[cisco-voip] jabber dual domain question

Eric Pedersen PedersenE at bennettjones.com
Fri Apr 10 10:45:47 EDT 2015


I was told by a Cisco engineer that cisco-internal is no longer supported and it didn’t work for us after we enabled MRA. I think the pinpoint subdomain being referred to now is creating the _cisco-uds._tcp SRV record as a domain on your internal DNS server. That works perfectly.

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Erick Wellnitz
Sent: 10 April 2015 8:32 AM
To: Anthony Holloway
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] jabber dual domain question

I'm seeing the 10.6.2 client query for _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>, _cuplogin._tcp.xyz.com...then _collab-edge._tls.xyz.com<http://tls.xyz.com>


I don't see a query for cisco-internal.xyz.com<http://cisco-internal.xyz.com>



On Fri, Apr 10, 2015 at 8:09 AM, Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>> wrote:
According to the document you linked, Jabber will first perform this query:

_cisco-uds._tcp.xyz.com<http://tcp.xyz.com>

If nothing comes back, then it will try:

_cisco-uds._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com>

Therefore, the pinpoint subdomain you are creating is: cisco-internal.xyz.com<http://cisco-internal.xyz.com> on your internal DNS server.  This alleviates your need to host xyz.com<http://xyz.com> (the parent domain) on your internal DNS, where it would become authoritative and require you to enter every external DNS entry into your internal DNS server.

Excerpt from Jabber DNS Guide, modified to fit your example:

When the client queries the name server for SRV records, it issues additional queries if the name server does not return _cisco-uds or _cuplogin.

The additional queries check for the cisco-internal.xyz.com<http://cisco-internal.xyz.com> pinpoint subdomain zone.

For example, Adam McKenzie's services domain is xyz.com<http://xyz.com> when he starts the client. The client then issues the following query:
_cisco-uds._tcp.xyz.com<http://tcp.xyz.com>
_cuplogin._tcp.xyz.com<http://tcp.xyz.com>
_collab-edge._tls.xyz.com<http://tls.xyz.com>

If the name server does not return _cisco-uds or _cuplogin SRV records, the client then issues the following query:
_cisco-uds._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com>
_cuplogin._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com>

On Fri, Apr 10, 2015 at 9:02 AM Erick Wellnitz <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:

I understand how to create a pinpoint zone but I'm trying to understand how to create the SRV records for Jabber service discovery  based on this example.  Do they just get created like:

Jabber1.xyz.com<http://Jabber1.xyz.com> zone
Create _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> under this or will that not give expected behvior?
On Apr 10, 2015 4:42 AM, "Justin Steinberg" <jsteinberg at gmail.com<mailto:jsteinberg at gmail.com>> wrote:

This is more of a feature of DNS than jabber.

See if this blog article helps.

http://exchangenerd.com/2014/03/pin-point-dns-split-dns-alternative/<http://exchangenerd.com/2014/03/pin-point-dns-split-dns-alternative/>
On Apr 10, 2015 12:05 AM, "Erick Wellnitz" <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:

The 10.6 planning guide makes mention of it but only a one liner.
On Apr 9, 2015 9:33 PM, "Anthony Holloway" <avholloway+cisco-voip at gmail.com<mailto:avholloway%2Bcisco-voip at gmail.com>> wrote:
I don't have anything to indicate that it is, or isn't still supported, but I would guess that it would be until we hear an officially announcement and that document get's updated.

I might just fire this up in dCloud and take it for a test drive tomorrow.

Another thing to consider is Jabber via MRA and trying to sign your inside host certs with a public CA.  In November of this year (2015), that goes away.

https://www.digicert.com/internal-names.htm<https://www.digicert.com/internal-names.htm>

If you would have had .com externally, and .net internally, then the cert thing doesn't matter, and your question still stands.  So, again, I'll see if I can lab it up tomorrow with the latest version of Jabber.

On Thu, Apr 9, 2015 at 8:54 PM Erick Wellnitz <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:
Jabber 10.6.2

I have an internal domain (xyz.com<http://xyz.com>) and an internal domain (xyx.local)

Is the pinpoint subdomain still supported in Jabber 10.6?  If not, what are the ramifications to adding xyz.com<http://xyz.com> zone to my internal DNS servers?

 The last update of the DNS guide was a year ago.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide_chapter_010.html#CJAB_TK_UEAD61BF_00<http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide_chapter_010.html#CJAB_TK_UEAD61BF_00>

Thanks!
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://puck.nether.net/mailman/listinfo/cisco-voip>

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://puck.nether.net/mailman/listinfo/cisco-voip>
 
 
The contents of this message may contain confidential and/or privileged 
subject matter. If this message has been received in error, please contact 
the sender and delete all copies. Like other forms of communication, 
e-mail communications may be vulnerable to interception by unauthorized 
parties. If you do not wish us to communicate with you by e-mail, please 
notify us at your earliest convenience. In the absence of such 
notification, your consent is assumed. Should you choose to allow us to 
communicate by e-mail, we will not take any additional security measures 
(such as encryption) unless specifically requested. 

If you no longer wish to receive commercial messages, you can unsubscribe 
by accessing this link:  http://www.bennettjones.com/unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150410/895915d1/attachment.html>


More information about the cisco-voip mailing list