[VoiceOps] Lync, VPN and DNS?

Ray Van Dolson rvandolson at esri.com
Tue Feb 3 01:50:14 EST 2015

Possibly.  Am not the VOIP admin here (DNS & Network), so am getting up
to speed on the architecture.

What I know is that when a user VPN's in, they're pointed to internal
DNS servers which return internal (RFC1918) addresses addresses for the
Lync infrastructure.

Are you suggesting having the default be to point users to the
"external", Internet-accessible addresses?


On Mon, Feb 02, 2015 at 10:23:19PM -0800, Ryan Delgrosso wrote:
> Ray,
> Is there a reason you're tunneling the signaling at all? Seems like
> the path of least resistance would be to let the signaling and media
> take the same path. You're obviously already handling NAT traversal
> if you have the media going public.
> On 2/2/2015 10:00 PM, Ray Van Dolson wrote:
> >We have a corporate Lync environment with a large # of users hitting it
> >via their VPN tunnels.  We've set up routing on the VPN client side to
> >allow VOIP traffic to be routed over the public network rather than
> >through the tunnel -- if we can just get the DNS lookups to return the
> >public IP's instead of the internal IP's.
> >
> >We run BIND and I'm struggling to see a solution short of creating a
> >special view or separate BIND server just for VPN clients in which I
> >need to create many zone files to override the relevant Lync DNS
> >records (one zone per record since unfortunately all of our
> >Lync-related records live within our primary domain).
> >
> >Seems ugly and error prone.  Maybe BIND's RPZ could help?  Or maybe
> >there's some simpler solution I'm missing.
> >
> >We also have F5 w/ GTM -- maybe some magic could be done there.
> >
> >Any thoughts/advice?
> >
> >Ray

More information about the VoiceOps mailing list