Topic Last Modified: 2011-05-16

DNS record requirements for remote access to Lync Server are fairly straightforward compared to those for certificates and ports. Also, many records are optional, depending on how you configure Microsoft Lync 2010 clients and whether you enable federation.

For details about Lync Server 2010 DNS requirements, see Determining DNS Requirements.

For details on configuring automatic configuration of Microsoft Lync 2010 clients if split-brain DNS is not configured, see the "Automatic Configuration without Split Brain DNS" section in Determining DNS Requirements.

The following table contains a summary of the DNS records that are required to support the single consolidated edge topology shown in the Single Consolidated Edge Topology figure. Note that certain DNS records are required only for automatic configuration of Lync 2010 clients. If you plan to use Group Policy Objects (GPOs) to configure Lync clients, the associated records are not necessary.

IMPORTANT: Edge/Reverse Proxy Network Adapter Requirements

To avoid routing issues, verify that there are at least two network adapters in your edge and reverse proxy servers and that the default gateway is set only on the network adapter associated with the external interface. For example, as shown in the Scaled Consolidated Edge Topology (DNS Load Balanced) figure in Reference Architecture 2: Scaled Consolidated Edge (DNS Load Balanced), the default gateway would point to the external firewall (10.45.16.1).

You can configure two network adapters in your Edge Server as follows:

  • Network adapter 1 (Internal Interface)

    Internal interface with 172.25.33.10 assigned.

    No default gateway is defined.

    Ensure there is a route from the network containing the Edge internal interface to any networks that contain servers running Lync Server 2010 or Lync clients (for example, from 172.25.33.0 to 192.168.10.0).

  • Network adapter 2 (External Interface)

    Three private IP addresses are assigned to this network adapter.

    Access Edge IP address is primary with default gateway set to integrated router (10.45.16.1).

    Web conferencing and A/V Edge IP addresses secondary.

You can configure two network adapters in your reverse proxy as follows:

  • Network adapter 1 (Internal Interface)

    Internal interface with 172.25.33.40 assigned.

    No default gateway is defined.

    Ensure there is a route from the network containing the reverse proxy internal interface to any networks that contain Lync Server 2010 Front End pool servers (for example, from 172.25.33.0 to 192.168.10.0).

  • Network adapter 2 (External Interface)

    A minimum of two public IP addresses are assigned to this network adapter.

DNS Records Required for Scaled Consolidated Edge Topology (DNS Load Balanced): Consolidated Edge

Location Type FQDN IP address/FQDN Port Maps to/comments

External DNS

A

access.contoso.com

131.107.155.10

SIP Access Edge external interface (contoso) (NODE 1)

External DNS

A

access.contoso.com

131.107.155.11

SIP Access Edge external interface (contoso) (NODE 2)

External DNS

A

access.fabrikam.com

131.107.155.10

SIP Access Edge external interface (fabrikam) (NODE 1)

External DNS

A

access.fabrikam.com

131.107.155.11

SIP Access Edge external interface (fabrikam) (NODE 2)

External DNS

A

webcon.contoso.com

131.107.155.20

Web Conferencing Edge external interface (NODE 1)

External DNS

A

webcon.contoso.com

131.107.155.21

Web Conferencing Edge external interface (NODE 2)

External DNS

A

av.contoso.com

131.107.155.30

A/V Edge external interface (NODE 1)

External DNS

A

av.contoso.com

131.107.155.31

A/V Edge external interface (NODE 2)

External DNS

SRV

_sip._tls.contoso.com

access.contoso.com

443

SIP Access Edge external interface (access.contoso.com)

Required for automatic configuration of Lync 2010 clients to work externally

External DNS

SRV

_sip._tls.fabrikam.com

access.fabrikam.com

443

SIP Access Edge external interface (access.fabrikam.com)

Required for automatic configuration of Lync 2010 clients to work externally.

External DNS

SRV

_sipfederationtls._tcp.contoso.com

access.contoso.com

5061

SIP Access Edge external interface (access.contoso.com)

Required for automatic DNS discovery of federated partners known as “Allowed SIP Domain” (called enhanced federation in previous releases).

External DNS

SRV

_sipfederationtls._tcp.fabrikam.com

access.fabrikam.com

5061

SIP Access Edge external interface (access.fabrikam.com)

Required for automatic DNS discovery of federated partners known as “Allowed SIP Domain” (called enhanced federation in previous releases).

