DNS requirements for Skype for Business Server
Summary: Review the DNS considerations in this article before implementing Skype for Business Server.
This article only addresses DNS planning for Skype for Business Server deployments on an organization's on-premises network. For Skype for Business Online refer to "Office 365 URLs and IP address ranges" at https://aka.ms/o365ips.
A Domain name service (DNS) server maps hostnames (like www.contoso.com, presumably a web server) to IP addresses (such as 10.10.10.10). It helps clients and interdependent servers communicate with each other on the network. When you set up an implementation of Skype for Business Server 2015, you need to make sure the mapping of new server names (usually reflecting the role they'll be taking on) matches the IP addresses they're assigned to.
While this may seem a bit daunting at first, the heavy lifting for planning this can be done using the Skype for Business Server 2015 Planning Tool. Once you've gone through the wizard's questions about what features you plan to use, for each site you define you can view the DNS Report within the Edge Admin Report, and use the information listed there to create your DNS records. You can also make adjustments to many of the names and IP addresses used, for details see Review the DNS Report. Keep in mind you can export the Edge Admin Report to an Excel spreadsheet, and the DNS Report will be one of the worksheets in the file. While this tool includes features deprecated from Skype for Business Server 2019, it can still be used to create an initial plan if those features aren't selected
When you're installing a new implementation as described in Create DNS records for Skype for Business Server and building your topology for Skype for Business Server, we recognize that you can choose to use the DNS capabilities built in to Windows Server 2016 or a parter DNS package, so we'll keep the discussions in this article general rather than specific. We're detailing what's needed, and how you meet that need is your decision to make.
Experienced Skype for Business, Lync, and Office Communications Suite administrators will probably find the following tables useful. If the table is confusing to you, the later sections or articles shed some light on the following concepts:
Summary tables
The following tables show DNS records Skype for Business Server uses to provide services to users. Some are optional in that they're only needed to support certain features, and they can be skipped if those features aren't desired. The DNS records needed for internal access only are in the first table, and a deployment allowing internal and external access will need records from both tables.
Internal DNS mappings
| Record Type | Value | Resolves to | Purpose | Required |
|---|---|---|---|---|
| A/AAAA | Front End pool FQDN FE-pool.contoso.com |
Front End pool server IP addresses DNS LB to 192.168.21.122 192.168.21.123 192.168.21.124 |
DNS Load Balancing of Front End Pools. Maps the Front End pool name to a set of IP addresses. See Deploying DNS Load Balancing on Front End Pools and Director Pools |
Y |
| A/AAAA | FQDN of each Front End Server or Standard Edition server in a pool, or a standalone server FE01.contoso.com FE02.contoso.com FE03.contoso.com |
Corresponding IP of each server 192.168.21.122 192.168.21.123 192.168.21.124 |
Maps the server name to its IP address. | Y |
| A/AAAA | Enterprise Pool Internal Web Services Override FQDN Web-int.contoso.com |
HLB VIP for Front End Server Internal Web Services 192.168.21.120 |
Required to enable client to server web traffic, such as downloading the Skype for Business Web App. Also required for Mobile clients. | Y |
| A/AAAA | Enterprise Pool External Web Services Override FQDN Web-ext.contoso.com |
HLB VIP for Front End Server External Web Services 68.123.56.90 |
Required to enable client to server web traffic, such as downloading the Skype for Business Web App. Required if mobile clients resolve DNS internally. Can resolve to DMZ Reverse Proxy IP or Internet IP. | |
| A/AAAA | Back End Server SQL server FQDN SQL1.contoso.com |
server IP address 192.168.11.90 |
Maps the server name for a back-end SQL server working with the Front End pool to its IP address | |
| A/AAAA | Back End Server Mirror SQL server FQDN SQL2.contoso.com |
server IP address 192.168.11.91 |
Maps the server name for a back-end SQL mirror server working with the Front End pool to its IP address | |
| A/AAAA | Director pool FQDN Note: Not applicable when using a standalone Director server DirPool.contoso.com |
