Lync Server 2013 中的 DNS 摘要-使用 NAT 的专用 IP 地址的单一合并边缘DNS summary - Single consolidated edge with private IP addresses using NAT in Lync Server 2013

 

上次修改的主题: 2017-03-09Topic Last Modified: 2017-03-09

与证书和端口相比,远程访问 Lync Server 2013 的 DNS 记录要求相当简单。DNS record requirements for remote access to Lync Server 2013 are fairly straightforward compared to those for certificates and ports. 此外,许多记录是可选的,具体取决于如何配置运行 Lync 2013 的客户端以及是否启用联盟。Also, many records are optional, depending on how you configure clients running Lync 2013 and whether you enable federation.

有关 Lync 2013 DNS 要求的详细信息,请参阅 确定 Lync Server 2013 的 DNS 要求For details about Lync 2013 DNS requirements, see Determine DNS requirements for Lync Server 2013.

若要详细了解如何自动配置运行 Lync 2013 的客户端,请参阅 确定 Lync Server 2013 的 DNS 要求中的 "在不 Split-Brain DNS 的情况下自动配置"。For details about automatic configuration of clients running Lync 2013 if split-brain DNS is not configured, see “Automatic Configuration without Split-Brain DNS” in Determine DNS requirements for Lync Server 2013.

下表包含 DNS 记录的摘要,支持单个合并边缘拓扑图中显示的单个合并边缘拓扑时需要这些 DNS 记录。The following table contains a summary of the DNS records that are required to support the single consolidated edge topology shown in the Single Consolidated Edge Topology figure. 请注意,只有在自动配置 Lync 2013 和 Lync 2010 客户端时,才需要某些 DNS 记录。Note that certain DNS records are required only for automatic configuration of Lync 2013 and Lync 2010 clients. 如果您计划使用组策略对象 (Gpo) 来配置 Lync 客户端,则不需要关联的自动配置记录。If you plan to use group policy objects (GPOs) to configure Lync clients, the associated automatic configuration records are not necessary.

重要说明:边缘服务器网络适配器要求IMPORTANT: Edge Server Network Adapter Requirements

若要避免路由问题,请确认边缘服务器中至少有两个网络适配器,并且默认网关仅在与外部接口相关联的网络适配器上设置。To avoid routing issues, verify that there are at least two network adapters in your Edge Servers and that the default gateway is set only on the network adapter associated with the external interface. 例如,如在 使用 Lync Server 2013 的专用 IP 地址和 NAT 的单一合并边缘拓扑图中所示,默认网关将指向外部防火墙 (10.45.16.1) 。For example, as shown in the Single Consolidated Edge Topology figure in Single consolidated edge with private IP addresses and NAT in Lync Server 2013, the default gateway would point to the external firewall (10.45.16.1).

您可以在边缘服务器中配置两个网络适配器,如下所示:You can configure two network adapters in your Edge Server as follows:

  • 网络适配器 1(内部接口)Network adapter 1 (Internal Interface)

    分配有 172.25.33.10 的内部接口。Internal interface with 172.25.33.10 assigned.

    未定义默认网关。No default gateway is defined.

    确保从包含边缘内部接口的网络的路由到包含运行 Lync Server 2013 或 Lync Server 2013 客户端的服务器的任何网络 (例如,从172.25.33.0 到 192.168.10.0) 。Ensure that there is a route from the network containing the Edge internal interface to any networks that contain servers running Lync Server 2013 or Lync Server 2013 clients (for example, from 172.25.33.0 to 192.168.10.0).

