Jaa


DNS summary - Scaled consolidated edge, DNS load balancing with private IP addresses using NAT in Lync Server 2013

 

Topic Last Modified: 2012-09-08

DNS record requirements for remote access to Lync Server 2013 are fairly straightforward compared to those for certificates and ports. Also, many records are optional, depending on how you configure clients running Lync 2013 and whether you enable federation.

For details about Lync 2013 DNS requirements, see Determine DNS requirements for Lync Server 2013.

For details about configuring automatic configuration of Lync 2013 clients if split-brain DNS is not configured, see the "Automatic Configuration without Split Brain DNS" section in Determine DNS requirements for Lync Server 2013.

The following table contains a summary of the DNS records that are required to support the single consolidated edge topology shown in the Single Consolidated Edge Topology figure. Note that certain DNS records are required only for automatic configuration of Lync 2013 clients. If you plan to use group policy objects (GPOs) to configure Lync clients, the associated records are not necessary.

IMPORTANT: Edge Server Network Adapter Requirements

To avoid routing issues, verify that there are at least two network adapters in your Edge Servers and that the default gateway is set only on the network adapter associated with the external interface. For example, as shown in the Scaled Consolidated Edge Scenario figure in Scaled consolidated edge, DNS load balancing with private IP addresses using NAT in Lync Server 2013, the default gateway would point to the external firewall.

You can configure two network adapters in each of your Edge Server as follows:

  • Network adapter 1 - Node 1 (Internal Interface)

    Internal interface with 172.25.33.10 assigned.

    No default gateway is defined.

    Ensure that there is a route from the network containing the Edge internal interface to any networks that contain servers running Lync Server 2013 or Lync Server 2013 clients (for example, from 172.25.33.0 to 192.168.10.0).

  • Network adapter 1 - Node 2 (Internal Interface)

    Internal interface with 172.25.33.11 assigned.

    No default gateway is defined.

    Ensure that there is a route from the network containing the Edge internal interface to any networks that contain servers running Lync Server 2013 or Lync Server 2013 clients (for example, from 172.25.33.0 to 192.168.10.0).

  • Network adapter 2 Node 1 (External Interface)

    Three private IP addresses are assigned to this network adapter, for example 10.45.16.10 for Access Edge, 10.45.16.20 for Web Conferencing Edge, 10.45.16.30 for AV Edge.

    Note

    It is possible, though not recommended, to use a single IP address for all three Edge service interfaces. Though this does save IP addresses, it requires different port numbers for each service. The default port number is 443/TCP, which ensures that most remote firewalls will allow the traffic. Changing the port values to (for example) 5061/TCP for the Access Edge, 444/TCP for the Web Conferencing Edge and 443/TCP for the AV Edge might cause problems for remote users where a firewall that they are behind does not allow the traffic over 5061/TCP and 444/TCP. Additionally, three distinct IP addresses makes troubleshooting easier due to being able to filter on IP address.

    The Access Edge public IP address is primary with default gateway set to the integrated router (10.45.16.1).

    Web conferencing and A/V Edge private IP addresses are additional IP addresses in the Advanced section of the properties of Internet Protocol Version 4 (TCP/IPv4) and Internet Protocol Version 6 (TCP/IPv6) of the Local Area Connection Properties in Windows Server.

  • Network adapter 2 Node 2 (External Interface)

    Three private IP addresses are assigned to this network adapter, for example 10.45.16.11 for Access Edge, 10.45.16.21 for Web Conferencing Edge, 10.45.16.31 for AV Edge.

    The Access Edge public IP address is primary with default gateway set to the integrated router (10.45.16.1).

    Web conferencing and A/V Edge private IP addresses are additional IP addresses in the Advanced section of the properties of Internet Protocol Version 4 (TCP/IPv4) and Internet Protocol Version 6 (TCP/IPv6) of the Local Area Connection Properties in Windows Server.

Tip

Configuring the Edge Server with two network adapters is one of two options. The other option is to use one network adapter for the internal side and three network adapters for the external side of the Edge Server. The main benefit of this option is a distinct network adapter per Edge Server service, and potentially more concise data collection when troubleshooting is necessary

DNS Records Required for Scaled Consolidated Edge, DNS Load Balancing with Private IP Addresses Using NAT (Example)

Location/TYPE/Port FQDN/DNS Record IP Address/FQDN Maps to/Comments

External DNS/A

sip.contoso.com

131.107.155.10 and 131.107.155.11

Access Edge external interface (Contoso) Repeat as necessary for all SIP domains with Lync enabled users

External DNS/A

webcon.contoso.com

131.107.155.20 and 131.107.155.21

Web Conferencing Edge external interface

External DNS/A

av.contoso.com

131.107.155.30 and 131.107.155.31

A/V Edge external interface

External DNS/SRV/443

_sip._tls.contoso.com

sip.contoso.com

Access Edge external interface. Required for automatic configuration of Lync 2013 and Lync 2010 clients to work externally. Repeat as necessary for all SIP domains with Lync enabled users.

External DNS/SRV/5061

_sipfederationtls._tcp.contoso.com

sip.contoso.com

SIP Access Edge external interface. Required for automatic DNS discovery of federated partners known as “Allowed SIP Domain” (called enhanced federation in previous releases). Repeat as necessary for all SIP domains with Lync enabled users

Internal DNS/A

lsedge.contoso.net

172.25.33.10 and 172.25.33.11

Consolidated Edge internal interface

Records Required for Federation

Location/TYPE/Port FQDN IP address/FQDN host record Maps to/Comments

External DNS/SRV/5061

_sipfederationtls._tcp.contoso.com

sip.contoso.com

SIP Access Edge external interface Required for automatic DNS discovery of your federation to other potential federation partners, and is known as “Allowed SIP Domains” (called enhanced federation in previous releases).Repeat as necessary for all SIP domains with Lync enabled users

Important

This SRV record is required for mobility and the push notification clearing house

DNS Summary – Public Instant Messaging Connectivity

Location/TYPE/Port FQDN/DNS Record IP Address/FQDN Maps to/Comments

External DNS/A

sip.contoso.com

Access Edge service interface

Access Edge external interface (Contoso)Repeat as necessary for all SIP domains with Lync enabled users

DNS Summary for Extensible Messaging and Presence Protocol

Location/TYPE/Port FQDN IP address/FQDN host record Maps to/Comments

External DNS/SRV/5269

_xmpp-server._tcp.contoso.com

xmpp.contoso.com

XMPP proxy external interface on the Access Edge service or Edge pool.Repeat as necessary for all internal SIP domains with Lync enabled users where contact with XMPP contacts is allowed through the configuration of the External Access Policy through a global policy, site policy where the user is located, or user policy applied to the Lync-enabled user. An allowed XMPP domain must also be configured in the XMPP Federated Partners policy. See topics in See Also for additional details

External DNS/A

xmpp.contoso.com (for example)

IP address of Access Edge service on your Edge Server or Edge pool hosting XMPP proxy

Points to the Access Edge service or Edge pool that hosts the XMPP proxy service. Typically, the SRV record that you create will point to this host (A or AAAA) record