Reference Architecture 1: DNS Summary for Single Consolidated Edge
Topic Last Modified: 2012-04-06
DNS record requirements for remote access to Lync Server are fairly straightforward compared to those for certificates and ports. Also, many records are optional, depending on how you configure clients running Microsoft Lync 2010 and whether you enable federation.
For details about Lync Server 2010 DNS requirements, see Determining DNS Requirements.
For details about automatic configuration of clients running Microsoft Lync 2010 if split-brain DNS is not configured, see “Automatic Configuration without Split-Brain DNS” in Determining DNS Requirements.
The following table contains a summary of the DNS records that are required to support the single consolidated edge topology shown in the Single Consolidated Edge Topology figure. Note that certain DNS records are required only for automatic configuration of clients running Lync 2010. If you plan to use group policy objects (GPOs) to configure Lync clients, the associated records are not necessary.
IMPORTANT: Edge/Reverse Proxy Network Adapter Requirements
To avoid routing issues, verify that there are at least two network adapters in your edge and reverse proxy servers and that the default gateway is set only on the network adapter associated with the external interface. For example, as shown in the Single Consolidated Edge Topology figure in Reference Architecture 1: Single Consolidated Edge, the default gateway would point to the external firewall (10.45.16.1).
You can configure two network adapters in your Edge Server as follows:
Network adapter 1 (Internal Interface)
Internal interface with 172.25.33.10 assigned.
No default gateway is defined.
Ensure that there is a route from the network containing the Edge internal interface to any networks that contain servers running Lync Server 2010 or Lync Server 2010 clients (for example, from 172.25.33.0 to 192.168.10.0).
Network adapter 2 (External Interface)
Three private IP addresses are assigned to this network adapter.
Access Edge IP address is primary with default gateway set to integrated router (10.45.16.1).
Web conferencing and A/V Edge IP addresses secondary.
You can configure two network adapters in your reverse proxy as follows:
Network adapter 1 (Internal Interface)
Internal interface with 172.25.33.40 assigned.
No default gateway is defined.
Ensure there is a route from the network containing the reverse proxy internal interface to any networks that contain Lync Server 2010 Front End pool servers (for example, from 172.25.33.0 to 192.168.10.0).
Network adapter 2 (External Interface)
A minimum of one public IP address is assigned to this network adapter.
DNS Records Required for Single Consolidated Edge Topology: Consolidated Edge
| Location | Type | FQDN | IP address/FQDN | Port | Maps to/Comments |
|---|---|---|---|---|---|
External DNS |
A |
sip.contoso.com |
131.107.155.10 |
SIP Access Edge external interface (contoso) |
|
External DNS |
A |
sip.fabrikam.com |
131.107.155.10 |
SIP Access Edge external interface (fabrikam) |
|
External DNS |
A |
webcon.contoso.com |
131.107.155.20 |
Web Conferencing Edge external interface |
|
External DNS |
A |
av.contoso.com |
131.107.155.30 |
A/V Edge external interface |
|
External DNS |
SRV |
_sip._tls.contoso.com |
sip.contoso.com |
443 |
SIP Access Edge external interface (access.contoso.com) Required for automatic configuration of clients running Lync 2010 to work externally |
External DNS |
SRV |
_sip._tls.fabrikam.com |
sip.fabrikam.com |
443 |
SIP Access Edge external interface (access.fabrikam.com) Required for automatic configuration of clients running Lync 2010 to work externally. |
External DNS |
SRV |
_sipfederationtls._tcp.contoso.com |
sip.contoso.com |
5061 |
SIP Access Edge external interface (access.contoso.com) Required for automatic DNS discovery of federated partners known as “Allowed SIP Domain” (called enhanced federation in previous releases). |
External DNS |
SRV |
_sipfederationtls._tcp.fabrikam.com |
sip.fabrikam.com |
5061 |
SIP Access Edge external interface (access.fabrikam.com) Required for automatic DNS discovery of federated partners known as “Allowed SIP Domain” (called enhanced federation in previous releases). |
Internal DNS |
A |
lsedge.contoso.net |
172.25.33.10 |
Consolidated Edge internal interface |
