Deli z drugimi prek


DNS requirements for Skype for Business Server

Summary: Review the DNS considerations in this article before implementing Skype for Business Server.

This article only addresses DNS planning for Skype for Business Server deployments on an organization's on-premises network. For Skype for Business Online refer to "Office 365 URLs and IP address ranges" at https://aka.ms/o365ips.

A Domain name service (DNS) server maps hostnames (like www.contoso.com, presumably a web server) to IP addresses (such as 10.10.10.10). It helps clients and interdependent servers communicate with each other on the network. When you set up an implementation of Skype for Business Server 2015, you need to make sure the mapping of new server names (usually reflecting the role they'll be taking on) matches the IP addresses they're assigned to.

While this may seem a bit daunting at first, the heavy lifting for planning this can be done using the Skype for Business Server 2015 Planning Tool. Once you've gone through the wizard's questions about what features you plan to use, for each site you define you can view the DNS Report within the Edge Admin Report, and use the information listed there to create your DNS records. You can also make adjustments to many of the names and IP addresses used, for details see Review the DNS Report. Keep in mind you can export the Edge Admin Report to an Excel spreadsheet, and the DNS Report will be one of the worksheets in the file. While this tool includes features deprecated from Skype for Business Server 2019, it can still be used to create an initial plan if those features aren't selected

When you're installing a new implementation as described in Create DNS records for Skype for Business Server and building your topology for Skype for Business Server, we recognize that you can choose to use the DNS capabilities built in to Windows Server 2016 or a parter DNS package, so we'll keep the discussions in this article general rather than specific. We're detailing what's needed, and how you meet that need is your decision to make.

Experienced Skype for Business, Lync, and Office Communications Suite administrators will probably find the following tables useful. If the table is confusing to you, the later sections or articles shed some light on the following concepts:

Summary tables

The following tables show DNS records Skype for Business Server uses to provide services to users. Some are optional in that they're only needed to support certain features, and they can be skipped if those features aren't desired. The DNS records needed for internal access only are in the first table, and a deployment allowing internal and external access will need records from both tables.

