Forum Discussion
Hybird SIP domain
Hi John,
I wrote a detailed response that keeps being posted as an answer then mysteriously disappearing... Let me try just posting the summary, then the full post:
Summary
- SIP Domains only on Skype for Business Online: point all records to cloud
- SIP Domains on-prem and online (hybrid), point to on-premises Edge server(s) & Reverse Proxy
- Edge server certificate will always require an additional SAN entry
- Reverse Proxy certificate won't if you are happy to allow lyncdiscover over http (port 80)
Hi John,
I wrote a detailed response that keeps being posted as an answer then mysteriously disappearing... Let me try just posting the summary, then the full post:
Summary
- SIP Domains only on Skype for Business Online: point all records to cloud
- SIP Domains on-prem and online (hybrid), point to on-premises Edge server(s) & Reverse Proxy
- Edge server certificate will always require an additional SAN entry
- Reverse Proxy certificate won't if you are happy to allow lyncdiscover over http (port 80)
For any SIP domains that only exist in Office 365, all DNS records can point to Office 365. There are 4 records per domain that you need to configure:
SRV Records
TypeServiceProtocolPortWeightPriorityTTLNameTarget
| SRV | _sip | _tls | 443 | 1 | 100 | 1 hour | <DomainName> | sipdir.online.lync.com |
| SRV | _sipfederationtls | _tcp | 5061 | 1 | 100 | 1 hour | <DomainName> | sipfed.online.lync.com |
CNAME Records
TypeHost nameDestinationTTL
| CNAME | sip.<DomainName> | sipdir.online.lync.com | 1 hour |
| CNAME | lyncdiscover.<DomainName> | webdir.online.lync.com | 1 hour |
For any hybrid SIP Domains, domains that exist in both Skype for Business On-Premises and Skype for Business Online, all DNS records need to point to your on-premises Edge Server(s) and Reverse Proxy.
This does of course impact the number of SANs required on your public certificates. However, if you follow the below guidance you can limit the number of SANs required on your Reverse Proxy certificate