DNS Records for Skype for Business Hybrid Installation
DNS Configuration for Skype for Business Hybrid Deployments
DNS settings are important and you need to understand how your organizations Skype for Business communication flow works.
First important understanding:
If you run a hybrid installation, your Office 365 Tenant with Skype for Business Online is seen from your On-Premise installation as a federated organization.
Therefore the following DNS records must also be resolvable from your internal DNS infrastructure (Edge Server).
Depending on how DNS is configured in your organization, you may need to add these records to the internal hosted DNS zone for the corresponding SIP domain(s) to provide internal DNS resolution to these records. (see illustration below table)
Depending on how DNS is configured in your organization, you may need to add these records to the internal hosted DNS zone for the corresponding SIP domain(s) to provide internal DNS resolution to these records. (see illustration below table)
DNS RECORD
|
RECORD TYPE
|
WHERE
IT SHOULD RESOLVE TO
|
PORT
|
sip.YourDom.com
|
A
|
Public IP of Access Edge
|
n/a
|
_sip._tls.YourDom.com
|
SRV
|
External
on-premises Access Edge Interface (sip. YourDom.com)
|
443
|
_sipfederationtls._tcp.
YourDom.com |
SRV
|
External on-premises Access Edge Interface (sip. YourDom.com)
|
5061
|
webcon.YourDom.com
|
A
|
Public IP of
Access Edge
|
n/a
|
av.YourDom.com
|
A
|
Public IP of Access Edge
|
n/a
|
Illustration for DNS Best Practice:
(Click the illustration to enlarged)
The internal Clients, will not query the _sip._tls or _sipfederationtls._tcp records, but your Edge will do. Therefore the illustration above should provide you with an idea on how setting up DNS.
Remember, only the Edge is requiring the both DNS SRV record, not any internal system.
In case you decide not having a HOSTS file, this both drawing will also work, since this with or without SPLIT DNS, the internal DNS servers will provide the correct DNS records to the Edge Server.
Errors in SNOOPER:
An indication for DNS misconfiguration is for example a one-way Presence, where the external partner can see your presence, even is able calling your. But from your side no outbound presence or call are possible.Possible seen error with a wrong setup:
SIP communication:
ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";domain=YourDom.com";dns-srv-result="NegativeResult";dns-source="InternalCache";source="YourDom.com"
Conferencing Setup:
<diagHeader>1008;reason="Unable to resolve DNS SRV record";domain="YourDom.com";dns-srv-result="NegativeResult";dns-source="InternalCache";source="sip.YourDom.com"</diagHeader>
Important Best Practice:
Your Edge Servers should be configured with HOSTS file and external DNS resolution. If you fail doing so, you might consider configuring Split DNS with the external DNS Records (see table) on your internal DNS SIP Domain.
Understanding Hybrid Deployments on Technet:
https://technet.microsoft.com/en-us/library/jj205403.aspx
Troubleshooting Hybrid Deployment on Technet:
https://support.microsoft.com/de-de/help/2566790/troubleshooting-skype-for-business-online-dns-configuration-issues-in-office-365
Author: Thomas Poett MVP, Business Unit Lead Microsoft Unified Communication
Hi Thomas! It's a great post! Thanks! I have a question to you: in my environment, I have SPLIT DNS Domain and the EDGE server has not external DNS resolution. In instead, they has internal DNS servers on the external NIC because there are not DNS servers in DMZ network. i didn't find any document in technet where said that I need to create the DNS records that you indicated in the table. I found only this article: https://technet.microsoft.com/en-us/library/jj205403.aspx: DNS SRV record for _sipfederationtls._tcp. for all supported SIP domains resolving to Access Edge external IP(s) | DNS A record(s) for Edge Web Conferencing Service FQDN, e.g. webcon.contoso.com resolving to Web Conferencing Edge external IP(s). My question is if I need to create the following DNS records: sip._tls.YourDom.com and av.YourDom.com in my internal DNS zone. In other words, what DNS records should the EDGE server resolve? Thank you! Fernando
ReplyDeleteHi, yes, you need all DNS records available from your Edge Server. Meaning, your Edge must resolve all of the above DNS record on your internal DNS with IPs from your external Edge Server. Whereby WebConf resolve the WebConf IP and AV mus resolve the external AV IP. everything else resoves the Access IP
DeleteNot really a fan of terms like external IP as this is still misleading to me. Does this refer to external IP as in external public IP address or edge servers external nic IP address. I would presume public IP but as you know there are many externals in an edge reference.
ReplyDelete