One of the critical components for Lync to work is the DNS Entries. Lync uses two kind of DNS entries:
1. A record
2. SRV record
Internal DNS records:
| Record Type | Value | Points to | Purpose |
| A | Lyncdiscoverinternal.domain.com | FE server or pool | For the Autodiscover service on the internal Web services |
| A | Sipinternal.domain.com | FE server or pool | For the Front End pool or Director |
| A | Sip.domain.com | FE server or pool | For the Front End pool or Director on the internal network |
| A | Dialin.domian.com | FE server or pool | For the dial-in conferencing |
| A | Meet.domian.com | FE server or pool | For the web conferencing URL |
| A | Admin.domain.com | FE server or pool | For the Lync control panel |
| SRV | _sipinternaltls._tcp.domain.com | Sip.domain.com | For internal TLS connections |
| SRV | _sipinternal._tcp.domain.com | Sip.domain.com | For internal TCP connections (performed only if TCP is allowed) |
External DNS records:
| Record Type | Value | Points to | Purpose |
| A | meet.domain.com | ReverseProxy | For the external web conferencing |
| A | dialin.domain.com | ReverseProxy | For the external dial-in conferencing |
| A | Sip.domain.com | ReverseProxy | For the Access Edge service when the client is external |
| A | lyncdiscover.domian.com | ReverseProxy | For the Autodiscover service on the external Web services |
| A | Sipexternal.domain.com | ReverseProxy | For the Access Edge service when the client is external |
| A | Access.domain.com | ReverseProxy | Access edge |
| A | Av.domain.com | ReverseProxy | AV edge |
| A | Webconf.domain.com | ReverseProxy | Web conf edge |
| SRV | _sip._tls.domain.com | Sip.domain.com | For external TLS connections |
| SRV | _sipfederationtls_.tcp.domain.com | Sip.domain.com | For the federation |
Lync Auto discover process
Lync Client and Lync Mobile will attempt to resolve DNS records in the following order:
1. Lync client will try to resolve lyncdiscoverinternal.(sip-domain) , this is an internal record so the client need to be inside the network to be able to resolve this records, if the client couldn’t resolve the record it knows it is outside the corp network and goes to step two
2. Lync client will try to resolve lyncdiscover.(sip-domain)
Note - If above two steps fails, only Mobile / Windows App Lync clients will fail to login and stop trying.
DNS SRV discovery process
If those steps fail, and Lync clients couldn’t find them, then it will fall back to the DNS SRV records in the following order:
1. Lync client will try to resolve _sipinternaltls.tcp_(sip-domain) using TLS
2. Lync client will also try to resolve _sipinternal.tcp.(sip-domain) using TCP
3. Lync client will also try externally to resolve _sip._tls.(sip-domain) using TLS
4. sipinternal.(sip-domain) , internal A record of the Frontend / Director pool
5. sip.(sip-domain) , Internal A record of the Frontend / Director pool (Internally) , or Access Edge Service (Externally)
6. Sipexternal.(sip-domain) , A record for the external Access Edge services
NOTE: also that, the Lync Mobile cannot download the certificate and need the Autodiscover URL to locate the Frontend, so either you can install the certificate manually on all of your mobiles (headache) or what is commonly used is making a Forward lookup from your internal DNS to external DNS so that the lyncdiscoverrecord is resolved to the IP of your reverse proxy allowing the Lync mobile client to use the 3rd-party installed SSL certificate.
The DNS record that got resolved by the Lync Client will tell the Lync client the FQDN and port of the SIP register server (either the Lync Front end or the Director server). If you using DNS load balancing, then the client will get all the IP-address of the servers in the pool in a random way, and will try to connect to them and after registration most probably the client will be redirected to the correct front end.
No comments:
Post a Comment