none
Edge Server Unknown Domains Name Resolution RRS feed

  • Question

  • As per Microsoft's recommendation i have setup my SFB Edge servers using two NIC's

    one being used for External Traffic

    one being used for Internal Traffic

    I am seeing a lots n loads of Name resolution queries on both NICs, even for the domains we dont have any relation with

    on the internal nic using network sniffer i am able to see most of the packets are being forwarded to edge server from FrontEnds 

    ?? and for most of the names i see Error as in when edge servers checks it with the DNS server DNS Server returns an error

    BUT my concern at this point is about why so many unknown domain names are appearing on the edge

    and ever more important is HOW CAN TRACK THIS PACKET BACK TO THE USER WHOSE IS TRYING THIS IF ANY

    BR,

    /HS


    An Extremist

    Thursday, September 19, 2019 8:48 AM

All replies

  • Hi An Extremist,

    Do you know which DNS record in the DNS query?

    How do you configure the DNS on Edge server NICs?

    Generally, it is recommended to resolve DNS queries on the Internet, which means via the external NIC.

    For internal DNS resolution, best practice is a dedicated hosts file, or make it possible to resolve internal DNS.

    The HOSTS is used for internal SFB Server only, so specify all SFB Server in your internal Topology, configure the DNS Server only on the external NIC.

    For details, please refer to: https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy-edge-server/deploy-edge-servers


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Friday, September 20, 2019 2:38 AM
    Moderator
  • Hey Sharon!,

    You are the only hope at this point!,

    I get the point of configuring DNS resolutions it is fine,

    But Please my query is why an Edge will show a lot of DNS queries at this point it appears its just about any name that possibly exists like but its not limited to these as i said it could be any name

    _sipfederationtls._tcp.rosan.kz
    lync.atfbank.kz
    _sipfederationtls._tcp.atfbank.kz
    _sipfederationtls._tcp.halykbank.kz
    _sipfederationtls._tcp.bcc.kz
    PoolKN.eubank.kz
    _sipfederationtls._tcp.almanit.kz
    _sipfederationtls._tcp.tengribank.kz
    edge.kaspi.kz
    _sipfederationtls._tcp.jysanbank.kz
    _sipfederationtls._tcp.bankrbk.kz
    _sipfederationtls._tcp.ibsproject.kz
    _sipfederationtls._tcp.altynbank.kz
    _sipfederationtls._tcp.kaspi.kz
    _sipfederationtls._tcp.eubank.kz
    _sipfederationtls._tcp.centercredit.kz
    _sipfederationtls._tcp.sberbank.kz
    _sipfederationtls._tcp.hcsbk.kz

    STILL please once again my query are

    1. WHEN AND WHY A SKYPE FOR BUSINESS EDGE SERVER WILL GENERATE SUCH DNS REQUESTS

    2. DOES EDGE SERVER DOES THIS ON ITS OWN, OR ONLY WHEN A USER TRIES TO CONTACT SOMEONE IN ONE OF THOSE NAMES, QUERY IS FORWARDED TO FRONTEND FIRST WITH WHICH CLIENT IS CONNECTED and THAT FRONTEND FORWARDS IT TO THE EDGE - IS THIS RIGHT ?

    3. IF ABOVE IS CORRECT I HAVE TRIED TO GENERATE TRAFFIC USING MY CLIENT AND HAVE TRIED TO ANALYZE IT USING SNOOPER BUT DOES NOT OR NEVER SHOWS THAT QUERY WAS FORWARDED TO EDGE, ALL I SEE IS MY FRONTEND REPLIES UNABLE TO RESOLVE DNS AND THATS WHERE IT ENDS

    4. IF THAT's THE BEHAVIOR THEN WHY AND HOWCOME I SEE SO MANY REQUESTS ON EDGE WITH THAT KIND OF DNS names and records - I dont understand the behavior


    An Extremist

    Friday, September 20, 2019 7:41 AM
  • Hi An Extremist,

    In my understanding, these DNS records are related to federation.

    Please check the federation configuration in your environment.

    I think only when client try to connect the federated user, the Edge server do DNS resolution on its own.

    In addition, please check the DNS configuration on the Edge NICs.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, September 24, 2019 8:18 AM
    Moderator
  • Hello Sharon,

    DNS is setup as per Microsoft's recommendations only,

    Federation is limited to Allowed Domains and there are very few ones just about 5-6 names that's it

    Whereas the names i see on the Edge on both internal as well as external NICs are not at all related to Federated domains, Is this a default behavior - it should not be!

    I need to know a confirmed way how to trace these requests back to the user/machine the request was initiated from,

    i have tried to generate such traffic using my user/machine but it denied by the Frontend itself it appears it never reaches the Edge at all

    BR,

    /HS


    An Extremist

    Thursday, September 26, 2019 9:48 AM
  • Hi An Extremist,
    If you want to trace the request, you can collect CLS log and have a review.

    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, October 1, 2019 1:49 AM
    Moderator
  • Hi An Extremist,

    Is there any update on this case?

    Please feel free to drop us a note if there is any update.

    Have a nice day!


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, October 9, 2019 4:18 AM
    Moderator