Internal DNS

A

lsedge.contoso.net

172.25.33.10

Consolidated Edge internal interface (DNS load balancer)

Internal DNS

A

lsedge.contoso.net

172.25.33.11

Consolidated Edge internal interface (DNS load balancer)

Internal DNS

A

con01.contoso.net

172.25.33.10

Consolidated Edge internal interface (NODE 1)

Internal DNS

A

con01.contoso.net

172.25.33.11

Consolidated Edge internal interface (NODE 2)

Internal DNS

A

ucupdates-r2.contoso.net

192.168.7.190

Used for Lync 2010 device updates

DNS Records Required for Scaled Consolidated Edge Topology (DNS Load Balanced): Reverse Proxy

Location Type FQDN IP Address/FQDN Port Maps to/comments

External DNS

A

lcsrp.contoso.com

131.107.155.40

Used to publish Address Book Service, distribution group expansion, and meeting content.

External DNS

A

dialin.contoso.com

131.107.155.40

Dial-in conferencing published externally

External DNS

A

meet.contoso.com

131.107.155.40

Conferences published externally

External DNS

A

lsweb-ext.contoso.com

131.107.155.40

Lync Server 2010 external Web Services FQDN

Internal DNS

A

rproxy.contoso.com (optional)

172.25.33.40

Reverse proxy internal interface. This is not required but helps you test whether internal servers can access the internal interface of the reverse proxy.

DNS Records Required for Scaled Consolidated Edge Topology (DNS Load Balanced): Next Hop Pool

Location Type FQDN IP address/FQDN Port Maps to/comments

Internal DNS

A

pool01.contoso.net

192.168.10.90

Pool01 (DNS load balancer)

Internal DNS

A

pool01.contoso.net

192.168.10.91

Pool01 (DNS load balancer)

Internal DNS

A

fe01.contoso.net

192.168.10.90

Pool01 Front End Server (NODE 1)

Internal DNS

A

fe02.contoso.net

192.168.10.91

Pool01 Front End Server (NODE 2)

Internal DNS

A

lsweb.contoso.net

192.168.10.190

Pool01 (VIP) for client-to-server web traffic

Internal DNS

A

sql01.contoso.net

192.168.10.100

Pool01 Back End Server running Microsoft SQL Server 2008 R2, Microsoft SQL Server 2008, or Microsoft SQL Server 2005

Internal DNS

A

pool01.contoso.com

192.168.10.90

Pool01 (DNS load balancer) – for automatic configuration of Lync 2010 clients to work internally

Internal DNS

A

pool01.fabrikam.com

192.168.10.90

Pool01 (DNS load balancer) – for automatic configuration of Lync 2010 clients to work internally

Internal DNS

A

sip.contoso.com

192.168.10.90

Required for automatic configuration of Lync 2010 clients to work internally

Internal DNS

A

sip.fabrikam.com

192.168.10.90

Required for automatic configuration of Lync 2010 clients to work internally

Internal DNS

A

dialin.contoso.com

192.168.10.190

Dial-in conferencing published internally

Internal DNS

A

meet.contoso.com

192.168.10.190

Online meetings published internally

Internal DNS

A

admin.contoso.com

192.168.10.190

Microsoft Lync Server 2010 Control Panel published internally

Internal DNS

SRV

_sipinternaltls._tcp.contoso.com

pool01.contoso.com

5061

Required for automatic configuration of Lync 2010 clients to work internally

Internal DNS

SRV

_sipinternaltls._tcp.fabrikam.com

pool01.fabrikam.com

5061

Required for automatic configuration of Lync 2010 clients to work internally

Internal DNS

SRV

_ntp._udp.contoso.com

timeServerFQDN

123

Network Time Protocol (NTP) source required for Microsoft Lync 2010 Phone Edition devices

Note:
VIP = virtual IP address
Important:
The records listed in the preceding table are shown with either a .net extension or a .com extension to highlight which zone they need to reside in if you are not using split-brain DNS. If you are using split-brain DNS, all records would be in the same zone, with the only distinction being whether they are in the internal or external version. For details, see “Split-Brain DNS” in Determining DNS Requirements.