Internal DNS mappings

Record Type Value Resolves to Purpose Required
A/AAAA Front End pool FQDN
FE-pool.contoso.com
Front End pool server IP addresses
DNS LB to 192.168.21.122 192.168.21.123 192.168.21.124
DNS Load Balancing of Front End Pools. Maps the Front End pool name to a set of IP addresses.
See Deploying DNS Load Balancing on Front End Pools and Director Pools
Y
A/AAAA FQDN of each Front End Server or Standard Edition server in a pool, or a standalone server
FE01.contoso.com FE02.contoso.com FE03.contoso.com
Corresponding IP of each server
192.168.21.122 192.168.21.123 192.168.21.124
Maps the server name to its IP address. Y
A/AAAA Enterprise Pool Internal Web Services Override FQDN
Web-int.contoso.com
HLB VIP for Front End Server Internal Web Services
192.168.21.120
Required to enable client to server web traffic, such as downloading the Skype for Business Web App. Also required for Mobile clients. Y
A/AAAA Enterprise Pool External Web Services Override FQDN
Web-ext.contoso.com
HLB VIP for Front End Server External Web Services
68.123.56.90
Required to enable client to server web traffic, such as downloading the Skype for Business Web App. Required if mobile clients resolve DNS internally. Can resolve to DMZ Reverse Proxy IP or Internet IP.
A/AAAA Back End Server SQL server FQDN
SQL1.contoso.com
server IP address
192.168.11.90
Maps the server name for a back-end SQL server working with the Front End pool to its IP address
A/AAAA Back End Server Mirror SQL server FQDN
SQL2.contoso.com
server IP address
192.168.11.91
Maps the server name for a back-end SQL mirror server working with the Front End pool to its IP address
A/AAAA Director pool FQDN
Note: Not applicable when using a standalone Director server
DirPool.contoso.com
Director pool IP addresses
DNS LB to 192.168.21.132, 192.168.21.133, 192.168.21.134
DNS load balancing of Director Pool servers. Maps the pool name for the Director pool to an IP address, see Deploying DNS Load Balancing on Front End Pools and Director Pools
A Director can authenticate a user and is optional.
A/AAAA Director FQDN Server IP address of each Director server Maps the pool name for the Director to an IP address, see Deploying DNS Load Balancing on Front End Pools and Director Pools
A/AAAA Mediation Server pool FQDN Pool IP addresses The Mediation Server role is optional. You can colocate the services provided by a mediation server to the Front End server or pool. See Using DNS Load Balancing on Mediation Server Pools
A/AAAA Mediation Server FQDN Server IP address You can colocate the services provided by a mediation server to the Front End server or pool. See Using DNS Load Balancing on Mediation Server Pools
A/AAAA Persistent Chat Server FQDN Persistent Chat Server IP address A Persistent Chat server is required for the Persistent Chat feature and is otherwise optional.
A/AAAA lyncdiscoverinternal.<sipdomain>
lyncdiscoverinternal.contoso.com
HLB Front End pool VIP or Director IP
192.168.21.121
Internal AutoDiscover Service1, required for Mobility support. If internal DNS is used to resolve for mobile devices, it should point to the external IP, or DMZ VIP.
For Web services we require HLB on the Front End pool as HTTPS can't use DNS. For Front End pool or Director pool this should resolves to an HLB VIP, or a regular IP for a Standard edition server or a Standalone Director server.
Y
CNAME lyncdiscoverinternal.<sipdomain>
lyncdiscoverinternal. contoso.com
HLB FE Pool FQDN or Director FQDN
Web-int.contoso.com
Internal AutoDiscover Service1
You can implement this as a CNAME instead of an A record if desired.
A/AAAA sip.<sipdomain>
sip.contoso.com
Front End pool server IP addresses (or to each Director IP address)
DNS LB to 192.168.21.122 192.168.21.123 192.168.21.124
Required for automatic configuration, see Walkthrough of Skype for Business clients locating services
A record or records pointing to the Front End pool servers or Director servers on the internal network, or the Access Microsoft Edge service when the client is external
A/AAAA ucupdates-r2.<sipdomain>
ucupdates-r2.contoso.com
HLB FE Pool VIP Or Director Pool HLB VIP, or SE/Director Server IP
192.168.21.121
Deploying this record is optional ❸
SRV _sipinternaltls._tcp.<sipdomain>
Port 5061
_sipinternaltls._tcp.contoso.com
Port 5061
Front End pool FQDN
FE-Pool.contoso.com
Enables Internal user automatic sign-in 1 to the Front End server/pool or SE server/pool that authenticates and redirects client requests for sign-in.
A/AAAA sipinternal.<sipdomain>
sipinternal.contoso.com
Front End pool FQDN
FE-Pool.contoso.com
Internal user access ❶
SRV _ntp._udp.<sipdomain>
_ntp._udp.contoso.com
TimeServer FQDN
north-america.pool.ntp.org
NTP source required for Lync Phone Edition devices This is required to support desktop handsets.
SRV _sipfederationtls._tcp.<sipdomain>
_sipfederationtls._tcp.contoso.com
Access Edge service FQDN
EdgePool-int.contoso.com
Create one SRV record for each SIP domain that has IOS or Windows phone Mobile clients. For Mobile client support
A/AAAA admin URL
Web-int.contoso.com
HLB FE Pool VIP
192.168.21.121
Skype for Business Server Control Panel, see Simple URLs
A/AAAA meet URL
Web-int.contoso.com
HLB FE Pool VIP
192.168.21.121
Online meetings, see Simple URLs
A/AAAA dial-in URL
Web-int.contoso.com
HLB FE Pool VIP
192.168.21.121
Dial-in conferencing, see Simple URLs
A/AAAA internal Web Services FQDN
Web-int.contoso.com
HLB FE Pool VIP
192.168.21.121
Skype for Business Web Service used by Skype for Business Web App
A/AAAA Office Web Apps Server pool FQDN
OWA.contoso.com
Office Web Apps Server pool VIP address
192.168.1.5
Defines the Office Web Apps Server pool FQDN
A/AAAA Internal Web FQDN
Web-int.contoso.com
Front End pool VIP address
192.168.21.121
Defines the Internal Web FQDN used by Skype for Business Web App
If you're using DNS load balancing on this pool, your Front End pool and internal web farm can't have the same FQDN.

❶ Used by a client to discover the Front End Server or Front End pool, and be authenticated and signed in as a user. More detail on this is in Walkthrough of Skype for Business clients locating services.

❷ This is only required to support legacy clients prior to Lync 2013, and desktop handsets.

