You must configure specific Domain Name System (DNS) settings on each external and internal interface of each Edge Server. In general, this includes configuring DNS records to point to appropriate servers in the internal network and configuring DNS records as appropriate for each Edge Server. For details about the recommended DNS settings, see DNS Requirements for External User Access.

If you are using the two-firewall topology, with your perimeter network separated from your internal network by an internal firewall, you have two recommended options for how to configure the DNS A records that the Edge Servers use to communicate with internal servers. You can set up a DNS Server in the perimeter network, or edit the hosts file on each Edge Server. (For security reasons, it is not recommended that you have Edge Servers access a DNS Server located in the internal network.)

Note:
To prevent DNS SRV spoofing and ensure that certificates provide valid ties from the user URI to real credentials, Office Communications Server 2007 R2 requires that the name of the DNS SRV domain match the server name on the certificate. The subject name (SN) must point to sip.< domain>.