[cisco-voip] jabber dual domain question

Erick Wellnitz ewellnitzvoip at gmail.com
Sun Apr 12 18:30:24 EDT 2015 

I've been labbing this up today and was interested in figuring out what the
difference is between dnscmd, powershell and the GUI because my 2012 R2 box
gave me a warning that MS is going to stop supporting dnscmd in favor of
powershell,
2012 R2 din't like the @, so I used the fqdn of the
dnscmd  /recordadd _cisco-uds._tcp.xyz.com. _cisco-uds._tcp.xyz.com SRV 0 0
8443 cucm1.xyz.com

This can be replicated in powershell by tweaking the MS recommended way to
use the fqdn for the -Name parameter instead of the 'host' section of the
name _cisco-uds._tcp
First add the zone:
Add-DnsServerPrimaryZone -Name _cisc-uds._tcp.xyz -ReplicationScope Domain
Replication Scope options are Domain, Forest, or you can set up a zone file
so the zone is not AD integrated.
Add-DnsResourceRecord -Srv -ZoneName _cisco-uds._tcp.xyz.com -Name
_cisco-uds._tcp.xyz.com -DomainName cucm1.xyz.com -Port 8443 -Priority 0
-Weight 0

The GUI doesn't allow for the creation of SRVs at the root of the Zone like
the command line and power shell do.





On Fri, Apr 10, 2015 at 9:06 PM, Eric Pedersen <PedersenE at bennettjones.com>
wrote:

>  Yes that’s right, then you create @ SRV records in that zone. It looked
> a little bizarre to me.  If it’s Window DNS you’re using, you can’t do it
> with the GUI; you need to use dnscmd.  Someone kindly posted this in the
> Collaboration CCP forum:
>
>
>
> dnscmd . /zoneadd _cisco-uds._tcp.xyz.com. /dsprimary
>
> dnscmd . /recordadd _cisco-uds._tcp.xyz.com. @ SRV 0 0 8443 cucm1.xyz.com
>
> dnscmd . /recordadd _cisco-uds._tcp.xyz.com. @ SRV 0 0 8443 cucm2.xyz.com
>
>
>
>
>
>
>
> *From:* Erick Wellnitz [mailto:ewellnitzvoip at gmail.com]
> *Sent:* 10 April 2015 9:24 AM
> *To:* Eric Pedersen
> *Cc:* Anthony Holloway; cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] jabber dual domain question
>
>
>
> Okay, the bulb is getting a little brighter...
>
>
>
> So, if I understand what you're saying, create _cisco-uds._tcp.xyz.com as
> a zone then create the SRV under that?
>
>
>
> On Fri, Apr 10, 2015 at 8:45 AM, Eric Pedersen <PedersenE at bennettjones.com>
> wrote:
>
> I was told by a Cisco engineer that cisco-internal is no longer supported
> and it didn’t work for us after we enabled MRA. I think the pinpoint
> subdomain being referred to now is creating the _*cisco-uds.*_tcp SRV
> record as a domain on your internal DNS server. That works perfectly.
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Erick Wellnitz
> *Sent:* 10 April 2015 8:32 AM
> *To:* Anthony Holloway
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] jabber dual domain question
>
>
>
> I'm seeing the 10.6.2 client query for _cisco-uds._tcp.xyz.com,
> _cuplogin._tcp.xyz.com...then _collab-edge._tls.xyz.com
>
>
>
>
>
> I don't see a query for cisco-internal.xyz.com
>
>
>
>
>
>
>
> On Fri, Apr 10, 2015 at 8:09 AM, Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
> According to the document you linked, Jabber will first perform this query:
>
> _cisco-uds._tcp.xyz.com
>
>
>
> If nothing comes back, then it will try:
>
>
>
> _cisco-uds._tcp.cisco-internal.xyz.com
>
>
>
> Therefore, the pinpoint subdomain you are creating is:
> cisco-internal.xyz.com on your internal DNS server.  This alleviates your
> need to host xyz.com (the parent domain) on your internal DNS, where it
> would become authoritative and require you to enter every external DNS
> entry into your internal DNS server.
>
>
>
> Excerpt from Jabber DNS Guide, modified to fit your example:
>
>
>
> *When the client queries the name server for SRV records, it issues
> additional queries if the name server does not return _cisco-uds or
> _cuplogin.*
>
>
>
> *The additional queries check for the cisco-internal.xyz.com
> <http://cisco-internal.xyz.com> pinpoint subdomain zone.*
>
>
>
> *For example, Adam McKenzie's services domain is xyz.com <http://xyz.com>
> when he starts the client. The client then issues the following query:*
>
> *_cisco-uds._tcp.xyz.com <http://tcp.xyz.com>*
>
> *_cuplogin._tcp.xyz.com <http://tcp.xyz.com>*
>
> *_collab-edge._tls.xyz.com <http://tls.xyz.com>*
>
>
>
> *If the name server does not return _cisco-uds or _cuplogin SRV records,
> the client then issues the following query:*
>
> *_cisco-uds._tcp.cisco-internal.xyz.com
> <http://tcp.cisco-internal.xyz.com>*
>
> *_cuplogin._tcp.cisco-internal.xyz.com <http://tcp.cisco-internal.xyz.com>*
>
>
>
> On Fri, Apr 10, 2015 at 9:02 AM Erick Wellnitz <ewellnitzvoip at gmail.com>
> wrote:
>
> I understand how to create a pinpoint zone but I'm trying to understand
> how to create the SRV records for Jabber service discovery  based on this
> example.  Do they just get created like:
>
> Jabber1.xyz.com zone
> Create _cisco-uds._tcp.xyz.com under this or will that not give expected
> behvior?
>
> On Apr 10, 2015 4:42 AM, "Justin Steinberg" <jsteinberg at gmail.com> wrote:
>
> This is more of a feature of DNS than jabber.
>
> See if this blog article helps.
>
> http://exchangenerd.com/2014/03/pin-point-dns-split-dns-alternative/
>
> On Apr 10, 2015 12:05 AM, "Erick Wellnitz" <ewellnitzvoip at gmail.com>
> wrote:
>
> The 10.6 planning guide makes mention of it but only a one liner.
>
> On Apr 9, 2015 9:33 PM, "Anthony Holloway" <
> avholloway+cisco-voip at gmail.com> wrote:
>
> I don't have anything to indicate that it is, or isn't still supported,
> but I would guess that it would be until we hear an officially announcement
> and that document get's updated.
>
>
>
> I might just fire this up in dCloud and take it for a test drive tomorrow.
>
>
>
> Another thing to consider is Jabber via MRA and trying to sign your inside
> host certs with a public CA.  In November of this year (2015), that goes
> away.
>
>
>
> https://www.digicert.com/internal-names.htm
>
>
>
> If you would have had .com externally, and .net internally, then the cert
> thing doesn't matter, and your question still stands.  So, again, I'll see
> if I can lab it up tomorrow with the latest version of Jabber.
>
>
>
> On Thu, Apr 9, 2015 at 8:54 PM Erick Wellnitz <ewellnitzvoip at gmail.com>
> wrote:
>
> Jabber 10.6.2
>
>
>
> I have an internal domain (xyz.com) and an internal domain (xyx.local)
>
>
>
> Is the pinpoint subdomain still supported in Jabber 10.6?  If not, what
> are the ramifications to adding xyz.com zone to my internal DNS servers?
>
>
>
>  The last update of the DNS guide was a year ago.
>
>
>
>
> http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide_chapter_010.html#CJAB_TK_UEAD61BF_00
>
>
>
>
> Thanks!
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>
>
> The contents of this message may contain confidential and/or privileged
> subject matter. If this message has been received in error, please contact
> the sender and delete all copies. Like other forms of communication, e-mail
> communications may be vulnerable to interception by unauthorized parties.
> If you do not wish us to communicate with you by e-mail, please notify us
> at your earliest convenience. In the absence of such notification, your
> consent is assumed. Should you choose to allow us to communicate by e-mail,
> we will not take any additional security measures (such as encryption)
> unless specifically requested.
>
> If you no longer wish to receive commercial messages, you can unsubscribe
> by accessing this link: http://www.bennettjones.com/unsubscribe
>
>
>
>
> The contents of this message may contain confidential and/or privileged
> subject matter. If this message has been received in error, please contact
> the sender and delete all copies. Like other forms of communication, e-mail
> communications may be vulnerable to interception by unauthorized parties.
> If you do not wish us to communicate with you by e-mail, please notify us
> at your earliest convenience. In the absence of such notification, your
> consent is assumed. Should you choose to allow us to communicate by e-mail,
> we will not take any additional security measures (such as encryption)
> unless specifically requested.
>
> If you no longer wish to receive commercial messages, you can unsubscribe
> by accessing this link: http://www.bennettjones.com/unsubscribe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150412/7ccb1452/attachment.html>

More information about the cisco-voip mailing list