[cisco-voip] DNS client on CUCM, Unity servers?

Wes Sisk wsisk at cisco.com
Mon Sep 28 17:06:58 EDT 2009


Negative testing verifies that desirable behavior occurs when product is 
used outside recommended use.  Examples would include performing tests:
* CM with DNS configured but DNS server powered down
* CM with DNS configured, physical DNS server running, but DNS service 
stopped
* CM with DNS configured, DNS server and service running, but changing 
the forward entry to return an incorrect value
* CM with DNS configured, DNS server and service running, but DNS 
returning resolution failure

negative testing would assure 'fail safe' behavior in these conditions. 
'Fail Safe' is fire doors defaulting to unlocked during power failure.

/wes


On Monday, September 28, 2009 4:46:44 PM, Lelio Fulgenzi 
<lelio at uoguelph.ca> wrote:
> Agreed. Unfortunately, with so many features requiring it, it may not 
> be an option.
>
> What do you mean by "negative testing"
>
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
> (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> "Bad grammar makes me [sic]" - Tshirt
>
>
> ----- Original Message -----
> From: "Wes Sisk" <wsisk at cisco.com>
> To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
> Cc: "cisco-voip mailinglist" <cisco-voip at puck.nether.net>, "Ed 
> Leatherman" <ealeatherman at gmail.com>
> Sent: Monday, September 28, 2009 4:35:58 PM GMT -05:00 US/Canada Eastern
> Subject: Re: [cisco-voip] DNS client on CUCM, Unity servers?
>
> Agreed based on both personal preference and experience.  IMHO 
> removing dependency is best measure where when components cannot agree 
> on SLA. 
>
> Also noteworthy that core CM test does not perform 'negative testing' 
> of DNS responses and availability. This highly weights my approach to 
> the issue.
>
> /Wes
>
> On Monday, September 28, 2009 4:25:46 PM, Lelio Fulgenzi 
> <lelio at uoguelph.ca> wrote:
>
>     You hit the nail on the head with SLAs - DNS SLA -ge VOIP SLA.
>
>     It seems to me, that most things will continue to work, but it's
>     during some sort of administration/maintenance that things may go
>     awry. But of course, anything can pop up.
>
>
>
>     ---
>     Lelio Fulgenzi, B.A.
>     Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
>     (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     "Bad grammar makes me [sic]" - Tshirt
>
>
>     ----- Original Message -----
>     From: "Wes Sisk" <wsisk at cisco.com>
>     To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
>     Cc: "cisco-voip mailinglist" <cisco-voip at puck.nether.net>, "Ed
>     Leatherman" <ealeatherman at gmail.com>
>     Sent: Monday, September 28, 2009 4:14:10 PM GMT -05:00 US/Canada
>     Eastern
>     Subject: Re: [cisco-voip] DNS client on CUCM, Unity servers?
>
>     Unfortunately, it depends.
>
>     With
>     CSCsq66400    clm rewrites all hosts file entries on subscriber at
>     every reboot
>     the name resolution files such as /etc/hosts were rewritten on
>     every reboot.  To accomplish this cluster manager (clm) would
>     attempt forward/reverse DNS resolution at every reboot. For
>     versions without the fix for CSCsq66400 any reboot with DNS down,
>     incorrect, or unreachable will cause informix to not start and
>     therefore critical system failure.
>
>     CSCsq66400 should help some and CSCsw88022 should help some more.
>     However, this is clearly corner case.  In general if CM is
>     configured with DNS then DNS needs to carry same or similar SLA to CM.
>
>     /Wes
>
>     On Monday, September 28, 2009 4:03:13 PM, Lelio Fulgenzi
>     <lelio at uoguelph.ca> wrote:
>
>         Thanks Wes. This really highlights the requirements. I notice
>         the bug you pointed out was only for an upgrade though. Not
>         for actual operations. Do you think CUCM/informix won't start
>         up without DNS after a normal restart?
>
>         ---
>         Lelio Fulgenzi, B.A.
>         Senior Analyst (CCS) * University of Guelph * Guelph, Ontario
>         N1G 2W1
>         (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>         "Bad grammar makes me [sic]" - Tshirt
>
>
>         ----- Original Message -----
>         From: "Wes Sisk" <wsisk at cisco.com>
>         To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
>         Cc: "cisco-voip mailinglist" <cisco-voip at puck.nether.net>, "Ed
>         Leatherman" <ealeatherman at gmail.com>
>         Sent: Monday, September 28, 2009 3:48:30 PM GMT -05:00
>         US/Canada Eastern
>         Subject: Re: [cisco-voip] DNS client on CUCM, Unity servers?
>
>         Good points, DNS required for reverse resolution of SIP
>         endpoints.  Most presence deployments will use CUPS which has
>         heavy AD dependence which will require AD which will
>         necessitate DNS.  In short, yes, presence will likely require
>         DNS as well.
>
>         NAT explanation:
>         Whatever is configured under system->server is what gets
