locked
Edge and reverse proxy - DNS requirements RRS feed

  • Question

  • Hi all,

    Looking for some clarity on the host names and dns suffixes required for the edge and reverse proxy servers. Im also a little confused about when using the internal or external FQDN For test purposes Im going to have the following:

    - Single Edge server External

    Nic1 - External IP and GW (Single IP for Access Edge, Webconf and A/v edge services) 

    Nic2 - Internal IP no GW - Static routes setup to see LAN (single FrontEnd server)

    -Reverse proxy server

    Nic1 - External IP and GW 

    Nic2 - Internal IP no GW - Static routes setup to see LAN 

    Questions:

    Do I need to manually add domain DNS suffix to the two servers? If so do I add the local FQDN or external FQDN or both?

    The edge server needs to the Front end server and internal CA so i assume it needs to have the internal FQDN?


    matt barnes

    Thursday, August 10, 2017 2:47 PM

All replies

  • Hi.

    For Lync/Skype is usually recommend create Split DNS for local DNS. 

    DNS summary - Single consolidated edge with private IP addresses using NAT in Lync Server 2013

    Determine DNS requirements for Lync Server 2013

    Us result you have one name for external and internal name for all services.

    How to Add DNS Suffixes to Edge Server – and Why Lync Needs Them


    MCITP, MCSE. Regards, Oleg

    • Edited by Oleg.Kovalenko Thursday, August 10, 2017 3:01 PM
    • Proposed as answer by Alice-Wang Friday, August 11, 2017 7:19 AM
    Thursday, August 10, 2017 2:57 PM
  • Ok thank you. Another question: 

    Im still unsure how the Edge server resolves DNS to the internal Front End server and CA lookup. At the moment the internal NIC of the Edge server is configured to use our Domain controller for DNS. Ive looked at the various diagrams and port tables, but I dont quite understand how does the Edge server resolve internal addresses? Does it need to have DNS ports open to internal DC? 

    We will be using a Reverse proxy as well. 

    THanks


    matt barnes


    • Edited by BD2013 Friday, August 11, 2017 9:08 AM
    Friday, August 11, 2017 8:56 AM
  • Friday, August 11, 2017 11:38 AM
  • You can refer to the following complete, and detailed topology mentioned here, you can download them for references; 

    https://gallery.technet.microsoft.com/office/End-to-End-Routing-and-a9f20bbb

    https://gallery.technet.microsoft.com/office/SFB-End-to-End-IPs-and-36a9d862

    Edge server has two NICs - 1 NIC for External network (public) and 1 NIC for Internet network which is configured to use Internal DNS server, that's why Edge server is able to resolve Frontend server, and other servers located in the internet/LAN network. 

    Monday, August 14, 2017 1:35 AM
  • Ive read some posts that say that people update the host file of the Edge server rather than using DNS? What is best practice?

    As per this post:

    https://social.technet.microsoft.com/Forums/lync/en-US/537e2f09-6166-4081-b266-729c8004a259/lync-edge-server-host-file-entries-requirement?forum=ocsplanningdeployment


    matt barnes


    • Edited by BD2013 Monday, August 14, 2017 10:02 AM
    Monday, August 14, 2017 9:13 AM
  • I'm always using the hosts file, only to find frontend and CA.

    Monday, August 14, 2017 10:11 AM
  • But use also have DNS look ups internally? if you do than why use host file?

    matt barnes

    Monday, August 14, 2017 11:11 AM
  • DNS suffix you need to configure is your internal forest domain.

    Normally people will use DNS for external resolution(External NIC) and use host file entries for the internal communication like communication to FE/Director,certificate revocation URL in case if you are using internal certificate for edge pool.So both FE and internal CA urls you can add it in host entry


    Jayakumar K

    Monday, August 14, 2017 11:50 AM