Share via


DNS Requirements

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

As covered earlier in this document, when collocating multiple server roles on a single computer, you should use a separate external IP address for each role. Specific DNS settings must be configured on each external and internal interface of each edge server. In general, this includes configuring DNS records to point to appropriate servers in the internal network and configuring DNS records as appropriate for each edge server.

Note

To prevent DNS SRV spoofing and ensure that certificates provide valid ties from the user URI to real credentials, Office Communications Server 2007 requires that the name of the DNS SRV domain match the server name on the certificate. The subject name (SN) must point to sip.<domain>.

The actual DNS records required depend on which edge servers you deploy and on your deployment topology, as covered in this section. The following tables provide details about each DNS record required for each topology.

The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the consolidated edge topology.

Note

The port numbers referenced in the following tables and later in this document are typically the default ports. If you use different port settings, you will need to modify the procedures in this guide accordingly.

Table 43 DNS records for the consolidated edge topology

Internal/External Record Server DNS Settings

External

Collocated Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server

An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record with the external FQDN of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity.

A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client.

Note: Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight.

For each supported SIP domain in your organization, an external A record for sip.<domain> that resolves to the external IP address of the Access Edge Server for each SIP domain. If a client cannot perform an SRV record lookup to connect to the Access Edge server it will use this A record as a fallback.

An external DNS A record that resolves to the external name of the Web Conferencing Edge Server to the external IP address of the Web Conferencing Edge Server.

An external DNS A record that resolves the external FQDN of the A/V Edge Server to the external IP address of the A/V Edge Server. This IP address must be a publicly routable IP address.

 

Reverse proxy

An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy.

Internal

Collocated Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server

An internal DNS A record that resolves the internal FQDN of the edge server to the internal IP address of the edge server. Office Communications Server 2007 servers within the organization use this DNS A record to connect to the internal interface of the edge server.

The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the single-site edge topology.

Table 44 DNS records for the single-site edge topology

Interface Server DNS Settings

External

Collocated Access Edge Server and Web Conferencing Edge Server

An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record with the external FQDN of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity.

A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client.

Note: Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight.

For each supported SIP domain in our organization, an external DNS A record for sip. <domain> that points to the external interface of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each. If a client cannot perform an SRV record lookup to connect to the Access Edge server it will use this A record as a fallback.

An external DNS A record that resolves the external FQDN of the Web Conferencing Edge Server to its external IP address.

 

A/V Edge Server

An external DNS A record that points the external FQDN of the A/V Edge Server to its external IP address. This IP address must be a publicly routable IP address.

 

Reverse proxy

An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy.

Internal

Collocated Access Edge Server and Web Conferencing Edge Server

An internal DNS A record that resolves the internal FQDN of the collocated Access Edge Server and Web Conferencing Edge Server to its internal IP address.

 

A/V Edge Server

An internal DNS A record that resolves the internal FQDN of the A/V Edge Server to its internal IP address.

The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the scaled single-site edge topology.

Table 45 DNS records for the scaled single-site edge topology

Interface Server DNS Settings

External

Access Edge Server

Web Conferencing Edge Server

An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record that resolves the external FQDN of the Access Edge Server array to the VIP address used by the Access Edge Server array on the external load balancer. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity.

A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client.

Note

Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight.

For each supported SIP domain in your organization, an external A record for sip.<domain> that points to the external IP address of the virtual IP address used by the Access Edge Server on the external load balancer. If a client cannot perform an SRV record lookup to connect to the Access Edge server, it uses this A record as a fallback.

An external DNS A record that resolves the external FQDN of the Web Conferencing Edge Server array to the VIP address used by the Web Conferencing Edge Server array on the external load balancer.

 

A/V Edge Server

An external DNS A record that resolves the external FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the external load balancer on the external edge.

 

Reverse proxy

An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy.

Internal

Access Edge Server

Web Conferencing Edge Server

An internal DNS A record that resolves the internal FQDN of the Access Edge Server array to the virtual IP address used by the Access Edge Servers on the internal load balancer.

An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server to its internal IP address.

 

A/V Edge Server

An internal DNS A record that resolves the internal FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the internal load balancer.

The data center configuration for the multiple-site edge topology is the same as that for the scaled single-site edge topology, but additional configuration is required for the remote site. The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the remote site of the multiple-site edge topology.

Table 46 DNS records for the multiple-site edge topology remote site with one or more Web Conferencing Edge Servers and a single A/V Edge Server

Interface Remote Site Server DNS Settings

External

Web Conferencing Edge Server

An external DNS A record that resolves to the external FQDN of each Web Conferencing Edge Server in the remote site to its external IP address.

 

A/V Edge Server

An external DNS A record that resolves the external FQDN of the A/V Edge Server in the remote site to its external IP address. This IP address must be a publicly routable IP address.

 

Reverse proxy

An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy.

Internal

Web Conferencing Edge Server

An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server in the remote site to its internal IP address.

 

A/V Edge Server

An internal DNS A record that resolves the internal FQDN of the A/V Edge Server to its internal IP address.

The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the remote site for a scaled remote site topology where two or more Web Conferencing Edge Servers and two or more A/V Edge Servers are load balanced in the remote site.

Table 47 DNS records for the scaled remote edge topology

Interface Server DNS Settings

External

Web Conferencing Edge Server

An external DNS A record that resolves the external FQDN the Web Conferencing Edge Server array to the VIP address used by the Web Conferencing Edge Server array on the external load balancer.

 

A/V Edge Server

An external DNS A record that resolves the external FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the external load balancer on the external edge.

 

Reverse proxy

An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy.

Internal

Web Conferencing Edge Server

An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server to its internal IP address.

 

A/V Edge Server

An internal DNS A record that resolves the internal FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the internal load balancer.