Вы находитесь на странице: 1из 13

DNS in Lync Server

2010
Correct configuration of DNS is key to a usable and stable Lync deployment.

To discover internal servers or pools for server-to-server communications.

To allow clients to discover the Front End pool or Standard Edition server used for various SIP
transactions.

To allow unified communications (UC) devices that are not logged on to discover the Front End
pool or Standard Edition server running Device Update Web Service, obtain updates, and send logs.

To allow Ext servers and clients to connect to Edge Servers or the HTTP reverse proxy for instant
messaging (IM) or conferencing.

To allow Ext UC devices to connect to Device Update Web service through Edge Servers or the
HTTP reverse proxy and obtain updates.

Standard Edition Server

An Internal A record that resolves the fully qualified domain name (FQDN) of the server to its IP
address.
Enterprise Edition Pool (with DNS Load Balancing)

A set of Internal A records that resolve the FQDN of the pool to the IP address of each server in
the pool. There must one A record for each server in the pool.
An A record that lists all the deployed Front End Servers
An A record (separate to the pool record) that points to the VIP of the hardware load balancer, this
is used for the pool's Web Services
Enterprise Edition Pool (with Hardware Load Balancing)

An Internal A record that resolves the fully qualified domain name (FQDN) of the Front End pool
to the virtual IP (VIP) address of the load balancer.
DNS Records for Automatic client sign-in

_sipInternaltls._tcp.<domain> e.g. An SRV record for _sipInternaltls._tcp.contoso.com domain


over port 5061 that maps to pool01.contoso.com

Device Update Web service discovery by (UC) devices

An Internal A record with the name ucupdates-r2.<SIP domain> that resolves to the IP address of
the Front End pool (or Standard Edition Service) that hosts the Device Update Web service.
DNS records for Simple URLs

Refer to the blog post on SimpleURLs here

Standard Edition Server


Function
Automatic
Client Sign-in
Server/Pool
discovery
Device
Update Web
Service
Time Server
Simple URL
(Meet)
Simple URL
(Dial-in)
Simple URL
(Admin)
Edge Internal
Ext TLS
connections
SIP Access
Edge Ext
interface
Web
Conferencing
Edge Ext
interface
A/V Edge Ext

Record
Type

Entry

Value

Int
/
Ext

SRV
5061

_sipInternaltls._tcp.contoso.com

Pool01.contoso.com

Int

Pool01.contoso.com

192.168.6.1

Int

ucupdates-r2.contoso.com

192.168.6.1

Int

SRV
123

_ntp._udp.contoso.com

DC.contoso.com

Int

Meet.contoso.com

192.168.6.1

Int

Dial-in.contoso.com

192.168.6.1

Int

Admin.contoso.com

192.168.6.1

Int

A
SRV
443

Lsedge.contoso.com

10.2.2.1

Int

_sip._tls. contoso.com

access.contoso.com

Ext

access.contoso.com

10.1.2.1

Ext

webcon.contoso.com

10.1.2.2

Ext

av.contoso.com

10.1.2.3

Ext

interface
Federation
Simple URL
(Meet)
Simple URL
(Dial-in)
Address Box
etc. via
Reverse
Proxy
Lync Web
Services
published via
Reverse
Proxy

SRV
5061

_sipfederationtls._tcp.contoso.com

Access.contoso.com

Ext

Meet.contoso.com

10.1.2.4

Ext

Dial-in.contoso.com

10.1.2.4

Ext

Lsrp.contoso.com

10.1.2.4

Ext

lsweb-ext.contoso.com

10.1.2.4

Ext

Note: In these examples, Standard Edition Lync Server address is 192.168.6.1, Edge has external
addresses 10.1.2.1 10.1.2.3 and internal 10.2.2.1, Reverse Proxy is 10.1.2.4

Internal DNS entries for Standard Edition Server

External DNS entries for consolidated Edge

Enterprise Pool (DNS Load Balancing)


Function

Record
Type

Entry

Value

Int
/
Ext

Automatic
Client Sign-in

SRV
5061

_sipInternaltls._tcp.contoso.com

Pool01.contoso.com

Int

192.168.6.1
Server/Pool
discovery
Server access
Server access
Server access
Web Services
Device
Update Web
Service
Time Server
Simple URL
(Meet)
Simple URL
(Dial-in)
Simple URL
(Admin)
Edge Internal
Ext TLS
connections
SIP Access
Edge Ext
interface
Web
Conferencing
Edge Ext
interface
A/V Edge Ext
interface
Federation
Simple URL
(Meet)
Simple URL

Pool01.contoso.com

A
A
A
A

LS01.contoso.com
LS02.contoso.com
LS03.contoso.com
Webcon.contoso.com

192.168.6.2
192.168.6.3
192.168.6.1
192.168.6.2
192.168.6.3
192.168.6.10

Int

ucupdates-r2.contoso.com

192.168.6.10

Int

SRV
123

_ntp._udp.contoso.com

DC.contoso.com

Int

Meet.contoso.com

192.168.6.10

Int

Dial-in.contoso.com

192.168.6.10

Int

Admin.contoso.com

192.168.6.10

Int

A
SRV
443

Lsedge.contoso.com

10.2.2.1

Int

_sip._tls. contoso.com

access.contoso.com

Ext

access.contoso.com

10.1.2.1

Ext

webcon.contoso.com

10.1.2.2

Ext

av.contoso.com

10.1.2.3

Ext

SRV
5061

_sipfederationtls._tcp.contoso.com

Access.contoso.com

Ext

Meet.contoso.com

10.1.2.4

Ext

Dial-in.contoso.com

10.1.2.4

Ext

Int
Int
Int
Int

(Dial-in)
Address Box
etc. via
Reverse
Proxy
Lync Web
Services
published via
Reverse
Proxy

