DNS configuration
Before configuring Microsoft Dynamics CRM Server 2011 for claims-based authentication, you should configure your internal and public domain records so the various Microsoft Dynamics CRM Server 2011 and AD FS endpoints resolve correctly. If you are setting up Microsoft Dynamics CRM Server 2011 in a test lab, you can configure internal records in the hosts file instead of DNS. Hosts use is not recommended for a production environment.
You will create DNS records for the following domain names:
Internal URL used to access Microsoft Dynamics (for example, internalcrm.contoso.local).
External URL used to access Microsoft Dynamics - Web Application Server domain (for example, orgname.contoso.com).
Microsoft Dynamics CRM Organization Web Service domain. Differs from the record used for external access if you have separate domains (for example, orgname.subdm.contoso.com).
Microsoft Dynamics CRM Discovery Web Service domain (for example, dev.contoso.com).
AD FS 2.0 server (for example, sts1.contoso.com).
External IFD URL - Microsoft Dynamics CRM IFD federation endpoint (for example, auth.contoso.com). This record will be used by the AD FS 2.0 server when retrieving the Microsoft Dynamics CRM IFD federationmetadata.xml file.
Important
There are several names that cannot be used for host records, for example: support, help, and home. To view a complete list of reserved names, open the dbo.ReservedNames table in the MSCRM_CONFIG database on the Microsoft Dynamics CRM server and review the names in the ReservedName column.
Example DNS Settings – AD FS and Microsoft Dynamics CRM on the same server
The following are example DNS settings for a single-server deployment. A single domain – contoso.local – is used for internal access. A publicly registered domain – contoso.com – is used for external Microsoft Dynamics CRM access. Contoso.com can also be used for internal access. A single public IP address is required for external access to Microsoft Dynamics CRM.
The following table contains records configured in the Internal DNS Zone: contoso.local.
Name | Type | Data | Comment |
---|---|---|---|
Internal DNS Zone: contoso.local |
The following record is configured in DNS on your internal server. |
||
crmserver |
Host (A) |
The IP address of the server where Microsoft Dynamics CRM and AD FS 2.0 are installed. |
Configured in DNS on your internal server. |
The following table contains records configured in the Internal DNS Zone: contoso.com.
Name | Type | Data | Comment |
---|---|---|---|
Internal DNS Zone: contoso.com |
The following record is configured in DNS on your internal server. |
||
internalcrm |
Alias (CNAME) |
crmserver.contoso.local |
Configured in DNS on your internal server. Used in the internal URL to access Microsoft Dynamics CRM. Internal URL: https://internalcrm.contoso.com:444 |
The following table contains records that must be created with your public host domain service.
Name | Type | Data | Comment |
---|---|---|---|
Public DNS: contoso.com |
The following records must be created with your public host domain service. For performance and redundancy purposes you could also create these records in the contoso.com zone on your internal DNS server. |
||
orgname |
Host (A) |
IP address of your Microsoft Dynamics CRM public-facing internet connection |
Used in the external URL to access Microsoft Dynamics CRM. External URL: https://orgname.contoso.com:444 |
dev |
Host (A) |
IP address of your Microsoft Dynamics CRM public-facing internet connection |
The Microsoft Dynamics CRMDiscovery Web Service. |
sts1 |
Host (A) |
IP address of your Microsoft Dynamics CRM public-facing internet connection |
The AD FS 2.0 server. |
auth |
Host (A) |
IP address of your Microsoft Dynamics CRM public-facing internet connection |
The Microsoft Dynamics CRM IFD federation endpoint. This record will be used by the AD FS 2.0 server when retrieving the Microsoft Dynamics CRM IFD federationmetadata.xml file. |
Example DNS Settings – AD FS and Microsoft Dynamics CRM on separate servers
The following are example DNS settings for a two-server deployment. Two public IP addresses are required for external access to Microsoft Dynamics CRM – one for the Microsoft Dynamics CRM server and one for the AD FS server. Two internally hosted DNS zones are required: contoso.local and contoso.com.
Important
If you would rather not have a public connection for your AD FS 2.0 server, you can use an AD FS proxy server. For more information, see Deploying Federation Server Proxies.
The following table contains records configured in the Internal DNS Zone: contoso.local.
Name | Type | Data | Comment |
---|---|---|---|
Internal DNS Zone: contoso.local |
The following record is configured in DNS on your internal server. |
||
crmserver |
Host (A) |
The IP address of the server where Microsoft Dynamics CRM is installed. |
Configured in DNS on your internal server. |
The following table contains records configured in the Internal DNS Zone: contoso.com.
Name | Type | Data | Comment |
---|---|---|---|
Internal DNS Zone: contoso.com |
The following record is configured in DNS on your internal server. |
||
sts1 |
IP address of your AD FS server. |
This record is only needed if you use an AD FS proxy server. |
|
internalcrm |
Alias (CNAME) |
crmserver.contoso.local |
Configured in DNS on your internal server. Used in the internal URL to access Microsoft Dynamics CRM. Internal URL: https://internalcrm.contoso.com |
The following table contains records that must be created with your public host domain service.
Name | Type | Data | Comment |
---|---|---|---|
Public DNS: contoso.com |
The following records are created with your public host domain service. For performance and redundancy purposes you could also create these records in the contoso.com zone on your internal DNS server. |
||
orgname |
Host (A) |
IP address of your Microsoft Dynamics CRM public-facing internet connection. |
Used in the external URL to access Microsoft Dynamics CRM. External URL: https://orgname.contoso.com |
dev |
Host (A) |
IP address of your Microsoft Dynamics CRM public-facing internet connection. |
The Microsoft Dynamics CRMDiscovery Web Service. |
sts1 |
Host (A) |
IP address of your AD FS server public-facing internet connection. If you use an AD FS proxy server, this would be the IP address of the public-facing internet connection of the proxy server. |
The AD FS 2.0 server or AD FS proxy server. |
auth |
Host (A) |
IP address of your Microsoft Dynamics CRM public-facing internet connection. |
The Microsoft Dynamics CRM IFD federation endpoint. This record will be used by the AD FS 2.0 server when retrieving the Microsoft Dynamics CRM IFD federationmetadata.xml file. |
Add a forward lookup zone in DNS
Open DNS Manager by clicking Start, pointing to Administrative Tools, and then clicking DNS.
In the console tree, right-click a DNS server, and then click New Zone to open the New Zone Wizard.
Follow the instructions in the wizard to create a forward lookup zone of type: primary zone, secondary zone, or stub zone.