Installing Skype for Business – Part 3

Share this:

In this third Tutorial of our series we are going to work on the DNS portion of the deployment. Like its predecessors, there are a lot of certificates and DNS requirement to get all clients and settings working properly.


There is a lot of discussion around certificates and DNS in Skype for Business/Lync and OCS throughout the years. The main issues lies that Skype for Business requires Digital Certificates and to have that working properly you must follow some rules and make sure that your DNS is configured properly, after all a wrong name will cause a certificate issue on the client side and we want to avoid that.

There are several ways to manage DNS for Skype for Business, and I will try to summarize some of the options available on these key points (also some hints about the configuration in general):

  • If you have an Active Directory that uses a valid FQDN and that is the same of your sip domain (example: then you are golden, because your DNS is already in place internally and you just need to add the records
  • If you have a non-public FQDN, such as patricio.local, then you mainly two options:
    • Use split-brain DNS where we create the Public Domain internally and create all the entries to support Skype for Business internally.
      Note: By doing that we must make sure that any service that is using the Public DNS must be replicated internally.
    • Use pinpoint zones, instead of using an entire zone, we create each entry on the internal DNS to support Skype for Business.For example, we will have a zone but if someone tries to access, then the Public Zone will be used (to be honest, that is not my favorite option).
      Note: In order to configure pinpoint DNS, we can use DNS Manager or dnscmd utility.

For this Tutorial we are going to use the split-brain DNS (my favourite option) which I believe it is a more elegant solution than pinpoint zones. Basically, to configure a single Skype for Business Server we need to create the following entries (A records) and the only exception will be the last entry (a SRV record):

  • Lyncdiscoverinternal (A host)
  • admin (A host)
  • meet  (A host)
  • dialin (A host)
  • Scheduler (A host)
  • sip (A host)
  • _sipinternaltls (SRV record)

The DNS record for the split-brain DNS should be something similar to this:



Using SB-EasyDNS.ps1 script

In order to speed up the process, we created a script which will create all the A records and SRV records to support the Skype for Business when using a split-brain DNS scenario.

If the domain does not exist, then the script will create it as part of the process.

The syntax is pretty simple we just need to provide the domain name and the IP address. Note:  The following script must be run on the DNS server.

In the following example we using the script to create all records, as follows:


Where is the domain and the IP is of the Skype for Business Server 2015

The script in action is pretty simple and straightforward as shown in the figure below.


In order to download the script, use the following link: If you have any suggestions or improvements for the script, please let us know and we will update for the IT Community.

Written by Anderson Patricio

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at, and (Portuguese).