Best Practices: Split DNS (Split DNS) in 3CX Phone System Infrastructure

Introduction

For correct operation of 3CX Phone System, it is recommended to configure and use the so-called split DNS (Split DNS). Split DNS consistently represents network host names (FQDN) on the inside and outside network. In other words, the 3CX Phone System server will be available on a private and public network using a single FQDN name. This approach provides several advantages:

• provides uniform configuration of internal and external connections to the server
• accelerates user re-registration when moving from internal to external network and vice versa
• allows you to create the same configuration for internal and external users of 3CXPhone
• allows you to administer the system, view reports and listen to recordings of conversations, regardless of the user's location
• allows you to specify a single autotune URL in IP phones, regardless of their location

To successfully configure Split DNS, you must meet a number of conditions:

• creating a self-signed SSL certificate, or purchasing a trusted certificate from an accredited company
• availability of a registered domain name at the domain registrar
• presence of static IP address
• Your internal network should have a DNS server running. This may be a Windows Server based DNS or DNS server implemented in a firewall.

It is recommended to create a split DNS before installing the 3CX Phone System server.

Split DNS is created in two stages:

1. DNS zone is configured on a public DNS server at the registrar of your domain name - public FQDN server name 3CX Phone System
2. A similar zone is created on the internal DNS server — the private FQDN of the 3CX Phone System server

Public FQDN server name

Let us show the setting of the public server name using the example of the EuroDNS registrar. For other registrars, the procedure is not fundamentally different.

1. Log in to your account
2. Go to Control Panel > Zone Profiles
   
   
3. Click Add Zone Profile
4. Click Rename Zone Profile and name the profile. In this example, we used example.com . Click Rename to save the profile name.
5. Click Add DNS Record and in the menu select A (IPv4 Address)
   
   
6. In the Host field, specify the desired server name. In our example, this is pbx.
7. In the IP Address V4 field, enter the public IP address of your 3CX Phone System server
8. The TTL field is set to 3600 by default.
9. To save the settings, press ✓. An A-record (your FQDN server name) pbx.example.com will be created. After some time, which may take up to 24 hours , your public FQDN server name will be converted to a public IP address.

To test the correctness of setting up the public FQDN, at the command prompt, enter nslookup pbx.example.com . The command needs to be executed on a computer located on the external network. In response, you should receive the external IP address of the 3CX server.

Private FQDN server name

We show how to configure a private FQDN name on a DNS server located on your company's internal network. The example is based on the Windows 2012 R2 DNS server and assumes that the server is configured from scratch.
')

Enable DNS Role

1. Run Server Manager
2. In the upper right-hand corner of the Server Manager window, click Manage and select Add Roles and Features from the pop-up menu.
3. In the Add Roles and Features Wizard, click Next.
4. Leave the default Role-based or feature-based installation option and click Next.
5. Select the server to which you want to assign a new role and click Next.
6. Select DNS Server from the list. In the dialog box that appears, leave the default values, click Add Features and Next
7. On the Features page, click Next.
8. On the DNS Server page, click Next.
9. Click Install
10. After the installation is complete, click Close.

After adding the DNS server role, create a split DNS zone and entries in it.

Adding a new zone

A new zone is created in the Server Manager snap-in:

1. In the upper right corner of the snap-in, select Tools and in the DNS drop-down menu
2. The DNS manager opens. Right-click on the server name and select New Zone ...
3. In the New Zone Wizard wizard, click Next.
4. Leave the Primary zone as default and click Next.
5. Select Forward lookup zone and click Next.
   
   
6. Specify the zone name, in our example, example.com , and click Next.
7. On the Zone File page, leave the default settings and click Next.
8. On the Dynamic Update page, leave the default settings, click Next and Finish

Add new host

The newly created zone will appear in the Forward Lookup Zones section:

1. Right-click on the created zone and select New Host (A or AAAA) ...
2. Specify the host name, in our example, pbx
3. Enter the private (local) IP address of the 3CX Phone System server
4. Click Add Host . A message appears stating that the pbx.example.com entry has been created. Click OK and Done

This is the FQDN name you specify during the installation of the 3CX Phone System server in the FQDN section.

To test the correctness of setting up a private FQDN name, at the command prompt, enter nslookup pbx.example.com . The command must be executed on a computer located on the internal network. In response, you should get the internal IP address of the server.
Split DNS is created. From now on, 3CX Phone System will use a single FQDN name in the public and private network.

Possible problems

Depending on the type of DNS server you are using, you may encounter that your other hosts, such as the www.example.com web server, will become unavailable from the internal network. This is due to the fact that your local DNS server will begin to use the internal DNS zone, rather than redirecting local client requests to an external DNS server. In this case, it is necessary to duplicate the records of all hosts in the external DNS zone in the internal DNS zone A. A record must contain the domain name of the host and its public IP address.

Additional Information

• Split-Brain Domain Name Services
• Windows - Setting Up Split DNS
• Split DNS: make BIND work on two fronts
• Installing 3CX Phone System
• Configuring firewalls and routers
• Client Setup: 3CXPhone
• Configure and manage IP phones and end devices