Sunday, April 23, 2017

DNS Records for Skype for Business Hybrid Installation

DNS Configuration for Skype for Business Hybrid Deployments


DNS settings are important and you need to understand how your organizations Skype for Business communication flow works.

First important understanding:
If you run a hybrid installation, your Office 365 Tenant with Skype for Business Online is seen from your On-Premise installation as a federated organization.


Therefore the following DNS records must also be resolvable from your internal DNS infrastructure (Edge Server).
Depending on how DNS is configured in your organization, you may need to add these records to the internal hosted DNS zone for the corresponding SIP domain(s) to provide internal DNS resolution to these records. (see illustration below table)


DNS RECORD
RECORD TYPE
WHERE IT SHOULD RESOLVE TO
PORT
sip.YourDom.com
A
Public IP of Access Edge
n/a
_sip._tls.YourDom.com
SRV
External on-premises Access Edge Interface (sip. YourDom.com)
443
_sipfederationtls._tcp.
YourDom.com
SRV
External on-premises Access Edge Interface (sip. YourDom.com)
5061
webcon.YourDom.com
A
Public IP of Access Edge
n/a
av.YourDom.com
A
Public IP of Access Edge
n/a


Illustration for DNS Best Practice:

(Click the illustration to enlarged)

The internal Clients, will not query the _sip._tls or _sipfederationtls._tcp records, but your Edge will do. Therefore the illustration above should provide you with an idea on how setting up DNS.

Remember, only the Edge is requiring the both DNS SRV record, not any internal system.
In case you decide not having a HOSTS file, this both drawing will also work, since this with or without SPLIT DNS, the internal DNS servers will provide the correct DNS records to the Edge Server.

Errors in SNOOPER:

An indication for DNS misconfiguration is for example a one-way Presence, where the external partner can see your presence, even is able calling your. But from your side no outbound presence or call are possible.

Possible seen error with a wrong setup:
SIP communication:
ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";domain=YourDom.com";dns-srv-result="NegativeResult";dns-source="InternalCache";source="YourDom.com"




Conferencing Setup:
<diagHeader>1008;reason="Unable to resolve DNS SRV record";domain="YourDom.com";dns-srv-result="NegativeResult";dns-source="InternalCache";source="sip.YourDom.com"</diagHeader>


Important Best Practice:
Your Edge Servers should be configured with HOSTS file and external DNS resolution. If you fail doing so, you might consider configuring Split DNS with the external DNS Records (see table) on your internal DNS SIP Domain.


Understanding Hybrid Deployments on Technet:
https://technet.microsoft.com/en-us/library/jj205403.aspx

Troubleshooting Hybrid Deployment on Technet:
https://support.microsoft.com/de-de/help/2566790/troubleshooting-skype-for-business-online-dns-configuration-issues-in-office-365


Author:

No comments:

Post a Comment