Forum Discussion
Hybird SIP domain
If we plan to hybrid a sip domain on the tenant, but they have five sip domains.
I know if we plan to hybrid one sip domain and we need to hybrid four domains on a same tenant.
For the DNS, can we still point four hybrid domains to lyncdiscover to lynconline?
All sip domains Sip federation SRV records will point to on-premise edge server.
Thanks.
Hi John,
I wrote a detailed response that keeps being posted as an answer then mysteriously disappearing... Let me try just posting the summary, then the full post:
Summary
- SIP Domains only on Skype for Business Online: point all records to cloud
- SIP Domains on-prem and online (hybrid), point to on-premises Edge server(s) & Reverse Proxy
- Edge server certificate will always require an additional SAN entry
- Reverse Proxy certificate won't if you are happy to allow lyncdiscover over http (port 80)
23 Replies
Hi John,
I wrote a detailed response that keeps being posted as an answer then mysteriously disappearing... Let me try just posting the summary, then the full post:
Summary
- SIP Domains only on Skype for Business Online: point all records to cloud
- SIP Domains on-prem and online (hybrid), point to on-premises Edge server(s) & Reverse Proxy
- Edge server certificate will always require an additional SAN entry
- Reverse Proxy certificate won't if you are happy to allow lyncdiscover over http (port 80)
For any SIP domains that only exist in Office 365, all DNS records can point to Office 365. There are 4 records per domain that you need to configure:
SRV Records
TypeServiceProtocolPortWeightPriorityTTLNameTarget
SRV _sip _tls 443 1 100 1 hour <DomainName> sipdir.online.lync.com SRV _sipfederationtls _tcp 5061 1 100 1 hour <DomainName> sipfed.online.lync.com CNAME Records
TypeHost nameDestinationTTL
CNAME sip.<DomainName> sipdir.online.lync.com 1 hour CNAME lyncdiscover.<DomainName> webdir.online.lync.com 1 hour For any hybrid SIP Domains, domains that exist in both Skype for Business On-Premises and Skype for Business Online, all DNS records need to point to your on-premises Edge Server(s) and Reverse Proxy.
This does of course impact the number of SANs required on your public certificates. However, if you follow the below guidance you can limit the number of SANs required on your Reverse Proxy certificate
DNS Records for Remote User/Federation (Edge Server Certificate)
For each hybrid domain in your environment, you will need to create the following records. These will hit the public certificate on your Edge server/pool. It's important that the domains are consistent between A Records and SRV Records. For example:
SRV _sip._tls.domain.com > A Record sip.domain.com:443
This means that, on your edge servers, you will need an additional SAN entry for each hybrid SIP Domain you want to support.
A Records
Type FQDN IP Address
A sip.domain.com <edge server access public IP address> SRV Records
TypeServiceProtocolPortWeightPriorityTTLNameTarget
SRV _sip _tls 443 1 100 1 hour domain.com sip.domain.com SRV _sipfederationtls _tcp 5061 1 100 1 hour domain.com sip.domain.com
Possible to simplify your question as I am not getting what you wanted to achieve?
You have 5 sip domains, and you plan to use 1 sip domain as a Hybrid? And?
Assumed the followings;
Hybrid domains
1.domain.com
2.domain.com
3.domain.com
4.domain.com
1 online domain
5.domain.com
In this case, Yes, you can point 5.domain.com to SFB Online, while 1-4.domain.com points to Hybrid Edge.