❸ In the situation where a Unified Communications device is turned on, but a user has never logged into the device, the A record allows the device to discover the server hosting Device Update Web service and obtain updates. Otherwise, devices obtain the server information though in-band provisioning the first time a user logs in.

The following diagram shows an example that includes both internal and external DNS records, and many of the records shown in the surrounding tables:

Edge network diagram using Public IPv4 addresses

example of DNS network diagram.

Perimeter network DNS mappings (both internal and external interfaces)

Record Type Value Resolves to Purpose Required
A/AAAA Internal Edge pool FQDN
EdgePool-int.contoso.com
Internal-facing Edge pool IP addresses
172.25.33.10, 172.25.33.11
Consolidated Edge Pool internal interface IP Addresses Y
A/AAAA Edge Server FQDN
Cons-1.contoso.com
Internal-facing server IP for a server in the Edge pool
172.25.33.10
Create a record for each server in the pool with the server FQDN pointing to its internal server node IP in the pool, see DNS Load Balancing on Edge Server Pools. Y
A/AAAA Access Edge service Pool FQDN
Access1.contoso.com
Access Edge service Pool external IP addresses
131.107.16.10, 131.107.16.11
The Access Edge service provides a single, trusted connection point for both outbound and inbound Session Initiation Protocol (SIP) traffic. Y
A/AAAA Web Conferencing Edge service Pool FQDN
Webcon1.contoso.com
Web Conferencing Edge service external IP addresses
131.107.16.90, 131.107.16.91
The Web Conferencing Edge service enables external users to join meetings that are hosted on your internal Skype for Business Server environment. Y
A/AAAA av.<sip-domain> Pool FQDN
AV1.contoso.com
A/V Edge external IP addresses
131.107.16.170, 131.107.16.171
The A/V Edge service makes audio, video, application sharing and file transfer available to external users. Y
CNAME sip.<sipdomain>
sip.contoso.com
External Access Edge Pool FQDN
Access1.contoso.com
Locates the Edge Server pool . See Walkthrough of Skype for Business clients locating services Y
SRV _sip._tls.<sipdomain>
_sip._tls.contoso.com
External Access Edge FQDN
Access1.contoso.com
Used for external user access. See Walkthrough of Skype for Business clients locating services Y
SRV _sipfederationtls._tcp.<sipdomain>
_sipfederationtls._tcp.contoso.com
External Access Edge FQDN
Access1.contoso.com
Used for Federation and public IM connectivity
SRV _xmpp-server._tcp.<sipdomain>
_xmpp-server._tcp.contoso.com
External Access Edge FQDN
Access1.contoso.com
The XMPP Proxy service accepts and sends extensible messaging and presence protocol (XMPP) messages to and from configured XMPP Federated partners. Y, to deploy Federation, otherwise optional
Not available in Skype for Business Server 2019.
SRV _sipfederationtls._tcp.<sipdomain>
_sipfederationtls._tcp.contoso.com
External Access Edge FQDN
Access1.contoso.com
To support Push Notification Service and Apple Push Notification service, you create one SRV record for each SIP domain. ❸
A/AAAA External Front End pool web services FQDN
Web-ext.contoso.com
Reverse proxy public IP address, proxies to the External Web Services VIP for your Front End pool ❶
131.107.155.1 proxy to 192.168.21.120
Front End pool external interface used by Skype for Business Web App Y
A/AAAA/CNAME lyncdiscover.<sipdomain>
lyncdiscover.contoso.com
Reverse proxy public IP address, resolves to the External Web Services VIP for your Director pool, if you have one, or for your Front End pool if you do not have a Director ❷
131.107.155.1 proxy to 192.168.21.120
External record for client AutoDiscover, also used by Mobility, Skype for Business Web App, and scheduler Web app, resolved by the reverse proxy server
To support Push Notification Service and Apple Push Notification service, you create one SRV record for each SIP domain that has Microsoft Lync Mobile clients. 3
Y
A/AAAA meet.<sipdomain>
meet.contoso.com
Reverse proxy public IP address, resolves to the external Web interface for the Front End pool
131.107.155.1 proxy to 192.168.21.120
Proxy to Skype for Business Web Service
See Simple URLs
Y
A/AAAA dial-in.<sipdomain>
dial-in.contoso.com
Reverse proxy public IP address, proxies to the external Web interface for the Front End pool
131.107.155.1 proxy to 192.168.21.120
Proxy to Skype for Business Web Service
See Simple URLs
Y
A/AAAA Office Web Apps Server pool FQDN
OWA.contoso.com
Reverse proxy public IP address, proxies to the external Web interface for the Office Web Apps Server
131.107.155.1 proxy to 192.168.1.5
Office Web Apps Server pool VIP address
192.168.1.5
Defines the Office Web Apps Server pool FQDN

❶ Required to deploy Federation, otherwise optional.

