DNS Requirement for Remote Access and local access of Lync 2010 client users

DNS configuration varies depending the current DNS settings in the organization. You need get check if the current DNS is configured with DNS split brain syndrome or not. DNS split brain syndrome  is a beautiful concept as such and its very useful in a organization where you have same domain name space is followed in internal and external DNS.


Internal DNS name space : abc.com
External DNS name space : abc.com

DNS with out split brain syndrome is where internal and external name space is different.


Internal DNS name space : abc.local
External DNS name space : abc.com

Most organization follow this for security reasons.

Lets understand how the Lync Client 2010 will connect when you have two different name space. Before we get into this, lets understand what lync 2010 client needs to connect to its frontend server

When user enters the email address Eg. Krishna@abc.com in the lync client and click on connect then the client will take the user email domain eg abc.com and try to locate the sip server  using srv record in the DNS. SRV record will be in this format eg. “_sipinternaltls._tcp.abc.com” where abc.com is the domain name. With this SRV record lync client connects and access the front-end pool on port 5061.

lync client tries to query the SRV record in the following order and connects using the best available SRV record


With this information lets focus on the configuration required for the internal access of lync 2010 clients

Create a zone in the internal DNS that matches the external DNS zone (for example, abc.com) and create DNS A records corresponding to the Lync Server 2010 pool used for automatic configuration. For example, if a user is homed on pool01.abc.local but signs into Lync as user@abc.com, create an internal DNS zone called abc.com and inside it, create a DNS A record for pool01.abc.com or you can create a pin point zone which matching the external DNS zone. pin point zone can only be created using dnscmd.exe. below is the example to create pin point zone in the internal dns for the domain abc.com and front-end pool name pool01.abc.com

dnscmd . /zoneadd _sipinternaltls._tcp.abc.com. /dsprimary
dnscmd . /recordadd _sipinternaltls._tcp.abc.com. @ SRV 0 0 5061 pool01.abc.com.
dnscmd . /zoneadd pool01.abc.com. /dsprimary
dnscmd . /recordadd pool01.contoso.com. @ A
dnscmd . /recordadd pool01.contoso.com. @ A

We are good from the internal, similar configuration needs to be done from the Internet DNS as well.

Create a SRV record in Internet DNS “_sip._tls.abc.com” where abc.com is the domain name

dnscmd . /recordadd _sip._tls.abc.com. @ SRV 0 0 443

As discussed earlier, lync client uses specific order to query the SRV records. When the lync client is accessing from the internet then the first two SRV request will fail as its not available in the Internet DNS zone and it would connect using the last SRV record “_sip._tls.abc.com” which is defined in the DNS zone

I hope this information helps you to have better understanding the DNS requirementSmile

2 thoughts on “DNS Requirement for Remote Access and local access of Lync 2010 client users

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s