  • 网络适配器 2(外部接口)Network adapter 2 (External Interface)

    将向此网络适配器分配三个专用 IP 地址,例如,10.45.16.10(针对访问边缘)、10.45.16.20(针对 Web 会议边缘)和 10.45.16.30(针对 AV 边缘)Three private IP addresses are assigned to this network adapter, for example 10.45.16.10 for Access Edge, 10.45.16.20 for Web Conferencing Edge, 10.45.16.30 for AV Edge

    备注

    虽然可以对所有三个边缘服务接口使用一个 IP 地址,但不建议这样做。虽然这样能节省 IP 地址,但每个服务需要不同的端口号。默认端口号为 443/TCP,这将确保大多数远程防火墙允许通信。针对访问边缘、Web 会议边缘和 AV 边缘分别将端口值更改为 5061/TCP、444/TCP 和 443/TCP(举例而言)可能导致远程用户遇到问题,即,他们所用的防火墙不允许通过 5061/TCP 和 444/TCP 进行通信。此外,使用三个不同的 IP 地址将使故障排除更加轻松,因为这样能筛选 IP 地址。It is possible, though not recommended, to use a single IP address for all three Edge service interfaces. Though this does save IP addresses, it requires different port numbers for each service. The default port number is 443/TCP, which ensures that most remote firewalls will allow the traffic. Changing the port values to (for example) 5061/TCP for the Access Edge, 444/TCP for the Web Conferencing Edge and 443/TCP for the AV Edge might cause problems for remote users where a firewall that they are behind does not allow the traffic over 5061/TCP and 444/TCP. Additionally, three distinct IP addresses makes troubleshooting easier due to being able to filter on IP address.

    访问边缘 IP 地址是默认网关设置为集成路由器的主要 IP 地址 (10.45.16.1)。Access Edge IP address is primary with default gateway set to integrated router (10.45.16.1).

    Web 会议和 A/V 边缘 IP 地址是次要 IP 地址。Web conferencing and A/V Edge IP addresses secondary.

提示

配置具有两个网络适配器的边缘服务器是两个选项之一。Configuring the Edge Server with two network adapters is one of two options. 另一种方法是将一个网络适配器用于内部端,将三个网络适配器用于边缘服务器的外部端。The other option is to use one network adapter for the internal side and three network adapters for the external side of the Edge Server. 此选项的主要优点是,每个边缘服务器服务都有不同的网络适配器,并且在需要故障排除时有可能更简单的数据收集The main benefit of this option is a distinct network adapter per Edge Server service, and potentially more concise data collection when troubleshooting is necessary

带有使用 NAT 的专用 IP 地址的单一合并边缘所需的 DNS 记录(示例)DNS Records Required for Single Consolidated Edge with Private IP Addresses Using NAT (Example)

位置/类型/端口Location/TYPE/Port FQDN/DNS 记录FQDN/DNS Record IP 地址/FQDNIP Address/FQDN 映射位置/注释Maps to/Comments

外部 DNS/AExternal DNS/A

sip.contoso.comsip.contoso.com

131.107.155.10131.107.155.10

访问边缘外部接口 (Contoso) 根据需要对包含启用了 Lync 的用户的所有 SIP 域重复Access Edge external interface (Contoso)Repeat as necessary for all SIP domains with Lync enabled users

外部 DNS/AExternal DNS/A

webcon.contoso.comwebcon.contoso.com

131.107.155.20131.107.155.20

Web 会议边缘外部接口Web Conferencing Edge external interface

外部 DNS/AExternal DNS/A

av.contoso.comav.contoso.com

131.107.155.30131.107.155.30

A/V 边缘外部接口A/V Edge external interface

外部 DNS/SRV/443External DNS/SRV/443

_sip _sip._tls .com_sip._tls.contoso.com

sip.contoso.comsip.contoso.com

访问边缘外部接口。Access Edge external interface. 将 Lync 2013 和 Lync 2010 客户端的自动配置用于外部工作是必需的。Required for automatic configuration of Lync 2013 and Lync 2010 clients to work externally. 根据需要为启用 Lync 的用户的所有 SIP 域重复使用。Repeat as necessary for all SIP domains with Lync enabled users.

