Creating FQDN With Split DNS
pixel500w-500x1
Zero Admin
With the new Dashboard
pixel500w-500x1
Bulletproof Security
With SSL certs and NGINX
pixel500w-500x1
Install on $150 Appliance
Intel MiniPC architecture
pixel500w-500x1
New, Intuitive Windows Client
More themes, more UC
pixel500w-500x1
More CRM Integrations
Scripting Interface to add your own
pixel500w-500x1
Improved Integrated Web Conferencing
iOS and Android apps included
pixel500w-500x1
Personal Click2Meet URLs

Creating FQDN With Split DNS

Creating FQDN with split DNS

Creating FQDN with split DNS

Introduction

Prerequisites

Step 1: Create an External FQDN

Test your DNS Entry

Step 2: Create an external FQDN internally

Enable the DNS Role

Add a New Zone

Adding a New Host

Test your DNS Entry

Introduction

3CX Phone System requires that you have an FQDN that resolves externally from outside your network and also internally from within your network. This is required so that internal extensions, remote extensions, internal and remote phone provisioning, VoIP providers and WebRTC calls can reliably work on your PBX using a single FQDN.

To achieve this you create two zones for the same domain, one to be used by the external network the other used by the internal network, typically known as Split DNS.

  • In addition an external FQDN is also required for the creation of your SSL certificate used to secure your connection to the 3CX Phone System and 3CX WebRTC Gateway.
  • You must have a registered domain name.
  • A DNS Server in your local lan (Windows Server or any other configurable DNS Server)

There a two steps you will need to take in order to create your FQDN for your 3CX Phone System.

  • Step 1: Create and configure your External FQDN with your registered domain name
  • Step 2: Create and configure your external FQDN internally (Split DNS).

Step 1: Create an External FQDN

Note: This example is based on EuroDNS. The procedure will vary for a different registrars.

  1. Log in to your account.
  2. Navigate to “Control Panel” > “Zone Profiles”.

add zone provile - Copy

  1. Click “Add Zone Profile”.
  2. Click “Rename Zone Profile” and give your profile a name. In our example we used “example.com”. Click “Rename” to save your profile name.
  3. Click “Add DNS Record” and select “A (IPv4 Address)” from the menu.

add a record

  1. In the “Host” field fill in your desired hostname. In our example we used “pbx”.
  2. In the “IP Address V4” field enter the public IP of your machine.
  3. In the TTL field, leave the default value of 3600.
  4. Click ✓ to save. Your “pbx.example.com” FQDN should now correctly resolve to your server’s public IP address.

Note: Your FQDN will not resolve to your server’s public IP address right away. DNS changes usually take 24 hours to take effect.

Test your DNS Entry

To make sure that your DNS Server resolves your FQDN to the correct IP Address do the following:

  1. Open a command prompt window on a computer in your lan.
  2. Type in nslookup followed by your domain name – Example nslookup pbx.example.com
  3. As a result you should get the IP Address of the host – in this example: 212.212.212.255

This concludes the creation of your external FQDN, you can now move on to the creation and configuration of your internal DNS.

Step 2: Create an external FQDN internally

This following guide will explain how to create and configure your external FQDN on a Microsoft Windows 2012 R2 DNS Server that is inside your network.

If you do not already have a DNS server created on your network you can create one by following these steps:

Enable the DNS Role

add roles

  1. From your Windows 2012 server, start “Server Manager”
  2. Click “Manage” on the top right of the Server Manager window and from the drop-down menu select “Add Roles and Features”.
  3. The Add Roles and Features Wizard will open. Click “Next”.
  4. Leave the default “Role-based or feature-based installation”. Click “Next”.
  5. Select the server that you wish to install the new role on. Click “Next”.
  6. Check “DNS Server” from the list. In the dialog window that pops up, leave the default settings selected and click “Add Features”. Click “Next” to proceed.
  7. On the Features page, click “Next”.
  8. On the DNS Server page, click “Next”.
  9. Click “Install”.
  10. When the installation is completed click “Close” and proceed to the next step.

Once you have created your DNS Server you can now continue to create your Split DNS Zone and records.

Add a New Zone

From the Server Manager application:

  1. Click “Tools” on the top right on the Server Manager window and from the drop-down menu select “DNS”.
  2. The DNS manager will open. Right click on your server’s name and select “New Zone…”.
  3. The New Zone Wizard will open. Click “Next”.
  4. Leave the default “Primary zone” selected and click “Next”.
  5. Select “Forward lookup zone” and click “Next”.

  1. Fill in your zone name. In our example we used “example.com”. Click “Next”.
  2. In the Zone File page leave the default options selected and click “Next”.
  3. In the Dynamic Update page leave the default options selected and click “Next”.Click “Finish”.