>         populated into TFTP configuration files passed to devices. 
>         Since there is nothing out there to fixup XML, and especially
>         encrypted/signed XML files, the hostname would be passed to
>         endpoint.  Endpoint would attempt DNS resolution.  That DNS
>         query would be fixedup to return the outside IP of CUCM.  If
>         you specified an IP under system->server the endpoint would
>         attempt to contact that IP directly.  You could only
>         redirect/NAT that session if you controlled IP routing in the
>         remote subnet.  DNS fixup is a more friendly/transparent option.
>
>         AD explanation:
>         AD sync must be configured with servername.  Name to IP
>         resolution requires DNS.
>
>         /Wes
>
>         On Monday, September 28, 2009 3:43:34 PM, Lelio Fulgenzi
>         <lelio at uoguelph.ca> wrote:
>
>             Yowza - Can you elaborate on what you mean by NAT and/or AD?
>
>                 * Endpoints doing NAT somewhere out there? Not sure
>                   why you'd need DNS for that.
>                 * As for AD, do you mean AD/LDAP
>                   integration/synchroniation?
>
>             I would have though you need DNS for SIP endpoints,
>             presence, etc.
>
>
>
>             ---
>             Lelio Fulgenzi, B.A.
>             Senior Analyst (CCS) * University of Guelph * Guelph,
>             Ontario N1G 2W1
>             (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
>             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>             "Bad grammar makes me [sic]" - Tshirt
>
>
>             ----- Original Message -----
>             From: "Wes Sisk" <wsisk at cisco.com>
>             To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
>             Cc: "cisco-voip mailinglist" <cisco-voip at puck.nether.net>,
>             "Ed Leatherman" <ealeatherman at gmail.com>
>             Sent: Monday, September 28, 2009 3:40:39 PM GMT -05:00
>             US/Canada Eastern
>             Subject: Re: [cisco-voip] DNS client on CUCM, Unity servers?
>
>             If doing NAT or AD it is required.  Otherwise it is still
>             a liability.  Example:
>             CSCsw88022    Database should still start and function
>             when DNS is unavailable
>
>             In this case Informix will not start if configured DNS
>             servers are unreachable.
>
>             /Wes
>
>             On Monday, September 28, 2009 3:33:41 PM, Lelio Fulgenzi
>             <lelio at uoguelph.ca> wrote:
>
>                 interesting. is the recommendation still to not enable
>                 DNS on CUCM servers?
>
>                 ---
>                 Lelio Fulgenzi, B.A.
>                 Senior Analyst (CCS) * University of Guelph * Guelph,
>                 Ontario N1G 2W1
>                 (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
>                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>                 "Bad grammar makes me [sic]" - Tshirt
>
>
>                 ----- Original Message -----
>                 From: "Wes Sisk" <wsisk at cisco.com>
>                 To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
>                 Cc: "cisco-voip mailinglist"
>                 <cisco-voip at puck.nether.net>, "Ed Leatherman"
>                 <ealeatherman at gmail.com>
>                 Sent: Monday, September 28, 2009 3:31:18 PM GMT -05:00
>                 US/Canada Eastern
>                 Subject: Re: [cisco-voip] DNS client on CUCM, Unity
>                 servers?
>
>                 yes, but the dependence on DNS will still affect you
>                 intermittently.
>
>                 /wes
>
>                 On Monday, September 28, 2009 3:28:57 PM, Lelio
>                 Fulgenzi <lelio at uoguelph.ca> wrote:
>
>                     Wes,
>
>                     Can we enable DNS but still program the IP address
>                     of the CUCM nodes ?
>
>                     ---
>                     Lelio Fulgenzi, B.A.
>                     Senior Analyst (CCS) * University of Guelph *
>                     Guelph, Ontario N1G 2W1
>                     (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
>                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>                     "Bad grammar makes me [sic]" - Tshirt
>
>
>                     ----- Original Message -----
>                     From: "Wes Sisk" <wsisk at cisco.com>
>                     To: "Ed Leatherman" <ealeatherman at gmail.com>
>                     Cc: "cisco-voip mailinglist"
>                     <cisco-voip at puck.nether.net>
>                     Sent: Monday, September 28, 2009 3:26:26 PM GMT
>                     -05:00 US/Canada Eastern
>                     Subject: Re: [cisco-voip] DNS client on CUCM,
>                     Unity servers?
>
>                     Enabling DNS will affect all operations. It's not
>                     a component-wise defined feature, think all or
