Hi experts, I have a design question
My company does not do split horizon for DNS. Internally it is int.example.com domain. Externally it is just example.com domain. The external domain is hosted by AWS so it is resolvable even internally. My PC (where jabber runs on) is in int.example.com internal domain. When I log in on my windows PC, however, it is email@example.com
I am from the routing and switching world so these all puzzles me big time. When I starts jabber, does it use my PC's domain or my windows account's domain to search for the SRV records? From the packet capture it uses the external one "example.com".
So now you probably see the problem. On AWS we can create _cisco-uds._tcp.example.com SRV record and point to our internal CUCM (something like cm01.int.example.com). Everything works fine internally. However this is also resolvable when I am outside the domain (like at home)
So what is the best solution to deal with this? Can we make Jabber to search for the internal domain int.example.com instead of example.com easily?
Solved! Go to Solution.
What deployment model you want to use? Do you want to pass internal and external calls through expressway? In this case, you need to have isolated DNS to be used by Exp-C only to point _uds to CUCM while internal users use the organization DNS which doesn't have _uds and can resolve _collab_edge only.
Otherwise, you need to have _uds and _cup to point to CUCM and _collab_edge to point to Exp-E. This will make internal jabber to connect directly to IMP and CUCM while external jabber going to Exp-E. In this case jabber will work for internal and external and using DNS jabber will be able to identify if its external or internal.
Thanks Mohammed. If I understand you correctly, I do have an option to have both internal and external both go through the expressway. If I can't block DNS, is it possible to have Exp-C have a local record of the _uds? Then I just need to remove the _uds and _cup completely from the DNS servers.
I still prefer to have internal going through the CUCM directly but I can't block the DNS records (_uds and _cup) from being recognized/resolved by external clients. That is my dilemma.
Again why my internal Jabber clients use "example.com" instead of "int.example.com" for the domain suffix for the SRV resolution? Is it from my username "firstname.lastname@example.org"? Can it get it from my PC's domain which is "dzhao-w10.int.example.com"? Is there another way to manipulate this domain suffix? If I can manipulate this I might have another solution.