Wednesday, March 12, 2014

Lync 2013 Edge Server - DNS Resolution, cannot resolve IP addresses

A new topic came along my way, even I personally work with windows server since NT 3.5, but in very tight configured network environments you might run into server DNS resolution issues.

Principals regarding Lync Edge Server DNS resolution.
It is recommended to resolve DNS queries on the Internet, which means via the external NIC.
For internal DNS resolution, best practice is a dedicated hosts file, or make it possible to resolve intern DNS.

Therefore a common practice is to simply let even external DNS names resolve by the internal DNS servers.


NOTE:
Make sure you have the put in the DNS Servers on the correct network interface!

What and how Windows Server really works:

A we know, each IP setting for every NIC allow us to specify a DNS Server entry.

As I figured out and very important to know, DNS resolution will work ONLY on the network adapter, where DNS servers are configured. While we still keep in mind, if a hosts file is used, the hosts entries are loaded into the DNS Client Cache.


Let's tap into several possible setups:

Also: NetBIOS and LMHOSTS should be disabled.

1. Only a internal DNS Server is used.
You need to configure a DNS Server on the internal network card
Firewall: PORT 53 TCP/UDP configured for internal DNS Server and Edge Server internal IP


2a. A HOSTS file and a external DNS server is used.
The HOSTS is used for internal Lync Server only, so specify all Lync Server in your internal Topology, configure the DNS Server only on the external NIC
Firewall: PORT 53 TCP/UDP configured for external DNS Server and Edge Server external IP (primary IP, the Access Edge)


2b. A HOSTS file and a internal DMZ DNS server is used.
The HOSTS is used for internal Lync Server only, so specify all Lync Server in your internal Topology, configure the DNS Server on the internal NIC, which has a route into the DMZ net.
Firewall: PORT 53 TCP/UDP configured for external DNS Server and Edge Server external IP (primary IP, the Access Edge)


3. Split DNS resolution, two DNS server are used
Configure the DNS Server for external resolution on the external NIC and the internal DNS server on the internal NIC.
Firewall: PORT 53 TCP/UDP configured for external and internal DNS Server and Edge Server external (primary IP, the Access Edge) and internal IP

Also the routing is very important.
However, make sure the routes have als o assigned the correct interface.
Recommendation:
alway use the ROUTE ADD -P command to manually set the routes.This ensure the correct METRIC as well as the corrcet INTERFACE.

Assume this IP addresses:
NIC: Interface 11
ACCESS Edge: 192.168.10.10
WEBCONF Edge: 192.168.10.20
AV Edge: 192.168.10.30

NIC: Interface 12
INTERNAL  Edge: 192.168.20.10

LAN Segement: 10.0.0.0

Default Route:
ROUTE ADD -P 0.0.0.0 MASK 0.0.0.0 192.168.10.254 METRIC 10 IF 11
ROUTE ADD -P 10.0.0.0 MASK 255.0.0.0 192.168.20.254 METRIC 50 IF 12

If now your DMZ DNS Server is used, make sure which path (interface and route) can be used to reach the DNS server. You might have to admit the route.

No comments:

Post a Comment