OCS DNS Automatic Configuration when Split DNS is not an Option
I have run into a couple issues with customers that are unable to or unwilling to create DNS Zone of Public namespace internally into their AD environment.
In order to get Automatic configuration to work we need to create a SRV Records or a fall back A Record. DNS Records that Office Communicator look at for Automatic Configuration are as follows.
DNS Records (These records are not in any specific order)
A typical SRV Record for OCS is configured as below.
This is where the problem starts to come in. The AD Domain is corporate.contoso.local and your SIP URI is firstname.lastname@example.org to match your primary SMTP domain (email address). In most environments contoso.com is managed by Public DNS Servers and is not available from the internal AD DNS Servers. One option is to create this namespace internally. This works for a lot of companies, but some organizations do not want to manage Split DNS.
The requirement for this is do to how Communicator looks for your Office Communication Server. When a user logs in with email@example.com, Communicator starts its built in DNS Queries and will search for the above mentioned DNS Records with the domain portion of the users SIP URI. This can become a problem for some Organizations that do not have their Public namespace in their internal AD DNS.
Communicator cannot tell the difference between “Internal or External” SRV Records. So if you create a _sipinternaltls._tcp.contoso.com record in your external dns zone, this will take care of users logging into your internal OCS Pool, but users externally will also use this record and fail to login, because they will be unable to reach your internal pool server.
The following outlines a way to create your SRV and Host records internally without having to manage Split DNS.
First we need to create a new dns zone that mimics the SRV Record Domain. The finished domain will look like below.
Now that the SRV Domain has been created we will create the SRV Record in the domain. Since the zone was created with _tcp when we create the record it will create it in the root of this zone.
You can see the record _sipinternaltls._tcp.contoso.com has been created in the root of the _tcp.contoso.com zone.
Last step is to create the the host record you used when creating the SRV Record. In this scenario we used ocs.contoso.com. Unfortunately we can not just create this host record in the SRV Zone we created earlier. If we did create the host record in this zone it would become ocs._tcp.contoso.com which is not where the SRV record we created points to. We will create a new zone as the host record.
Now we will create a blank host record in this zone that points to the OCS Server. This will use the Parent (Zone Name) for this record.
That is it. Now you have created a SRV & Host Record in your internal AD DNS with out having to manage your Public DNS Records internally.
##### UPDATE ######
It was brought to my attention today, the below configuration does not work if you have non-window clients. I will post the network traces to why this will not work with non-windows clients soon. But in the meantime, if you have non-window clients Doug’s blog will help create the “Split-Brain DNS” for this scenario.