Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in

Article
10/04/2007

One of the areas that comes up quite a bit is creating and verifying the DNS entries that are needed for an OCS implementation. Creating DNS records are not very difficult (if you have created them before). What I will try to do is make that whole process easier for you by giving you guidelines on how to go about creating the DNS "SRV" records that we talked about needing and also the "A" host records as well.

In addition I will explain how to verify that those records once you have created them. The verifying part is very useful because this will illevate you from going to the DNS Admin and having him either taking a screenshot of what he did or you standing over his\her shoulder and whatching them drill down through options just to see that they entered what you asked them.

You must create DNS SRV records in your internal DNS for every SIP domain. The procedure assumes that your internal DNS has zones for your SIP user domains.

To create a DNS SRV record

1. On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

2. In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.

3. Click Other New Records.

4. In Select a resource record type, click Service Location (SRV) , and then click Create Record.

5. Click Service, and then type _sipinternaltls.

6. Click Protocol, and then type _tcp.

7. Click Port Number, and then type 5061.

8. Click Host offering this service, and then type the FQDN of the pool.

9. Click OK.

10. Click Done.

After you have created the DNS SRV record, create a DNS A for each pool FQDN and URL FQDN that is not the same as the server FQDN.

To create a DNS A record

1. Click Start, click Control Panel, click Administrative Tools, and then click DNS.

2. In the console tree for your domain, expand Forward Lookup Zones, and then right-click the domain in which your Office Communications Server will be installed.

3. Click New Host (A) .

4. Click Name (uses parent domain name if blank) , and then type the name of the pool.

5. Click IP Address, and then enter the VIP of the load balancer. If you will deploy only one Enterprise Edition Server that is connected to the back-end without a load balancer, type the IP address of the Enterprise Edition server. (A load balancer is required if you deploy more than one Enterprise Edition server in a pool). Click Add Host, and then click OK.

6. To create an additional A record, repeat steps 4 and 5.

7. When you are finished creating all the A records that you need as described earlier in click Done.To verify that the required records have been created successfully, wait for DNS replication (if you have just added the records), and then verify that the records were created as described in the next procedure.

To verify the creation of a DNS SRV record

Log on to a client computer in the domain with an account that is a member of the Administrators group or has equivalent permissions.

1. Click Start, and then click Run. In the Open box, type cmd, and then click OK.

2. At the command prompt, type nslookup, and then press ENTER.

3. Type set type=srv, and then press ENTER.

4. Type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for the TLS record is as follows:

Server: <dns server>.corp.example.com

Address: <IP address of DNS server>

Non-authoritative answer:

_sipinternaltls._tcp.example.com SRV service location:

priority = 0

weight = 0

port = 5061

svr hostname = poolname.example.com

poolname.example.com internet address = <virtual IP Address of the load balancer> or <IP address of a single Enterprise Edition Server for pools with only one Enterprise Edition Server>

5. When you are finished, at the command prompt, type exit.

After you configure the DNS records, verify that the FQDN of the Enterprise pool can be resolved by DNS.

To verify that the FQDN of the Enterprise pool can be resolved

1. Log on to a client computer in the domain.

2. Click Start, and then click Run. In the Open box, type cmd, and then click OK.

3. At the command prompt, type ping <FQDN of the pool> , and then press ENTER.

4. Verify that you receive a response similar to the following, where the IP address returned is the IP address of the load balancer for your Enterprise pool or, in the case of an Enterprise pool with a single Enterprise Edition Server, the IP address of the Enterprise Edition Server.

Reply from 172.27.176.117: bytes=32 time<1ms TTL=127

How Client DNS Queries Work

During DNS lookup, SRV records are queried in parallel and returned in the following order to the client.

1. _sipinternaltls._tcp.<domain> - for internal TLS connections

2. _sipinternal._tcp. <domain> - for internal TCP connections (performed only if TCP is allowed)

3. _sip._tls. <domain> - for external TLS connections

4. _sip._tcp.<domain> - for external TCP connections

where <domain> is the SIP domain used by your internal clients

The client uses the SRV record that is returned and is successful and does not try any other SRV records.

After the SRV record is returned, a query is performed for the DNS A record for the host name that is returned by the SRV record. If no records are found during the DNS SRV query, the client performs an explicit lookup of sip.<domain> . If the explicit lookup does not produce results, the client performs a lookup for sipinternal.<domain> . If the client does not find sipinternal.<domain> , it performs a lookup for sipexternal.<domain> .

If your DNS infrastructure prohibits configuration of these DNS records, you can manually edit the client registry to point to the appropriate home server.

Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in

Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in

How Client DNS Queries Work

Additional resources