>                     nothing.
>
>                     All code calls gethostbyname(),
>                     gethostbyip(),gethostentry().. which invokes host
>                     name resolution features.
>
>                     Just make sure:
>                     1. forward resolution for all servers work
>                     2. reverse resolution for all servers work
>                     3. all servers use same dns suffix
>
>                     CLI 'set network dns...' is the command set to set
>                     and enable dns.
>
>                     /Wes
>
>                     On Monday, September 28, 2009 3:09:26 PM, Ed
>                     Leatherman <ealeatherman at gmail.com> wrote:
>
>                         Follow-up question about DNS..
>
>                         Originally I did not enable DNS on any nodes,
>                         as it was not needed. I would now like to
>                         configure an SMTP server for alerts, and our
>                         systems group wants me to use a name instead
>                         of IP. Are there any ramifications to turning
>                         on DNS, regarding things like database
>                         replication or intracluster communications? My
>                         servers are all defined by IP addresses, so it
>                         should be using that through-out, right?
>
>                         I'm assuming various "set network dns*"
>                         commands will turn this on if I decide to do that.
>
>                         On Tue, Aug 18, 2009 at 10:46 AM, Wes Sisk
>                         <wsisk at cisco.com <mailto:wsisk at cisco.com>> wrote:
>
>                             On the surface this seems an odd question
>                             so I'm sure there is misunderstanding.
>
>                             CM needs access to DNS to perform forward
>                             and reverse lookups on:
>                             SIP endpoints
>                             h323 endpoints
>                             AD servers
>                             other nodes in the cluster
>
>                             There are deployments which do not use any
>                             of these and therefore do not need access
>                             to a DNS server.  On those, DNS can be
>                             disabled.
>
>                             /Wes
>
>
>                             On Tuesday, August 18, 2009 1:54:37 AM ,
>                             ciscozest <ciscozest at gmail.com>
>                             <mailto:ciscozest at gmail.com> wrote:
>
>                                 We have 3 CUCM 7.0 servers and only
>                                 one Unity Connection 7.0 server.
>
>                                 We use a load balancer for IP Phone
>                                 services redundancy. There is no
>                                 integration with any third party
>                                 components. When I check our UC
>                                 system, I found out that DNS client
>                                 service is enabled on both CUCM and
>                                 Unity servers which I don’t quite
>                                 understand why is needed. The Services
>                                 URL on CUCM is pointing to load
>                                 balancer IP. Would there be any other
>                                 reason we have to enable DNS client on
>                                 CUCM and Unity server? Also is there a
>                                 load impact by enabling DNS client
>                                 service?
>
>                                  
>
>                                 Thank you.
>
>                                 ------------------------------------------------------------------------
>
>                                 _______________________________________________
>                                 cisco-voip mailing list
>                                 cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net>
>                                 https://puck.nether.net/mailman/listinfo/cisco-voip
>                                   
>
>
>
>                             _______________________________________________
>                             cisco-voip mailing list
>                             cisco-voip at puck.nether.net
>                             <mailto:cisco-voip at puck.nether.net>
>                             https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>
>                         -- 
>                         Ed Leatherman
>
>
>
>                     _______________________________________________
>                     cisco-voip mailing list cisco-voip at puck.nether.net
>                     https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20090928/1ba2b7ff/attachment.html>


More information about the cisco-voip mailing list