Adding a New Host

Your newly created zone will now appear under Forward Lookup Zones:

  1. Right click on the zone you have just created and select “New Host (A or AAAA)…”.
  2. Fill in the name of the host. In our example we used “pbx”.
  3. Fill in the local IP of the 3CX Phone System machine.
  4. Click “Add Host”. A dialog will appear confirming the that the record for “pbx.example.com” was added. Click “OK” followed by “Done”.

This is the FQDN you will use during the 3CX Phone System Setup in the FQDN Section.

Test your DNS Entry

To make sure that your DNS Server resolves your FQDN to the correct IP Address do the following:

  1. Open a command prompt window on a computer in your lan.
  2. Type in nslookup followed by your domain name – Example nslookup pbx.example.local
  3. You should get as a result the IP Address of the host – in this example: 192.168.9.71

This concludes your configuration of your Split DNS infrastructure, you can now install and configure your 3CX Phone System using a single external FQDN.

Note: Accessing your external domains from inside your network may be affected after you create your split DNS.

For example, access to your company's website, i.e. www.example.com, may not work from within your network. In which case you will need to add an A record with the external IP Address for each of the subdomains that you need to access from inside your network.

See also the following pages for for more Information:

You might also be interested in:


Ask a Question

Please only post questions in regards to the document you are currently reading.
Technical support or pre sales questions must be posted via the support or sales channels and such comments will be deleted. Thank you for understanding

Leave a Reply

  1. Hi Guys,

    Great article, but can I suggest a better more efficient way of doing the internal namespace setup?

    There is a risk that a unexperienced user will follow your instructions and if they are using their own namespace will kill all external access to their own domains. For instance, if they create a zone for their company, lets say jobloggs.com and do the record pbx.jobloggs.com then this will work, but unless they add http://www.jobloggs.com they wont be able (internally) to get to their own website.

    Therefore, my recommendation is to instead create a forward lookup zone of pbx.jobloggs.com with a default record with the internal IP.

    This is also the Microsoft recommended way.

    Hope this is helpful. Drop me a line if you want more info.

    August 27, 2015 at 11:07 pm Reply
    • Yann

      Hi Nick,
      can You explain how to create the forward lookup zone with a default record with the internal IP.
      Because I use my wn namespace and I don’t want kill all external access (website and others).
      I have a Windows 2012 R2 Server with DNS role.
      Thanks

      September 2, 2015 at 12:55 pm
    • Charalambos Eleftheriou

      @Yann. Thanks for the question. To create the internal part of the split DNS so that it does not affect external access to your website and require you to add an A record for each of the sites you will need to access, Simply create a forward look up zone, within your internal dns, for the entire FQDN and then add a A record to this zone using the root of the zone (no name specified for the record). Then point it to the IP Address of the 3CX Phone System server. For example, you have a an external FQDN : pbx.domain.com create a forward lookup zone, in your internal DNS, called pbx.domain.com. Add an A record to this zone to point to the IP address of your 3CX Phone System, leaving the name blank so that it will use the parent name of pbx.domain.com. This way when you try to access http://www.domain.com, from inside your network, the resolution of which will not be affected by your internal DNS.

      September 2, 2015 at 1:17 pm
    • Yann

      Hi Nick.
      Can you explain how to create the default record with the internal IP on the DNS server ?

      Thanks

      September 2, 2015 at 1:30 pm
    • Charalambos Eleftheriou

      @Yann, Please follow the procedure as documented in Step 2: Create an external FQDN internally, on this guide, where it says to add new zone, enter your entire FQDN, for example, pbx.domain.com. Then create your A record as documented above, except leave the name part empty. You will now have created a new internal forward lookup zone for the entire FQND and an A record using the root name (the entire FQDN) in your internal DNS infrastructure.

      September 2, 2015 at 2:11 pm
  2. Jeff Hind

    A lot of good information here if the client has Windows server that the PBX resides on. The majority of my clients use Win 7 pro for their PBX server.
    How do we set this up on Win 7 pro machines? Or am I missing the obvious?

    September 18, 2015 at 6:54 pm Reply
    • Shane

      YES! I am wondering the same thing!

      What do we do in this situation???

      September 28, 2015 at 12:15 pm
    • Charalambos Eleftheriou

      @Jeff, thanks for the question. To use a single external FQDN both internally and externally you do require an internal DNS server of some kind, to be able to configure it internally. Some firewalls and routers have DNS servers built in and can also be used.

      September 29, 2015 at 4:24 pm
    • Chris

      I am in the same boat, most of our clients that would have been upgrading wont now and second my clients that were scheduled to transition in Q 4 wont be now if we don’t have DNS internal and external. I think R and D needs to re think this. Small business no longer runs servers in-house. Version 12 worked fine for these scenarios but 14 is a different animal.