Lsrp.contoso.com

10.1.2.4

Ext

lsweb-ext.contoso.com

10.1.2.4

Ext

Note: In these examples, Enterprise Edition Lync Servers addresses are 192.168.6.1 192.168.6.3, the
HLB has a VIP address of 192.168.6.10, Edge has external addresses 10.1.2.1 10.1.2.3 and internal
10.2.2.1, Reverse Proxy is 10.1.2.4

Internal DNS entries for Enterprise Edition pool with DNS Load Balancing

Enterprise Pool (HLB Load Balancing)

Function
Automatic
Client Sign-in
Server/Pool
discovery
Server access
Server access
Server access
Web Services
Device
Update Web
Service
Time Server
Simple URL
(Meet)
Simple URL
(Dial-in)
Simple URL
(Admin)
Edge Internal
Ext TLS
connections
SIP Access
Edge Ext
interface
Web
Conferencing
Edge Ext
interface
A/V Edge Ext
interface
Federation
Simple URL
(Meet)
Simple URL
(Dial-in)
Address Box
etc. via
Reverse

Record
Type

Entry

Value

Int
/
Ext

SRV
5061

_sipInternaltls._tcp.contoso.com

Pool01.contoso.com

Int

Pool01.contoso.com

192.168.6.10

Int

A
A
A
A

LS01.contoso.com
LS02.contoso.com
LS03.contoso.com
Webcon.contoso.com

192.168.6.1
192.168.6.2
192.168.6.3
192.168.6.10

Int
Int
Int
Int

ucupdates-r2.contoso.com

192.168.6.10

Int

SRV
123

_ntp._udp.contoso.com

DC.contoso.com

Int

Meet.contoso.com

192.168.6.10

Int

Dial-in.contoso.com

192.168.6.10

Int

Admin.contoso.com

192.168.6.10

Int

A
SRV
443

Lsedge.contoso.com

10.2.2.1

Int

_sip._tls. contoso.com

access.contoso.com

Ext

access.contoso.com

10.1.2.1

Ext

webcon.contoso.com

10.1.2.2

Ext

av.contoso.com

10.1.2.3

Ext

SRV
5061

_sipfederationtls._tcp.contoso.com

Access.contoso.com

Ext

Meet.contoso.com

10.1.2.4

Ext

Dial-in.contoso.com

10.1.2.4

Ext

Lsrp.contoso.com

10.1.2.4

Ext

Proxy
Lync Web
Services
published via
Reverse
Proxy

lsweb-ext.contoso.com

10.1.2.4

Ext

Note: In these examples, Enterprise Edition Lync Servers addresses are 192.168.6.1 192.168.6.3, the
HLB has a VIP address of 192.168.6.10, Edge has external addresses 10.1.2.1 10.1.2.3 and internal
10.2.2.1, Reverse Proxy is 10.1.2.4

Internal DNS entries for Enterprise Pool using Hardware Load Balancing
Official documentation on Technet

From the manual:


How Lync 2010 Clients Locate Services
During DNS lookup, SRV records are queried in parallel and returned in the following order to
the client:
_sipinternaltls._tcp.<domain> - for internal TLS connections
_sipinternal._tcp. <domain> - for internal TCP connections (performed only if TCP is allowed)
_sip._tls. <domain> - for external TLS connections
Where <domain> is the SIP domain used by your internal clients. The last two queries are for
clients that are connecting from outside your internal network. When creating SRV records, it is
important to remember that they must point to a DNS A record in the same domain in which the
DNS SRV record is created. For example, if the SRV record is in contoso.com, the A record it
points to cannot be in fabrikam.com, it has to also be in contoso.com.
The first time you sign in, the Lync client attempts to connect to a Front End pool using each of
the three SRV records in order, regardless of whether you are signing in from inside our outside
your network. After the Lync client makes a successful connection, it caches the DNS entry and
continues to use it until it is no longer successful. If the Lync client cannot use the cached value,
it queries DNS for the SRV records again and repopulates its cache. For example, this process is
followed if you have signed in to the internal network during the day and then take your laptop
home and sign in externally.
After the SRV record is returned, a query is performed for the DNS A record (by FQDN) of the
server or Front End pool associated with the SRV record. If no records are found during the DNS
SRV query, the Lync client performs an explicit lookup of sipinternal.<domain>. If the explicit
lookup does not produce results, the Lync client performs a lookup for sip.<domain>.
So in theory, yes, it should be using _sip._tls.domain.com before sip.domain.com. The user login
is xxx@domain.com right?

Can you run Network Monitor on the client and check what DNS queries are being made when
you hit login? Maybe there's some error on the _sip._tls.domain.com that is not showing on the
Event Viewer and it only shows the last query error (sip.domain.com)

I figured out my issue, using single IP nat it was 5061 i needed to have in the tls record not 443

Вам также может понравиться