❷ Used by a client to discover the front end server or Front End pool, and be authenticated and signed in as a user.

❸ This requirement applies only to clients on Apple or Microsoft based mobile devices. Android and Nokia Symbian devices do not use push notification.

For more detail on Edge Servers and perimeter networks, see the Edge server DNS planning content.

Important

Skype for Business Server supports the use of IPv6 addressing. See Plan for IPv6 in Skype for Business for more details.

Important

For more detail on FQDNs, see DNS basics.

Split brain DNS

Split brain DNS is a DNS configuration where you have two DNS zones with the same namespace. The first DNS zone handles internal requests, while the second DNS zone handles external requests, as mentioned in these tables. For more about this see Split-brain DNS.

Hybrid considerations

If you plan to have some users homed online and some homed on premises, refer to the Hybrid connectivity planning article Skype for Business server 2019. You will need to configure DNS as normal for Skype for Business Server 2015 and also add additional DNS records.

You should also refer to "Office 365 URLs and IP address ranges" at https://aka.ms/o365ips to confirm that your users will have access to the online resources they will need.

Simple URLs

A Uniform Resource Locator (URL) is a reference to a web resource that specifies its location on a computer network and a protocol used to retrieve it.

Skype for Business Server supports using three "simple" URLs to access services:

  • Meet is used as the base URL for all conferences in the site. An example of a Meet simple URL is https://meet.contoso.com. A URL for a particular meeting might be https://meet.contoso.com/username/7322994.

    With the Meet simple URL, links to join meetings are easy to comprehend and easy to communicate.

  • Dial-in enables access to the Dial-in Conferencing Settings web page. This page displays conference dial-in numbers with their available languages, assigned conference information (that is, for meetings that do not need to be scheduled), and in-conference DTMF controls, and supports management of personal identification number (PIN) and assigned conferencing information. The Dial-in simple URL is included in all meeting invitations so that users who want to dial in to the meeting can access the necessary phone number and PIN information. An example of the Dial-in simple URL is https://dialin.contoso.com.

  • Admin enables quick access to the Skype for Business Server Control Panel. From any computer within your organization's firewalls, an admin can open the Skype for Business Server Control Panel by typing the Admin simple URL into a browser. The Admin simple URL is internal to your organization. An example of the Admin simple URL is https://admin.contoso.com.

Simple URLs are discussed in more detail at DNS requirements for simple URLs in Skype for Business Server.

DNS by server role

You can set the names of these pools and servers as you wish, but make them memorable and reflect their function in the system.

DNS records for individual servers or pools

These generic record requirements apply to any server role used by Skype for Business. A pool is a set of servers running the same services that work together to handle client requests directed to them through a load balancer. See Load balancing requirements for Skype for Business for details

DNS record Requirements for Server/pool roles (presumes DNS load balancing)

Deployment scenario DNS requirement
One Server:
Persistent Chat, Director, Mediation Server, Front end server
An internal A record that resolves the fully qualified domain name (FQDN) of the server to its IP address.
ServerRole.contoso.com 10.10.10.0
Pool:
Persistent Chat, Director, Edge Server, Mediation Server, Front end
An internal A record that resolves the fully qualified domain name (FQDN) of each server node in the pool to its IP address.
Example
ServerRole01.contoso.com 10.10.10.1
ServerRole02.contoso.com 10.10.10.2
Multiple internal A records that resolve the fully qualified domain name (FQDN) of the pool to the IP addresses of the server nodes in the pool.
Example
ServerPool.contoso.com 10.10.10.1
ServerPool.contoso.com 10.10.10.2

Edge Server specific DNS topics

To plan edge server deployment, review Plan for Edge Server deployments in Skype for Business Server 2015, and Advanced Edge Server DNS planning for Skype for Business Server 2015 which has the following sections