Skip to main content
CallTower Solutions Center

How to verify or set DNS records for Skype for Business

This article will walk the user through the process of verifying or setting DNS Records for Skype for Business

Skype for Business uses the domain from the user log in to perform a DNS lookup to contact the correct Skype for Business servers. To enable this process to function, four DNS records are required. If split-brain DNS is in use (where your domain name resolves to a different set of DNS servers outside your network than inside), you will have to add these DNS records in both places. In general, the records must be present anywhere a user resolves your DNS domain name.

Resolution

DNS Settings for Skype for Business should be configured as shown below:

Note: Please contact your Project Manager or Support to find out which Pool or SIP Entry your company should use.

CNAME Records for sip.[customerdomain]
Alias Name Target Host Pool
sip sip3.ct950.com Pool 03

CNAME Records for lyncdiscover
Alias Name Target Host
lyncdiscover lyncdiscover.ct950.com
SRV (Service) Records
Service Protocol Priority Weight Port Target
_sipfederationtls _tcp 0 0 5061 sip.[customerdomain]
_sip _tls 0 0 443 sip.[customerdomain]

Note: If your DNS is hosted by a third party that provides you with a web-based portal for administering DNS records, check in advance to ensure they support SRV records as some service providers do not and they are required for Skype for Business to function.

Note: GoDaddy users web interface will present you with a Name field for the SRV records in addition to the fields listed above.set the Name for both SRV records to the @ sign.

Advanced DNS Configuration

Geo Redundant Pool Configurations may want to consider a few factors when deciding which Geo Entries to use. Depending on user disbursement and primary pool for each user. Advanced IT administrators may want to direct all traffic through a specific datacenter if the network path has less latency or any other specific requirements. Please consult with Calltower support to determine if you should use direct Geo routing for your specific needs.

Direct Geo DNS Settings:

sip sip3stl.ct950.com Pool 03 Atlanta (Direct Geo)
sip sip3slc.ct950.com Pool 03 Salt Lake City (Direct Geo)

# Use the following Powershell Code to perform CallTower Network Check from endpoints
"sip3stl.ct950.com","sip3slc.ct950.com" | % {
    $hops = (Test-NetConnection -ComputerName $_ -TraceRoute).TraceRoute.Count
    $time = (((Test-Connection -ComputerName $_ -Count 10 -Delay 5 -TTL 255 -BufferSize 256 -ThrottleLimit 32).ResponseTime) | Measure-Object -Average).Average
    Write-Host "$_ is $hops hops away and has an average response time of $time(ms)" -ForegroundColor Cyan
}

How To Check DNS Settings 

1. Open Command Prompt (From the Start Menu type in cmd <enter>)
2. Type in nslookup <enter>
3. Type in set type=all <enter>
4. Type in the DNS record you would like to check.
 
sip.domain.com <enter>
lyncdiscover.domain.com <enter>
_sipfederationtls._tcp.domain.com <enter>
_sip._tls.domain.com <enter>
 
5. After you have completed the entries above, if you see “Non-authoritative answer:” and it matches what shows in the DNS template above then it’s setup correctly. If you see “Non-existent domain” or something other than what is given in the template above, double check your spelling, and if that is correct, then the DNS records was created incorrectly or their DNS provider is not properly pushing out the records publicly.

How To Check DNS Settings with PowerShell

Copy the below PowerShell Script into notepad or other code editor and Save it as "Check-SRVRecords.ps1"

Then use the command .\Check-SRVRecords.ps1 -domain [yourdomain.com] 

## CallTower PowerShell DNS Checker, This script checks all that you have all your DNS entries in place and displays the final route for DNS lookups.
##
## Usage .\Check-SRVRecords.ps1 -domain calltower.com 
##

Param($domain=(Get-WmiObject win32_computersystem).Domain)

$cnameresult = Resolve-DnsName sip.$domain -Server 8.8.8.8 -ErrorAction SilentlyContinue
$lyncdiscoverresult = Resolve-DnsName lyncdiscover.$domain -Server 8.8.8.8 -ErrorAction SilentlyContinue
$federationresult = Resolve-DnsName _sipfederationtls._tcp.$domain -Type SRV -Server 8.8.8.8 -ErrorAction SilentlyContinue
$siptlsresult = Resolve-DnsName _sip._tls.$domain -Type SRV -Server 8.8.8.8 -ErrorAction SilentlyContinue
$notfound = "`tDNS Entry Not Found"

Write-Host "`r`nCNAME Result" -ForegroundColor Cyan
if ($cnameresult) { 
    Write-Host "`tsip.$domain $(@(foreach ($result in $cnameresult.namehost){ '-> '+$result }))" -ForegroundColor Magenta
} else { 
    Write-Host $notfound -ForegroundColor Red
}

Write-Host "`r`nLyncDiscover Result" -ForegroundColor Cyan
if ($lyncdiscoverresult) {
    Write-Host "`tlyncdiscover.$domain $(@(foreach ($result in $lyncdiscoverresult.namehost){ '-> '+$result }))" -ForegroundColor Yellow
} else { 
    Write-Host $notfound -ForegroundColor Red
}

Write-Host "`r`nFederation Result" -ForegroundColor Cyan
if ($federationresult) {
    Write-Host "`t$($federationresult.NameTarget)" -ForegroundColor Green
} else { 
    Write-Host $notfound -ForegroundColor Red
}

Write-Host "`r`nSIP TLS Result" -ForegroundColor Cyan
if ($siptlsresult) {
    Write-Host "`t$($siptlsresult.NameTarget)" -ForegroundColor Green
} else { 
    Write-Host $notfound -ForegroundColor Red
}

You should see output similar to this with your domain:

SRVRecords.PNG