|
Internal DNS |
A |
ucupdates-r2.contoso.net |
192.168.7.190 |
Used for Lync 2010 device updates |
DNS Records Required for Single Consolidated Edge Topology: Reverse Proxy
| Location | Type | FQDN | IP address | Port | Maps to/comments |
|---|---|---|---|---|---|
External DNS |
A |
lsrp.contoso.com |
131.107.155.40 |
Used to publish Address Book Service, distribution group expansion, and conference content. |
|
External DNS |
A |
dialin.contoso.com |
131.107.155.40 |
Dial-in conferencing published externally |
|
External DNS |
A |
meet.contoso.com |
131.107.155.40 |
Conferences published externally |
|
External DNS |
A |
lsweb-ext.contoso.com |
131.107.155.40 |
Lync Server 2010 external Web Services FQDN |
|
External DNS |
A |
lyncdiscover.contoso.com |
131.107.155.40 |
Required for mobile devices running Lync 2010 and using the Autodiscover Service to work externally |
|
External DNS |
A |
lyncdiscover.fabrikam.com |
131.107.155.40 |
Required for mobile devices running Lync 2010 and using the Autodiscover Service to work externally |
|
Internal DNS |
A |
rproxy.contoso.com (optional) |
172.25.33.40 |
Reverse proxy internal interface. This is not required, but it helps with testing that the internal interface of the reverse proxy is accessible by internal servers. |
DNS Records Required for Single Consolidated Edge Topology: Next Hop Pool
| Location | Type | FQDN | IP address | Port | Maps to/comments |
|---|---|---|---|---|---|
Internal DNS |
A |
pool01.contoso.net |
192.168.10.90 |
Pool01 (DNS load balancer) |
|
Internal DNS |
A |
pool01.contoso.net |
192.168.10.91 |
Pool01 (DNS load balancer) |
|
Internal DNS |
A |
fe01.contoso.net |
192.168.10.90 |
Pool01 Front End Server (NODE 1) |
|
Internal DNS |
A |
fe02.contoso.net |
192.168.10.91 |
Pool01 Front End Server (NODE 2) |
|
Internal DNS |
A |
lsweb.contoso.net |
192.168.10.190 |
Pool01 (VIP) for client-to-server web traffic |
|
Internal DNS |
A |
sql01.contoso.net |
192.168.10.100 |
Pool01 Back End Server running Microsoft SQL Server 2008, Microsoft SQL Server 2008 R2, or Microsoft SQL Server 2005 |
|
Internal DNS |
A |
pool01.contoso.net |
192.168.10.90 |
Pool01 (DNS load balancer) – for automatic configuration of Lync 2010 clients to work internally |
|
Internal DNS |
A |
pool01.fabrikam.net |
192.168.10.90 |
Pool01 (DNS load balancer) – for automatic configuration of clients running Lync 2010 to work internally |
|
Internal DNS |
A |
sip.contoso.com |
192.168.10.90 |
Required for automatic configuration of clients running Lync 2010 to work internally |
|
Internal DNS |
A |
sip.fabrikam.com |
192.168.10.90 |
Required for automatic configuration of clients running Lync 2010 to work internally |
|
Internal DNS |
A |
dialin.contoso.com |
192.168.10.190 |
Dial-in conferencing published internally |
|
Internal DNS |
A |
meet.contoso.com |
192.168.10.190 |
Conferences published internally |
|
Internal DNS |
A |
admin.contoso.com |
192.168.10.190 |
Microsoft Lync Server 2010 Control Panel published internally |
|
Internal DNS |
A |
lyncdiscoverinternal.contoso.com |
192.168.10.190 |
Required for mobile devices running Lync 2010 and using the Autodiscover Service to work internally |
|
Internal DNS |
A |
lyncdiscoverinternal.fabrikam.com |
192.168.10.190 |
Required for mobile devices running Lync 2010 and using the Autodiscover Service to work internally |
|
Internal DNS |
SRV |
_sipinternaltls._tcp.contoso.com |
pool01.contoso.com |
5061 |
Required for automatic configuration of clients running Lync 2010 to work internally |
Internal DNS |
SRV |
_sipinternaltls._tcp.fabrikam.com |
pool01.fabrikam.com |
5061 |
Required for automatic configuration of clients running Lync 2010 to work internally |
Internal DNS |
SRV |
_ntp._udp.contoso.com |
timeServerFQDN |
123 |
Network Time Protocol (NTP) source required for Microsoft Lync 2010 Phone Edition devices |
Note
VIP = virtual IP address
Important
The records listed in the previous table are shown with either a .net extension or a .com extension to highlight which zone they need to reside in if you are not using split-brain DNS. If you are using split-brain DNS, all records would be in the same zone, with the only distinction being whether they are in the internal or external version. For details, see “Split-Brain DNS” in Determining DNS Requirements.