DNS Requirements
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
As covered earlier in this document, when collocating multiple server roles on a single computer, you should use a separate external IP address for each role. Specific DNS settings must be configured on each external and internal interface of each edge server. In general, this includes configuring DNS records to point to appropriate servers in the internal network and configuring DNS records as appropriate for each edge server.
Note
To prevent DNS SRV spoofing and ensure that certificates provide valid ties from the user URI to real credentials, Office Communications Server 2007 requires that the name of the DNS SRV domain match the server name on the certificate. The subject name (SN) must point to sip.<domain>.
The actual DNS records required depend on which edge servers you deploy and on your deployment topology, as covered in this section. The following tables provide details about each DNS record required for each topology.
The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the consolidated edge topology.
Note
The port numbers referenced in the following tables and later in this document are typically the default ports. If you use different port settings, you will need to modify the procedures in this guide accordingly.
Table 43 DNS records for the consolidated edge topology
Internal/External Record | Server | DNS Settings |
---|---|---|
External |
Collocated Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server |
An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record with the external FQDN of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity. A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client. Note: Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight. For each supported SIP domain in your organization, an external A record for sip.<domain> that resolves to the external IP address of the Access Edge Server for each SIP domain. If a client cannot perform an SRV record lookup to connect to the Access Edge server it will use this A record as a fallback. An external DNS A record that resolves to the external name of the Web Conferencing Edge Server to the external IP address of the Web Conferencing Edge Server. An external DNS A record that resolves the external FQDN of the A/V Edge Server to the external IP address of the A/V Edge Server. This IP address must be a publicly routable IP address. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Collocated Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the edge server to the internal IP address of the edge server. Office Communications Server 2007 servers within the organization use this DNS A record to connect to the internal interface of the edge server. |
The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the single-site edge topology.
Table 44 DNS records for the single-site edge topology
Interface | Server | DNS Settings |
---|---|---|
External |
Collocated Access Edge Server and Web Conferencing Edge Server |
An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record with the external FQDN of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity. A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client. Note: Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight. For each supported SIP domain in our organization, an external DNS A record for sip. <domain> that points to the external interface of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each. If a client cannot perform an SRV record lookup to connect to the Access Edge server it will use this A record as a fallback. An external DNS A record that resolves the external FQDN of the Web Conferencing Edge Server to its external IP address. |
|
A/V Edge Server |
An external DNS A record that points the external FQDN of the A/V Edge Server to its external IP address. This IP address must be a publicly routable IP address. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Collocated Access Edge Server and Web Conferencing Edge Server |
An internal DNS A record that resolves the internal FQDN of the collocated Access Edge Server and Web Conferencing Edge Server to its internal IP address. |
|
A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the A/V Edge Server to its internal IP address. |
The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the scaled single-site edge topology.
Table 45 DNS records for the scaled single-site edge topology
Interface | Server | DNS Settings |
---|---|---|
External |
Access Edge Server Web Conferencing Edge Server |
An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record that resolves the external FQDN of the Access Edge Server array to the VIP address used by the Access Edge Server array on the external load balancer. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity. A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client. Note Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight. For each supported SIP domain in your organization, an external A record for sip.<domain> that points to the external IP address of the virtual IP address used by the Access Edge Server on the external load balancer. If a client cannot perform an SRV record lookup to connect to the Access Edge server, it uses this A record as a fallback. An external DNS A record that resolves the external FQDN of the Web Conferencing Edge Server array to the VIP address used by the Web Conferencing Edge Server array on the external load balancer. |
|
A/V Edge Server |
An external DNS A record that resolves the external FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the external load balancer on the external edge. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Access Edge Server Web Conferencing Edge Server |
An internal DNS A record that resolves the internal FQDN of the Access Edge Server array to the virtual IP address used by the Access Edge Servers on the internal load balancer. An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server to its internal IP address. |
|
A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the internal load balancer. |
The data center configuration for the multiple-site edge topology is the same as that for the scaled single-site edge topology, but additional configuration is required for the remote site. The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the remote site of the multiple-site edge topology.
Table 46 DNS records for the multiple-site edge topology remote site with one or more Web Conferencing Edge Servers and a single A/V Edge Server
Interface | Remote Site Server | DNS Settings |
---|---|---|
External |
Web Conferencing Edge Server |
An external DNS A record that resolves to the external FQDN of each Web Conferencing Edge Server in the remote site to its external IP address. |
|
A/V Edge Server |
An external DNS A record that resolves the external FQDN of the A/V Edge Server in the remote site to its external IP address. This IP address must be a publicly routable IP address. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Web Conferencing Edge Server |
An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server in the remote site to its internal IP address. |
|
A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the A/V Edge Server to its internal IP address. |
The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the remote site for a scaled remote site topology where two or more Web Conferencing Edge Servers and two or more A/V Edge Servers are load balanced in the remote site.
Table 47 DNS records for the scaled remote edge topology
Interface | Server | DNS Settings |
---|---|---|
External |
Web Conferencing Edge Server |
An external DNS A record that resolves the external FQDN the Web Conferencing Edge Server array to the VIP address used by the Web Conferencing Edge Server array on the external load balancer. |
|
A/V Edge Server |
An external DNS A record that resolves the external FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the external load balancer on the external edge. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Web Conferencing Edge Server |
An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server to its internal IP address. |
|
A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the internal load balancer. |