Director pool IP addresses DNS LB to 192.168.21.132, 192.168.21.133, 192.168.21.134 |
DNS load balancing of Director Pool servers. Maps the pool name for the Director pool to an IP address, see Deploying DNS Load Balancing on Front End Pools and Director Pools A Director can authenticate a user and is optional. |
|
| A/AAAA | Director FQDN | Server IP address of each Director server | Maps the pool name for the Director to an IP address, see Deploying DNS Load Balancing on Front End Pools and Director Pools | |
| A/AAAA | Mediation Server pool FQDN | Pool IP addresses | The Mediation Server role is optional. You can colocate the services provided by a mediation server to the Front End server or pool. See Using DNS Load Balancing on Mediation Server Pools | |
| A/AAAA | Mediation Server FQDN | Server IP address | You can colocate the services provided by a mediation server to the Front End server or pool. See Using DNS Load Balancing on Mediation Server Pools | |
| A/AAAA | Persistent Chat Server FQDN | Persistent Chat Server IP address | A Persistent Chat server is required for the Persistent Chat feature and is otherwise optional. | |
| A/AAAA | lyncdiscoverinternal.<sipdomain> lyncdiscoverinternal.contoso.com |
HLB Front End pool VIP or Director IP 192.168.21.121 |
Internal AutoDiscover Service1, required for Mobility support. If internal DNS is used to resolve for mobile devices, it should point to the external IP, or DMZ VIP. For Web services we require HLB on the Front End pool as HTTPS can't use DNS. For Front End pool or Director pool this should resolves to an HLB VIP, or a regular IP for a Standard edition server or a Standalone Director server. |
Y |
| CNAME | lyncdiscoverinternal.<sipdomain> lyncdiscoverinternal. contoso.com |
HLB FE Pool FQDN or Director FQDN Web-int.contoso.com |
Internal AutoDiscover Service1 You can implement this as a CNAME instead of an A record if desired. |
|
| A/AAAA | sip.<sipdomain> sip.contoso.com |
Front End pool server IP addresses (or to each Director IP address) DNS LB to 192.168.21.122 192.168.21.123 192.168.21.124 |
Required for automatic configuration, see Walkthrough of Skype for Business clients locating services A record or records pointing to the Front End pool servers or Director servers on the internal network, or the Access Microsoft Edge service when the client is external |
❷ |
| A/AAAA | ucupdates-r2.<sipdomain> ucupdates-r2.contoso.com |
HLB FE Pool VIP Or Director Pool HLB VIP, or SE/Director Server IP 192.168.21.121 |
Deploying this record is optional ❸ | |
| SRV | _sipinternaltls._tcp.<sipdomain> Port 5061 _sipinternaltls._tcp.contoso.com Port 5061 |
Front End pool FQDN FE-Pool.contoso.com |
Enables Internal user automatic sign-in 1 to the Front End server/pool or SE server/pool that authenticates and redirects client requests for sign-in. | ❷ |
| A/AAAA | sipinternal.<sipdomain> sipinternal.contoso.com |
Front End pool FQDN FE-Pool.contoso.com |
Internal user access ❶ | ❷ |
| SRV | _ntp._udp.<sipdomain> _ntp._udp.contoso.com |
TimeServer FQDN north-america.pool.ntp.org |
NTP source required for Lync Phone Edition devices | This is required to support desktop handsets. |
| SRV | _sipfederationtls._tcp.<sipdomain> _sipfederationtls._tcp.contoso.com |
Access Edge service FQDN EdgePool-int.contoso.com |
Create one SRV record for each SIP domain that has IOS or Windows phone Mobile clients. | For Mobile client support |
| A/AAAA | admin URL Web-int.contoso.com |
HLB FE Pool VIP 192.168.21.121 |
Skype for Business Server Control Panel, see Simple URLs | |
| A/AAAA | meet URL Web-int.contoso.com |
HLB FE Pool VIP 192.168.21.121 |
Online meetings, see Simple URLs | |
| A/AAAA | dial-in URL Web-int.contoso.com |
HLB FE Pool VIP 192.168.21.121 |
Dial-in conferencing, see Simple URLs | |
| A/AAAA | internal Web Services FQDN Web-int.contoso.com |
HLB FE Pool VIP 192.168.21.121 |
Skype for Business Web Service used by Skype for Business Web App | |
| A/AAAA | Office Web Apps Server pool FQDN OWA.contoso.com |
Office Web Apps Server pool VIP address 192.168.1.5 |
Defines the Office Web Apps Server pool FQDN | |
| A/AAAA | Internal Web FQDN Web-int.contoso.com |
Front End pool VIP address 192.168.21.121 |
Defines the Internal Web FQDN used by Skype for Business Web App If you're using DNS load balancing on this pool, your Front End pool and internal web farm can't have the same FQDN. |
❶ Used by a client to discover the Front End Server or Front End pool, and be authenticated and signed in as a user. More detail on this is in Walkthrough of Skype for Business clients locating services.
