I'm having an issue with the DNS SRV resolving.
I have a CUCM & CUPS cluster in country A.
And currently working on another CUCM & CUPS cluster in country B.
The common thing for those countries is the domain, for example: domain.com.
Another thing that is important to note, is that the domain controllers in each country are replicated and have exactly the same records.
At first, when I had only one cluster in country A, we had set the usual DNS SRVs:
And of course it worked.
But now I have a much more complicated issue, now I want that if someone is trying to access Jabber from country B, it'll point him to the CUCM cluster of site B, and not site A.
But because all of the DCs are replicated, and they all have the same _cisco-uds._tcp.domain.com SRV record, it points all the countries to the CUCM cluster of site A.
What is the best practice for this topology? How can I achieve it?
Another thing I must note, as it's very important I think, is that we have Expressway in each country, so the users must enter 'firstname.lastname@example.org' when they log in, so If the solution you provide is to use internal different DNS domain names for each country, so each time they'll loose WiFi access in the HQ, and will connect to the internet at home for example, the Internet won't recognize those "internal DNS domain names". Unless you have a solution for this one, too.
Hope you understand what I mean.
Thanks in advance!
Use ILS, see here
And even if the answer was a different internal domain, you can still make that work
I worked it out eventually. I used the same domain, and used ILS in order to make the user authentication work. And actually it works great. After all, the ILS request is a small one, and I don't really mind if a user will authenticate himself via Europe cluster even if he's in United States.
So anyway, thanks! And unfortunately I didn't get any updates via mail that you responded, otherwise I could save a little bit time on making this topology work.
What do you mean? Do you want to publish your DNS entries on the public DNS, not on the internal? Because you're not allowed to do it with MRA, as in the public internet it is not allowed to publish the '_cisco-uds' and '_cuplogin' SRV records, if that is what you mean.
Anyway, in the my topology it is working great with MRA. I have 3 clusters across the world, with DNS GEO-location that resolves the closest '_collab-edge' SRV record that points you to the closest Expressway-E server. From there, it is connected to the internal DNS, and in the internal DNS of the company I configured one of the CUCM clusters first regarding the internal SRV records (cisco-uds and cuplogin), and of course the rest clusters with lower priority. That way every user, no matter where he is, he'll communicate with the most prioritized CUCM cluster and via ILS that is running between the 3 CUCM clusters, it is pointing the user to authenticate and register to its home cluster CUCM.
And it is working PERFECTLY for a year or so ;)