外部 DNS/SRV/5061External DNS/SRV/5061

_sipfederationtls _sipfederationtls._tcp .com_sipfederationtls._tcp.contoso.com

sip.contoso.comsip.contoso.com

SIP 访问边缘外部接口用于实现称为“允许的 SIP 域”的联盟伙伴(在以前版本中称为增强联盟)的自动 DNS 发现。根据需要为启用 Lync 的用户的所有 SIP 域重复使用SIP Access Edge external interface Required for automatic DNS discovery of federated partners known as “Allowed SIP Domain” (called enhanced federation in previous releases).Repeat as necessary for all SIP domains with Lync enabled users

内部 DNS/AInternal DNS/A

lsedge.contoso.netlsedge.contoso.net

172.25.33.10172.25.33.10

合并边缘内部接口Consolidated Edge internal interface

重要

上表中列出的记录以 .net 扩展名或 .com 扩展名显示,以便在未使用裂脑 DNS 时突出显示需要驻留这些记录的区域。The records listed in the previous table are shown with either a .net extension or a .com extension to highlight which zone they need to reside in if you are not using split-brain DNS. 如果使用裂脑 DNS,则所有记录将位于同一 .com 区域中,唯一的区别在于它们是位于内部还是外部的 DNS 区域版本。If you are using split-brain DNS, all records would be in the same .com zone, with the only distinction being whether they are in the internal or external DNS zone version. 有关详细信息,请参阅 确定 Lync Server 2013 的 DNS 要求中的 "裂脑 dns"。For details, see “Split-Brain DNS” in Determine DNS requirements for Lync Server 2013.

联盟所需的记录Records Required for Federation

位置/类型/端口Location/TYPE/Port FQDNFQDN IP 地址/FQDN 主机记录IP address/FQDN host record 映射位置/注释Maps to/Comments

外部 DNS/SRV/5061External DNS/SRV/5061

_sipfederationtls _sipfederationtls._tcp .com_sipfederationtls._tcp.contoso.com

sip.contoso.comsip.contoso.com

用于实现与其他潜在联盟伙伴的联盟的自动 DNS 发现的 SIP 访问边缘外部接口,称为“允许的 SIP 域”(在以前版本中称为增强联盟)。必要时对带有启用了 Lync 的用户的所有 SIP 域重复SIP Access Edge external interface Required for automatic DNS discovery of your federation to other potential federation partners, and is known as “Allowed SIP Domains” (called enhanced federation in previous releases).Repeat as necessary for all SIP domains with Lync enabled users

重要

移动性和推送通知交换所需要此 SRV 记录This SRV record is required for mobility and the push notification clearing house

可扩展消息传递和状态协议的 DNS 摘要DNS Summary for Extensible Messaging and Presence Protocol

位置/类型/端口Location/TYPE/Port FQDNFQDN IP 地址/FQDN 主机记录IP address/FQDN host record 映射位置/注释Maps to/Comments

外部 DNS/SRV/5269External DNS/SRV/5269

_xmpp server._tcp .com_xmpp-server._tcp.contoso.com

xmpp.contoso.comxmpp.contoso.com

访问边缘服务或边缘池上的 XMPP 代理外部接口。对于所有内部 SIP 域,请根据需要对启用了 XMPP 联系人的用户通过外部策略、用户所在的网站策略或应用到启用 Lync 的用户的用户策略的配置来使用。XMPP proxy external interface on the Access Edge service or Edge pool.Repeat as necessary for all internal SIP domains with Lync enabled users where contact with XMPP contacts is allowed through the configuration of the External Access Policy through a global policy, site policy where the user is located, or user policy applied to the Lync-enabled user. 还必须在 XMPP 联盟伙伴策略中配置允许的 XMPP 域。An allowed XMPP domain must also be configured in the XMPP Federated Partners policy. 有关其他详细信息,请参阅 另请参阅 主题中的主题See topics in See Also for additional details

外部 DNS/AExternal DNS/A

xmpp.contoso.com(举例)xmpp.contoso.com (for example)

边缘服务器或边缘池托管 XMPP 代理上的访问边缘服务的 IP 地址IP address of Access Edge service on your Edge Server or Edge pool hosting XMPP proxy

指向承载 XMPP 代理服务的访问边缘服务或边缘池。Points to the Access Edge service or Edge pool that hosts the XMPP proxy service. 一般而言,您创建的 SRV 记录将指向此主机(A 或 AAAA)记录Typically, the SRV record that you create will point to this host (A or AAAA) record