❷ This is only required to support legacy clients prior to Lync 2013, and desktop handsets.
❸ In the situation where a Unified Communications device is turned on, but a user has never logged into the device, the A record allows the device to discover the server hosting Device Update Web service and obtain updates. Otherwise, devices obtain the server information though in-band provisioning the first time a user logs in.
The following diagram shows an example that includes both internal and external DNS records, and many of the records shown in the surrounding tables:
Edge network diagram using Public IPv4 addresses
Perimeter network DNS mappings (both internal and external interfaces)
| Record Type | Value | Resolves to | Purpose | Required |
|---|---|---|---|---|
| A/AAAA | Internal Edge pool FQDN EdgePool-int.contoso.com |
Internal-facing Edge pool IP addresses 172.25.33.10, 172.25.33.11 |
Consolidated Edge Pool internal interface IP Addresses | Y |
| A/AAAA | Edge Server FQDN Cons-1.contoso.com |
Internal-facing server IP for a server in the Edge pool 172.25.33.10 |
Create a record for each server in the pool with the server FQDN pointing to its internal server node IP in the pool, see DNS Load Balancing on Edge Server Pools. | Y |
| A/AAAA | Access Edge service Pool FQDN Access1.contoso.com |
Access Edge service Pool external IP addresses 131.107.16.10, 131.107.16.11 |
The Access Edge service provides a single, trusted connection point for both outbound and inbound Session Initiation Protocol (SIP) traffic. | Y |
| A/AAAA | Web Conferencing Edge service Pool FQDN Webcon1.contoso.com |
Web Conferencing Edge service external IP addresses 131.107.16.90, 131.107.16.91 |
The Web Conferencing Edge service enables external users to join meetings that are hosted on your internal Skype for Business Server environment. | Y |
| A/AAAA | av.<sip-domain> Pool FQDN AV1.contoso.com |
A/V Edge external IP addresses 131.107.16.170, 131.107.16.171 |
The A/V Edge service makes audio, video, application sharing and file transfer available to external users. | Y |
| CNAME | sip.<sipdomain> sip.contoso.com |
External Access Edge Pool FQDN Access1.contoso.com |
Locates the Edge Server pool . See Walkthrough of Skype for Business clients locating services | Y |
| SRV | _sip._tls.<sipdomain> _sip._tls.contoso.com |
External Access Edge FQDN Access1.contoso.com |
Used for external user access. See Walkthrough of Skype for Business clients locating services | Y |
| SRV | _sipfederationtls._tcp.<sipdomain> _sipfederationtls._tcp.contoso.com |
External Access Edge FQDN Access1.contoso.com |
Used for Federation and public IM connectivity | ❶ |
| SRV | _xmpp-server._tcp.<sipdomain> _xmpp-server._tcp.contoso.com |
External Access Edge FQDN Access1.contoso.com |
The XMPP Proxy service accepts and sends extensible messaging and presence protocol (XMPP) messages to and from configured XMPP Federated partners. | Y, to deploy Federation, otherwise optional Not available in Skype for Business Server 2019. |
| SRV | _sipfederationtls._tcp.<sipdomain> _sipfederationtls._tcp.contoso.com |
External Access Edge FQDN Access1.contoso.com |
To support Push Notification Service and Apple Push Notification service, you create one SRV record for each SIP domain. ❸ | |
| A/AAAA | External Front End pool web services FQDN Web-ext.contoso.com |
Reverse proxy public IP address, proxies to the External Web Services VIP for your Front End pool ❶ 131.107.155.1 proxy to 192.168.21.120 |
Front End pool external interface used by Skype for Business Web App | Y |
| A/AAAA/CNAME | lyncdiscover.<sipdomain> lyncdiscover.contoso.com |
Reverse proxy public IP address, resolves to the External Web Services VIP for your Director pool, if you have one, or for your Front End pool if you do not have a Director ❷ 131.107.155.1 proxy to 192.168.21.120 |
External record for client AutoDiscover, also used by Mobility, Skype for Business Web App, and scheduler Web app, resolved by the reverse proxy server To support Push Notification Service and Apple Push Notification service, you create one SRV record for each SIP domain that has Microsoft Lync Mobile clients. 3 |
Y |
| A/AAAA | meet.<sipdomain> meet.contoso.com |
Reverse proxy public IP address, resolves to the external Web interface for the Front End pool 131.107.155.1 proxy to 192.168.21.120 |
Proxy to Skype for Business Web Service See Simple URLs |
Y |
| A/AAAA | dial-in.<sipdomain> dial-in.contoso.com |
Reverse proxy public IP address, proxies to the external Web interface for the Front End pool 131.107.155.1 proxy to 192.168.21.120 |
Proxy to Skype for Business Web Service See Simple URLs |
Y |
| A/AAAA | Office Web Apps Server pool FQDN OWA.contoso.com |
Reverse proxy public IP address, proxies to the external Web interface for the Office Web Apps Server 131.107.155.1 proxy to 192.168.1.5 |
Office Web Apps Server pool VIP address 192.168.1.5 |
Defines the Office Web Apps Server pool FQDN |
❶ Required to deploy Federation, otherwise optional.
