DNS (Domain Name Service)
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Office Communications Server 2007 uses DNS in the following ways:
To discover internal servers or pools for server-to-server communications.
To allow clients to discover the Enterprise pool or Standard Edition Server used for various SIP transactions.
To allow external servers and clients to connect to edge servers or the HTTP reverse proxy for instant messaging or conferencing.
DNS Records for Standard Edition Servers and Enterprise Pools
The following table specifies DNS requirements for various Office Communications Server 2007 Standard Edition and Enterprise Edition deployment scenarios.
Table 24 DNS Requirements
| Deployment Scenario | DNS Requirement |
|---|---|
Standard Edition server |
An internal A record that resolves the FQDN of the server to its IP address. |
Enterprise Edition pool with multiple Front End servers and a required load balancer |
An internal A record that resolves the FQDN of your Enterprise pool to the VIP address of the load balancer. |
Enterprise Edition pool with a single Front End server and a dedicated Back-End Database but no load balancer. |
An internal A record that resolves the FQDN of the Enterprise pool to the IP address of the single Enterprise Edition server. |
An internal URL for Web conferencing that is different from the default pool FQDN. |
An internal A record that resolves the host name portion of the URL to the VIP of the Web conferencing load balancer (or single Front End server if appropriate). |
Automatic client logon. |
For each supported SIP domain, an SRV record for _sipinternaltls._tcp.<domain> over port 5061 that the FQDN of the Standard Edition Server or Enterprise pool that authenticates and redirects client requests for sign-in. |
A reverse proxy to support Web conferencing for external users. |
An external A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
DNS Records for Edge Servers
DNS requirements for edge servers are more complicated than for internal servers because:
There are three types of edge servers, each with a different function and requirements.
All edge servers have two interfaces: an external (or public) interface and an internal (or private) interface. Each interface has its own separate DNS requirements.
Edge servers may serve multiple SIP domains, each requiring a separate DNS record.
DNS requirements also vary according to the edge server topology that is deployed.
When you collocate multiple edge server roles on a single computer, you should use a separate external IP address for each role. Specific DNS settings must be configured on each external and internal interface of each edge server. In general, this includes configuring DNS records to point to appropriate servers in the internal network and configuring DNS records as appropriate for each edge server.
Note
To prevent DNS SRV spoofing and ensure that certificates provide valid ties from the user URI to real credentials, Office Communications Server 2007 requires that the FQDN returned from DNS SRV query match the server name on the certificate. The subject name (SN) must point to sip.<domain>.
The actual DNS records that may be required depend on which edge servers you deploy and on your deployment topology, as covered in this section. The following tables provide details about each DNS record required for each topology.
The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the consolidated edge topology. For a detailed description of supported edge server topologies, see Step 6. Plan for External User Access.
Note
The port numbers referenced in the following tables and later in this document are typically the default ports. If you use different port settings, you will need to modify the procedures in this guide accordingly.
Table 25 DNS records for the consolidated edge topology
| Internal/External Record | Server | DNS Settings |
|---|---|---|
External |
Collocated Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server |
An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record with the external FQDN of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity. A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client. Note Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Collocated Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the edge server to the internal IP address of the edge server. Office Communications Server 2007 servers within the organization use this DNS A record to connect to the internal interface of the edge server. |
The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the single-site edge topology.
Table 26 DNS records for the single-site edge topology
| Interface | Server | DNS Settings |
|---|---|---|
External |
Collocated Access Edge Server and Web Conferencing Edge Server |
An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record with the external FQDN of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity. A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client. Note Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight. |
|
A/V Edge Server |
An external DNS A record that points the external FQDN of the A/V Edge Server to its external IP address. This IP address must be a publicly routable IP address. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Collocated Access Edge Server and Web Conferencing Edge Server |
An internal DNS A record that resolves the internal FQDN of the collocated Access Edge Server and Web Conferencing Edge Server to its internal IP address. |
|
A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the A/V Edge Server to its internal IP address. |
The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the scaled single-site edge topology.
Table 27 DNS records for the scaled single-site edge topology
| Interface | Server | DNS Settings |
|---|---|---|
External |
Access Edge Server Web Conferencing Edge Server |
An external SRV record for all Access Edge Servers for _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record that resolves the external FQDN of the Access Edge Server array to the VIP address used by the Access Edge Server array on the external load balancer. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports federation and public IM connectivity. A DNS SRV (service location) record for _sip._tls.<domain>, over port 443 where <domain> is the name of your organizations SIP domain. This SRV record must point to the A record of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each domain. This SRV record supports external user access through Office Communicator and the Live Meeting client. Note Configuring multiple SRV records for the same SIP domain is not supported. If multiple DNS records are returned to a DNS SRV query, the Access Edge Server will always pick the DNS SRV record with the lowest numerical priority and highest numerical weight. |
|
A/V Edge Server |
An external DNS A record that resolves the external FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the external load balancer on the external edge. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Access Edge Server Web Conferencing Edge Server |
An internal DNS A record that resolves the internal FQDN of the Access Edge Server array to the virtual IP address used by the Access Edge Servers on the internal load balancer. An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server to its internal IP address. |
|
A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the internal load balancer. |
The data center configuration for the multiple-site edge topology is the same as that for the scaled single-site edge topology, but additional configuration is required for the remote site. The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the remote site of the multiple-site edge topology.
Table 28 DNS records for the multiple-site edge topology remote site with one or more Web Conferencing Edge Servers and a single A/V Edge Server
| Interface | Remote Site Server | DNS Settings |
|---|---|---|
External |
Web Conferencing Edge Server |
An external DNS A record that resolves to the external FQDN of each Web Conferencing Edge Server in the remote site to its external IP address. |
|
A/V Edge Server |
An external DNS A record that resolves the external FQDN of the A/V Edge Server in the remote site to its external IP address. This IP address must be a publicly routable IP address. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Web Conferencing Edge Server |
An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server in the remote site to its internal IP address. |
|
A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the A/V Edge Server to its internal IP address. |
The following table describes the DNS records that must be configured for the external interface and the internal interface of the edge servers in the remote site for a scaled remote site topology where two or more Web Conferencing Edge Servers and two or more A/V Edge Servers are load balanced in the remote site.
Table 29 DNS records for the scaled remote edge topology
| Interface | Server | DNS Settings |
|---|---|---|
External |
Web Conferencing Edge Server |
An external DNS A record that resolves the external FQDN the Web Conferencing Edge Server array to the VIP address used by the Web Conferencing Edge Server array on the external load balancer. |
|
A/V Edge Server |
An external DNS A record that resolves the external FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the external load balancer on the external edge. |
|
Reverse proxy |
An external DNS A record that resolves the external Web farm FQDN to the external IP address of the reverse proxy. The client uses this record to connect to the reverse proxy. |
Internal |
Web Conferencing Edge Server |
An internal DNS A record that resolves the internal FQDN of each Web Conferencing Edge Server to its internal IP address. |
|
A/V Edge Server |
An internal DNS A record that resolves the internal FQDN of the A/V Edge Server array to the virtual IP address used by the A/V Edge Servers on the internal load balancer. |