      September 30, 2015 at 1:35 am
    • We still think split DNS is the way to go but in SP1 out next week you can specify internal and external FQDN

      October 2, 2015 at 1:42 pm
    • Jeff Hind

      Will instructions be given on how to create the internal FQDN? All I can find is the split DNS when using the server edition. I have not found anything on creating internal FQDN on Win. 7 prop

      October 16, 2015 at 9:30 pm
    • Charalambos Eleftheriou

      @Jeff, thanks for the question. By default when a machine is joined to an active directory domain the computer name is added as an A record to the already created DNS infrastructure of the windows domain, automatically creating the FQDN. If the computer you are using is not part of a windows domain simply enter the IP address of this computer in the local FQDN field.

      October 16, 2015 at 9:44 pm
  3. Hi everyone
    For those that have installations with windows 7 pro you can buy a mikrotik and do the same job. It is an excellent router that costs 60 euros.

    October 6, 2015 at 9:52 pm Reply
    • @Geogre, Can you send the link to the device for €60 on MikroTik?

      October 30, 2015 at 1:53 pm
    • John

      Hi How do you do this? I have mikrotik.

      December 13, 2015 at 8:46 pm
    • Charalambos Eleftheriou

      @John, thanks for the question. I take it you mean you don’t have an internal DNS server in which to create an internal forward lookup zone for the external FQDN and are installing using the behind NAT option. In this case during the installation choose the second option to install with both an external and internal FQDN. Then enter your external FQDN, in the external FQDN box (mandatory). In the internal FQDN box enter the internal (private) IP address of your 3CX Phone System server instead. This will then allow you to connect from both inside and outside your network.

      December 14, 2015 at 11:41 am
  4. If you opt to not use FQDN. Version 14 SP1 upgrade forces you to use Abbys. I have a client with 3CX 12.5 with no FQDN on IIS Web server. When I tried to upgrade to 14 SP1, the upgrade will allow me to not use FQDN but I can find a way to use Microsoft IIS instead of Abbys. Is there a way around this?

    November 15, 2015 at 8:29 pm Reply
    • @ E-ssential Networks LLC Yes No FQDN forces you with Abyss. It is ok. Abyss and IIS are the same – they are just different background web servers and the client should not care.
      If you have IIS already in use by something else we need to install Abyss.
      If you have IIS purposely only for 3CX PBX, then remove IIS completely from the machine as it is no longer required cause you will use Abyss.

      November 16, 2015 at 3:32 pm
  5. evh

    I am trying to launch this on an AWS instance … there is no way I am going to be able to buy a 60 Euro router to solve the problem. This is a deal killer.

    December 25, 2015 at 8:11 am Reply
    • Charalambos Eleftheriou

      @Evh, thanks for the question. Firstly though please be advised that AWS is not a supported platform for 3CX Phone System due to the Virtualisation platform they use. So just make sure that your hosting service uses either VMWare or hyper V as their Virtualisation platform..Then when installing 3CX you have the option to choose external FQDN and internal FQDN (the local IP address can be used if you don’t have internal DNS) but if you are installing in the cloud and will only require external connections, there are no local connections, then you only need enter your external FQDN.

      December 29, 2015 at 10:34 am
  6. jose huescar

    Hola
    Hay alguna forma de cambiar el FQDN despues de la instalacion ?
    gracias

    January 18, 2016 at 3:00 pm Reply
    • Charalambos Eleftheriou

      @Jose, thanks for the question. Though would it be possible for you to ask this in English please.

      January 18, 2016 at 3:06 pm
  7. Hans Cammeraat

    Though not being a newbe at networking I’m a little confused.
    Imho something does not add up in the section of testing the external FQDN internally.

    While creating a new external zone internally, the zone name example.COM is used.
    Now, should this be tested by looking up the example.LOCAL as mentioned in point 2 of ‘Test your DNS entry’?

    Which of COM and LOCAL should be used for a proper working 3CX system?

    Any advice would be welcome! Thanks in advance!

    March 7, 2016 at 11:52 pm Reply
    • Charalambos Eleftheriou

      @Hans, When installing 3CX and need to have external conections you require an External FQDN. When choosing the Single FQDN option you are required to configure this with Split DNS so that the external FQDN resolves internally to the local IP of the 3CX phone system machine. So we need to test the external FQDN (.com) both externally and internally.

      March 8, 2016 at 11:04 am
  8. Yahoska Gutierrez

    Hi Guys,
    there any way to change the DNS – FQDN ?

    April 11, 2016 at 5:44 pm Reply
    • Charalambos Eleftheriou

      @Yahosk, To change the FQDN you need to take a backup, remove 3CX, reinstall with the new FQDN, configure using the config wizard and restore the backup.

      April 11, 2016 at 6:06 pm
  9. Pingback: 3CX Modifies Windows Hosts File | MCB Systems

    • @MCB Systems I Agree with you. We do this to be able to launch the management console using the proper fqdn without https certificate errors.

      August 4, 2016 at 10:10 pm
<