❷ Used by a client to discover the front end server or Front End pool, and be authenticated and signed in as a user.
❸ This requirement applies only to clients on Apple or Microsoft based mobile devices. Android and Nokia Symbian devices do not use push notification.
For more detail on Edge Servers and perimeter networks, see the Edge server DNS planning content.
Important
Skype for Business Server supports the use of IPv6 addressing. See Plan for IPv6 in Skype for Business for more details.
Important
For more detail on FQDNs, see DNS basics.
Split brain DNS is a DNS configuration where you have two DNS zones with the same namespace. The first DNS zone handles internal requests, while the second DNS zone handles external requests, as mentioned in these tables. For more about this see Split-brain DNS.
Hybrid considerations
If you plan to have some users homed online and some homed on premises, refer to the Hybrid connectivity planning article Skype for Business server 2019. You will need to configure DNS as normal for Skype for Business Server 2015 and also add additional DNS records.
You should also refer to "Office 365 URLs and IP address ranges" at https://aka.ms/o365ips to confirm that your users will have access to the online resources they will need.
Simple URLs
A Uniform Resource Locator (URL) is a reference to a web resource that specifies its location on a computer network and a protocol used to retrieve it.
Skype for Business Server supports using three "simple" URLs to access services:
Meet is used as the base URL for all conferences in the site. An example of a Meet simple URL is https://meet.contoso.com. A URL for a particular meeting might be https://meet.contoso.com/username/7322994.
With the Meet simple URL, links to join meetings are easy to comprehend and easy to communicate.
Dial-in enables access to the Dial-in Conferencing Settings web page. This page displays conference dial-in numbers with their available languages, assigned conference information (that is, for meetings that do not need to be scheduled), and in-conference DTMF controls, and supports management of personal identification number (PIN) and assigned conferencing information. The Dial-in simple URL is included in all meeting invitations so that users who want to dial in to the meeting can access the necessary phone number and PIN information. An example of the Dial-in simple URL is https://dialin.contoso.com.
Admin enables quick access to the Skype for Business Server Control Panel. From any computer within your organization's firewalls, an admin can open the Skype for Business Server Control Panel by typing the Admin simple URL into a browser. The Admin simple URL is internal to your organization. An example of the Admin simple URL is https://admin.contoso.com.
Simple URLs are discussed in more detail at DNS requirements for simple URLs in Skype for Business Server.
DNS by server role
You can set the names of these pools and servers as you wish, but make them memorable and reflect their function in the system.
DNS records for individual servers or pools
These generic record requirements apply to any server role used by Skype for Business. A pool is a set of servers running the same services that work together to handle client requests directed to them through a load balancer. See Load balancing requirements for Skype for Business for details
DNS record Requirements for Server/pool roles (presumes DNS load balancing)
| Deployment scenario | DNS requirement |
|---|---|
| One Server: Persistent Chat, Director, Mediation Server, Front end server |
An internal A record that resolves the fully qualified domain name (FQDN) of the server to its IP address. ServerRole.contoso.com 10.10.10.0 |
| Pool: Persistent Chat, Director, Edge Server, Mediation Server, Front end |
An internal A record that resolves the fully qualified domain name (FQDN) of each server node in the pool to its IP address. Example ServerRole01.contoso.com 10.10.10.1 ServerRole02.contoso.com 10.10.10.2 Multiple internal A records that resolve the fully qualified domain name (FQDN) of the pool to the IP addresses of the server nodes in the pool. Example ServerPool.contoso.com 10.10.10.1 ServerPool.contoso.com 10.10.10.2 |
Edge Server specific DNS topics
To plan edge server deployment, review Plan for Edge Server deployments in Skype for Business Server 2015, and Advanced Edge Server DNS planning for Skype for Business Server 2015 which has the following sections