Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1877
Views
5
Helpful
3
Replies

How to create SRV records in my company's DNS setup

Go to solution
Difan Zhao
Level 5
Level 5

‎01-10-2018 08:53 AM - edited ‎03-17-2019 07:16 PM

Hi experts, I have a design question

My company does not do split horizon for DNS. Internally it is int.example.com domain. Externally it is just example.com domain. The external domain is hosted by AWS so it is resolvable even internally. My PC (where jabber runs on) is in int.example.com internal domain. When I log in on my windows PC, however, it is dzhao@example.com

I am from the routing and switching world so these all puzzles me big time. When I starts jabber, does it use my PC's domain or my windows account's domain to search for the SRV records? From the packet capture it uses the external one "example.com". 

So now you probably see the problem. On AWS we can create _cisco-uds._tcp.example.com SRV record and point to our internal CUCM (something like cm01.int.example.com). Everything works fine internally. However this is also resolvable when I am outside the domain (like at home)

So what is the best solution to deal with this? Can we make Jabber to search for the internal domain int.example.com instead of example.com easily?

Thanks!

Difan

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Difan Zhao

‎01-12-2018 11:37 PM

Here are the answers

"Thanks Mohammed. If I understand you correctly, I do have an option to
have both internal and external both go through the expressway. If I can't
block DNS, is it possible to have Exp-C have a local record of the _uds?
Then I just need to remove the _uds and _cup completely from the DNS
servers."

Yes you can have everything to go through Exp. I am using it. You can't
edit the hosts file of Exp-C to add local entries. The linux OS used for
Exp is locked from customizations. What I am doing now is a small DNS
server used by Exp-C only which has _uds and _cup. This DNS server is used
by Exp-C and not clients. Then I deleted _uds & _cup from the enterprise
DNS servers. This way clients won't resolve to CUCM instead they go to Exp.
At the same time Exp-C can resolve entries using its local DNS

"I still prefer to have internal going through the CUCM directly but I
can't block the DNS records (_uds and _cup) from being recognized/resolved
by external clients. That is my dilemma."

If you want to point internal jabber to CUCM directly then you need _uds
and _cup to point to CUCM and IMP and the users should see that. This is a
requirement for Exp-C as well. This is straightforward deployment.

"Again why my internal Jabber clients use "example.com
" instead of "int.example.com
" for the domain suffix for the SRV resolution? Is it from my username "
dzhao@example.com"? Can it get it from my PC's domain which is "
dzhao-w10.int.example.com
"? Is there another way to manipulate this domain suffix? If I can
manipulate this I might have another solution."

This is because Jabber client uses the host portion of your login (
example.com) as DNS suffix for lookup. It doesn't use computer DNS suffix.
You can change the DNS suffix from your computer name even if its domain
deployment and you can do this using AD GPO for simplicity but I don't
suggest this.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎01-12-2018 09:28 AM

What deployment model you want to use? Do you want to pass internal and external calls through expressway? In this case, you need to have isolated DNS to be used by Exp-C only to point _uds to CUCM while internal users use the organization DNS which doesn't have _uds and can resolve _collab_edge only.

 

Otherwise, you need to have _uds and _cup to point to CUCM and _collab_edge to point to Exp-E. This will make internal jabber to connect directly to IMP and CUCM while external jabber going to Exp-E. In this case jabber will work for internal and external and using DNS jabber will be able to identify if its external or internal. 

Go to solution
Difan Zhao
Level 5
Level 5
In response to Mohammed al Baqari

‎01-12-2018 11:47 AM

Thanks Mohammed. If I understand you correctly, I do have an option to have both internal and external both go through the expressway. If I can't block DNS, is it possible to have Exp-C have a local record of the _uds? Then I just need to remove the _uds and _cup completely from the DNS servers.

 

I still prefer to have internal going through the CUCM directly but I can't block the DNS records (_uds and _cup) from being recognized/resolved by external clients. That is my dilemma. 

 

Again why my internal Jabber clients use "example.com" instead of "int.example.com" for the domain suffix for the SRV resolution? Is it from my username "dzhao@example.com"? Can it get it from my PC's domain which is "dzhao-w10.int.example.com"? Is there another way to manipulate this domain suffix? If I can manipulate this I might have another solution.

 

Thanks!

Difan

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Difan Zhao

‎01-12-2018 11:37 PM

Here are the answers

"Thanks Mohammed. If I understand you correctly, I do have an option to
have both internal and external both go through the expressway. If I can't
block DNS, is it possible to have Exp-C have a local record of the _uds?
Then I just need to remove the _uds and _cup completely from the DNS
servers."

Yes you can have everything to go through Exp. I am using it. You can't
edit the hosts file of Exp-C to add local entries. The linux OS used for
Exp is locked from customizations. What I am doing now is a small DNS
server used by Exp-C only which has _uds and _cup. This DNS server is used
by Exp-C and not clients. Then I deleted _uds & _cup from the enterprise
DNS servers. This way clients won't resolve to CUCM instead they go to Exp.
At the same time Exp-C can resolve entries using its local DNS

"I still prefer to have internal going through the CUCM directly but I
can't block the DNS records (_uds and _cup) from being recognized/resolved
by external clients. That is my dilemma."

If you want to point internal jabber to CUCM directly then you need _uds
and _cup to point to CUCM and IMP and the users should see that. This is a
requirement for Exp-C as well. This is straightforward deployment.

"Again why my internal Jabber clients use "example.com
" instead of "int.example.com
" for the domain suffix for the SRV resolution? Is it from my username "
dzhao@example.com"? Can it get it from my PC's domain which is "
dzhao-w10.int.example.com
"? Is there another way to manipulate this domain suffix? If I can
manipulate this I might have another solution."

This is because Jabber client uses the host portion of your login (
example.com) as DNS suffix for lookup. It doesn't use computer DNS suffix.
You can change the DNS suffix from your computer name even if its domain
deployment and you can do this using AD GPO for simplicity but I don't
suggest this.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents