Understanding Skype for Business DNS Records and Autoconfiguration

skype-for-businessSkype for Business DNS Records are one of critical components of the whole infrastructure. Skype for Business uses two types of DNS records: A record and SRV record.

The DNS is often deployed as “split-brain” DNS deployment: the same zone name is deployed internally and externally but with different (internal or external) IP-addresses for the same entries.

Thus Skype for Business clients will get information only from their zone, so if  external client is trying to connect to Skype for Business server, it will resolve the entries to the external IP-addresses, if it’s from internal network then it will resolve the DNS entries to internal IP-addresses using the internal DNS server.

If you are not using “split-brain” DNS you can create a zone for each required DNS records pointing it to the internal IP-address.

Skype for Business DNS Records requirements

Skype for Business Internal DNS Records

Description Record type Name Resolves to Load balancing type
SFB Front End1 FQDN A SFB01.domain.local IP address of server SFB01 DNS
SFB Front End2 FQDN A SFB02.domain.local IP address of server SFB02 DNS
SFB Front End3 FQDN A SFB03.domain.local IP address of server SFB03 DNS
Pool FQDN A pool.domain.local IP address of server SFB01 DNS
Pool FQDN A pool.domain.local IP address of server SFB02 DNS
Pool FQDN A pool.domain.local IP address of server SFB03 DNS
Internal Web Services FQDN A webint.domain.local VIP for Internal Web Services Supported software and hardware
Skype for Business Auto Discover A lyncdiscoverinternal.domain.local VIP for Internal Web Services Supported software and hardware
Meeting Simple URL A meet.domain.local VIP for Internal Web Services Supported software and hardware
Dial-in Simple URL A dialin.domain.local VIP for Internal Web Services Supported software and hardware
Web Scheduler Simple URL A scheduler.domain.local VIP for Internal Web Services Supported software and hardware
Administration Simple URL A admin.domain.local VIP for Internal Web Services Supported software and hardware
Legacy Discovery SRV _sipinternaltls._tcp.domain.local Pool FQDN (port 5061) N/A

Skype for Business External DNS Records

It’s not easy to find Skype for Business DNS Requirements for multiple Edge pools. Copypasted articles for the simplest scenario are everywhere… Finally I managed to figure out the stuff. In the example below there are two Edge pools with two Edge servers in each. Each pool has it’s own Reverse Proxy:

Description Record type Name Resolves to
Pool01 Access Edge 1 FQDN A sip.domain.public IP address of Edge01 Access Edge in Pool01
Pool01 Access Edge 2 FQDN A sip.domain.public IP address of Edge02 Access Edge in Pool01
Pool02 Access Edge 1 FQDN A sip.domain.public IP address of Edge01 Access Edge in Pool02
Pool02 Access Edge 2 FQDN A sip.domain.public IP address of Edge02 Access Edge in Pool02
Pool01 Web Conf Edge №1 FQDN A webconf.domain.public IP address of Edge01 Web Conf Edge in Pool01
Pool01 Web Conf Edge №2 FQDN A webconf.domain.public IP address of Edge02 Web Conf Edge in Pool01
Pool02 Web Conf Edge №1 FQDN A webconf.domain.public IP address of Edge01 Web Conf Edge in Pool02
Pool02 Web Conf Edge №2 FQDN A webconf.domain.public IP address of Edge02 Web Conf Edge in Pool02
Pool01 A/V Edge №1 FQDN A av.domain.public IP address of Edge01 A/V Edge in Pool01
Pool01 A/V Edge №2 FQDN A av.domain.public IP address of Edge02 A/V Edge in Pool01
Pool02 A/V Edge №1 FQDN A av.domain.public IP address of Edge01 A/V Edge in Pool02
Pool02 Web Conf Edge №2 FQDN A av.domain.public IP address of Edge02 A/V Edge in Pool02
Lyncdiscover Record for Pool01 A lyncdiscover.domain.public IP address of Reverse Proxy for Pool01
Lyncdiscover Record for Pool02 A lyncdiscover.domain.public IP address of Reverse Proxy for Pool02
Skype for Business External Webservices FQDN for Pool01 A pool01webext.domain.public IP address of Reverse Proxy for Pool01
Skype for Business External Webservices FQDN for Pool02 A pool02webext.domain.public IP address of Reverse Proxy for Pool02
Meeting Simple URL A meet.domain.public IP address of Reverse Proxy for Pool01
Meeting Simple URL A meet.domain.public IP address of Reverse Proxy for Pool02
Dial-in Simple URL A dialin.domain.public IP address of Reverse Proxy for Pool01
Dial-in Simple URL A dialin.domain.public IP address of Reverse Proxy for Pool02
Office Web Apps Server in Pool01 FQDN A owapp01.domain.public IP address of Reverse Proxy for Pool01
Office Web Apps Server in Pool02 FQDN A owapp02.domain.public IP address of Reverse Proxy for Pool02
SIP TLS Record SRV _sip._tls 0 0 443 sip.domain.com.
XMPP Federation Record SRV _xmpp-server._tcp 0 0 443 sip.domain.com.
SIP Federation Record SRV _sipfederationtls._tcp 0 0 5061 sip.domain.com.

As you can see in case of multiple pools with multiple servers we need DNS A Record for each server in each pool. The last three records are common for the whole Skype for Business infrastructure.

Skype for Business Desktop Client Sign-In Process

Since Lync 2013 clients favor Autodiscover services over DNS SRV records to locate the Front End server.

Autodiscover process

Both desktop and  mobile clients will attempt to resolve DNS records in the following order:

1. lyncdiscoverinternal.(sip-domain) , this is an internal record so the client needs to be in internal network to be able to resolve this record, if the client couldn’t resolve the record it knows it is outside the corporate network and goes to step two
2. lyncdiscover.(sip-domain)
If Mobile client failed to resolve this record it will fail to login and stop trying!

Desktop client will try to failback to DNS SRV Records:

DNS SRV discovery process (desktop client only!)

1. _sipinternaltls.tcp_(sip-domain) using TLS
2. _sipinternal.tcp.(sip-domain) using TCP
3. _sip._tls.(sip-domain) using TLS (Externally only)
4. sipinternal.(sip-domain) , internal A record of the Frontend / Director pool
5. sip.(sip-domain) , Internal A record of the Frontend / Director pool (Internally) , or Access Edge Service (Externally)
6. sipexternal.(sip-domain) , A record for the external Access Edge services (Externally only)

The DNS record that got resolved by client will tell the client the FQDN and port of the SIP register server (either Front End or Director server). If you using DNS load balancing, then the client will get all the IP-address of the servers in the pool in a random way.

The client will try to connect starting from the first IP and after successful connection it will most probably be redirected to it’s main registrar front end server.

You can check which pool user belongs to and which FrontEnd is primary registrar for them by using the following commandlet:

If you using Hardware load balancing, the Skype for Business Client will get the VIP of the hardware load balancer.

Be sociable 🙂 Share!

Comments/Коментарі/Комментарии