Skype for Business DNS Records are one of critical components of the whole infrastructure. Skype for Business uses two types of DNS records: A record and SRV record.
The DNS is often deployed as “split-brain” DNS deployment: the same zone name is deployed internally and externally but with different (internal or external) IP-addresses for the same entries.
Thus Skype for Business clients will get information only from their zone, so if external client is trying to connect to Skype for Business server, it will resolve the entries to the external IP-addresses, if it’s from internal network then it will resolve the DNS entries to internal IP-addresses using the internal DNS server.
If you are not using “split-brain” DNS you can create a zone for each required DNS records pointing it to the internal IP-address.
Skype for Business DNS Records requirements
Skype for Business Internal DNS Records
| Description | Record type | Name | Resolves to | Load balancing type |
| SFB Front End №1 FQDN | A | SFB01.domain.local | IP address of server SFB01 | DNS |
| SFB Front End №2 FQDN | A | SFB02.domain.local | IP address of server SFB02 | DNS |
| SFB Front End №3 FQDN | A | SFB03.domain.local | IP address of server SFB03 | DNS |
| Pool FQDN | A | pool.domain.local | IP address of server SFB01 | DNS |
| Pool FQDN | A | pool.domain.local | IP address of server SFB02 | DNS |
| Pool FQDN | A | pool.domain.local | IP address of server SFB03 | DNS |
| Internal Web Services FQDN | A | webint.domain.local | VIP for Internal Web Services | Supported software and hardware |
| Skype for Business Auto Discover | A | lyncdiscoverinternal.domain.local | VIP for Internal Web Services | Supported software and hardware |
| Meeting Simple URL | A | meet.domain.local | VIP for Internal Web Services | Supported software and hardware |
| Dial-in Simple URL | A | dialin.domain.local | VIP for Internal Web Services | Supported software and hardware |
| Web Scheduler Simple URL | A | scheduler.domain.local | VIP for Internal Web Services | Supported software and hardware |
| Administration Simple URL | A | admin.domain.local | VIP for Internal Web Services | Supported software and hardware |
| Legacy Discovery | SRV | _sipinternaltls._tcp.domain.local | Pool FQDN (port 5061) | N/A |
Skype for Business External DNS Records
It’s not easy to find Skype for Business DNS Requirements for multiple Edge pools. Copypasted articles for the simplest scenario are everywhere… Finally I managed to figure out the stuff. In the example below there are two Edge pools with two Edge servers in each. Each pool has it’s own Reverse Proxy:
| Description | Record type | Name | Resolves to |
| Pool01 Access Edge №1 FQDN | A | sip.domain.public | IP address of Edge01 Access Edge in Pool01 |
| Pool01 Access Edge №2 FQDN | A | sip.domain.public | IP address of Edge02 Access Edge in Pool01 |
| Pool02 Access Edge №1 FQDN | A | sip.domain.public | IP address of Edge01 Access Edge in Pool02 |
| Pool02 Access Edge №2 FQDN | A | sip.domain.public | IP address of Edge02 Access Edge in Pool02 |
| Pool01 Web Conf Edge №1 FQDN | A | webconf.domain.public | IP address of Edge01 Web Conf Edge in Pool01 |
| Pool01 Web Conf Edge №2 FQDN | A | webconf.domain.public | IP address of Edge02 Web Conf Edge in Pool01 |
| Pool02 Web Conf Edge №1 FQDN | A | webconf.domain.public | IP address of Edge01 Web Conf Edge in Pool02 |
| Pool02 Web Conf Edge №2 FQDN | A | webconf.domain.public | IP address of Edge02 Web Conf Edge in Pool02 |
| Pool01 A/V Edge №1 FQDN | A | av.domain.public | IP address of Edge01 A/V Edge in Pool01 |
| Pool01 A/V Edge №2 FQDN | A | av.domain.public | IP address of Edge02 A/V Edge in Pool01 |
| Pool02 A/V Edge №1 FQDN | A | av.domain.public | IP address of Edge01 A/V Edge in Pool02 |
| Pool02 Web Conf Edge №2 FQDN | A | av.domain.public | IP address of Edge02 A/V Edge in Pool02 |
| Lyncdiscover Record for Pool01 | A | lyncdiscover.domain.public | IP address of Reverse Proxy for Pool01 |
| Lyncdiscover Record for Pool02 | A | lyncdiscover.domain.public | IP address of Reverse Proxy for Pool02 |
| Skype for Business External Webservices FQDN for Pool01 | A | pool01webext.domain.public | IP address of Reverse Proxy for Pool01 |
| Skype for Business External Webservices FQDN for Pool02 | A | pool02webext.domain.public | IP address of Reverse Proxy for Pool02 |
| Meeting Simple URL | A | meet.domain.public | IP address of Reverse Proxy for Pool01 |
| Meeting Simple URL | A | meet.domain.public | IP address of Reverse Proxy for Pool02 |
| Dial-in Simple URL | A | dialin.domain.public | IP address of Reverse Proxy for Pool01 |
| Dial-in Simple URL | A | dialin.domain.public | IP address of Reverse Proxy for Pool02 |
| Office Web Apps Server in Pool01 FQDN | A | owapp01.domain.public | IP address of Reverse Proxy for Pool01 |
| Office Web Apps Server in Pool02 FQDN | A | owapp02.domain.public | IP address of Reverse Proxy for Pool02 |
| SIP TLS Record | SRV | _sip._tls 0 0 443 | sip.domain.com. |
| XMPP Federation Record | SRV | _xmpp-server._tcp 0 0 443 | sip.domain.com. |
| SIP Federation Record | SRV | _sipfederationtls._tcp 0 0 5061 | sip.domain.com. |
As you can see in case of multiple pools with multiple servers we need DNS A Record for each server in each pool. The last three records are common for the whole Skype for Business infrastructure.
Skype for Business Desktop Client Sign-In Process
Since Lync 2013 clients favor Autodiscover services over DNS SRV records to locate the Front End server.
Autodiscover process
Both desktop and mobile clients will attempt to resolve DNS records in the following order:
1. lyncdiscoverinternal.(sip-domain) , this is an internal record so the client needs to be in internal network to be able to resolve this record, if the client couldn’t resolve the record it knows it is outside the corporate network and goes to step two
2. lyncdiscover.(sip-domain)
If Mobile client failed to resolve this record it will fail to login and stop trying!
Desktop client will try to failback to DNS SRV Records:
DNS SRV discovery process (desktop client only!)
1. _sipinternaltls.tcp_(sip-domain) using TLS
2. _sipinternal.tcp.(sip-domain) using TCP
3. _sip._tls.(sip-domain) using TLS (Externally only)
4. sipinternal.(sip-domain) , internal A record of the Frontend / Director pool
5. sip.(sip-domain) , Internal A record of the Frontend / Director pool (Internally) , or Access Edge Service (Externally)
6. sipexternal.(sip-domain) , A record for the external Access Edge services (Externally only)
The DNS record that got resolved by client will tell the client the FQDN and port of the SIP register server (either Front End or Director server). If you using DNS load balancing, then the client will get all the IP-address of the servers in the pool in a random way.
The client will try to connect starting from the first IP and after successful connection it will most probably be redirected to it’s main registrar front end server.
You can check which pool user belongs to and which FrontEnd is primary registrar for them by using the following commandlet:
|
1 |
Get-CsUserPoolInfo -Identity "user@domain.com" |
If you using Hardware load balancing, the Skype for Business Client will get the VIP of the hardware load balancer.
