Reverse ProxyALsrp.contoso.com10.1.2.4Ext
Lync Web Services published via Reverse ProxyAlsweb-ext.contoso.com10.1.2.4Ext
Note: In these examples, Enterprise Edition Lync Servers addresses are 192.168.6.1 – 192.168.6.3, the HLB has a VIP address of 192.168.6.10, Edge has external addresses 10.1.2.1 – 10.1.2.3 and internal 10.2.2.1, Reverse Proxy is 10.1.2.4

Internal DNS entries for Enterprise Edition pool with DNS Load Balancing



Enterprise Pool (HLB Load Balancing)

FunctionRecord TypeEntryValueInt / Ext
Automatic Client Sign-inSRV 5061_sipInternaltls._tcp.contoso.comPool01.contoso.comInt
Server/Pool discoveryAPool01.contoso.com192.168.6.10Int
Server accessALS01.contoso.com192.168.6.1Int
Server accessALS02.contoso.com192.168.6.2Int
Server accessALS03.contoso.com192.168.6.3Int
Web ServicesAWebcon.contoso.com192.168.6.10Int
Device Update Web ServiceAucupdates-r2.contoso.com192.168.6.10Int
Time ServerSRV 123_ntp._udp.contoso.comDC.contoso.comInt
Simple URL (Meet)AMeet.contoso.com192.168.6.10Int
Simple URL (Dial-in)ADial-in.contoso.com192.168.6.10Int
Simple URL (Admin)AAdmin.contoso.com192.168.6.10Int
Edge InternalALsedge.contoso.com10.2.2.1Int
Ext TLS connectionsSRV 443_sip._tls. contoso.comaccess.contoso.comExt
SIP Access Edge Ext interfaceAaccess.contoso.com10.1.2.1Ext
Web Conferencing Edge Ext interfaceAwebcon.contoso.com10.1.2.2Ext
A/V Edge Ext interfaceAav.contoso.com10.1.2.3Ext
FederationSRV 5061_sipfederationtls._tcp.contoso.comAccess.contoso.comExt
Simple URL (Meet)AMeet.contoso.com10.1.2.4Ext
Simple URL (Dial-in)ADial-in.contoso.com10.1.2.4Ext
Address Box etc. via Reverse ProxyALsrp.contoso.com10.1.2.4Ext
Lync Web Services published via Reverse ProxyAlsweb-ext.contoso.com10.1.2.4Ext
Note: In these examples, Enterprise Edition Lync Servers addresses are 192.168.6.1 – 192.168.6.3, the HLB has a VIP address of 192.168.6.10, Edge has external addresses 10.1.2.1 – 10.1.2.3 and internal 10.2.2.1, Reverse Proxy is 10.1.2.4


Internal DNS entries for Enterprise Pool using Hardware Load Balancing
Official documentation on Technet

7 comments:

  1. There are errors in your diagrams. For internal DNS, the box you have labeled "Reverse Proxy" should be "Edge server"

    ReplyDelete
  2. Hi Mike,
    I'm trying to get Lync on my iPhone, but it's asking me for all kinds of server and domain names, etc.
    Is this different for every company? Any way I can find this out without contacting my company directly?
    Thanks!

    ReplyDelete
  3. Wanted to say thank you a ton for this easy to follow outline. I couldn't wrap my head around Lync DNS until I found this! Thanks again.

    ReplyDelete
  4. I need know if DNS register of Lync Server Enterprise for DNS load balanced in:
    Web Services
    ucupdates-r2.contoso.com
    Meet.contoso.com
    Dial-in.contoso.com
    Admin.contoso.com

    Is 192.168.6.10, about don`t VIP (virtual Ip), thanks.

    ReplyDelete
  5. Michael, I need know the best practice of Enterprise Dns load balancig about with you reference a VIP .....but it don`t have.

    thak`s

    ReplyDelete
  6. Do you need the following dns records if your simple url are lync.contoso.com/meet, lync.contoso.com/dialin, and lync.contoso.com/admin?

    Simple URL (Meet) A Meet.contoso.com 192.168.6.10 Int
    Simple URL (Dial-in) A Dial-in.contoso.com 192.168.6.10 Int
    Simple URL (Admin) A Admin.contoso.com 192.168.6.10 Int

    ReplyDelete
  7. Hi,
    there is an issue with my lync 2010, where users outside domain (working from home) NOT on vpn can make calls, but they can message. As soon as they connect to domain, it works fine.
    please help. thx

    ReplyDelete