[cisco-voip] jabber dual domain question
Matt Slaga (AM)
matt.slaga at dimensiondata.com
Tue Apr 14 13:24:40 EDT 2015
Erick,
Yes, you are absolutely correct. If you are configuring pinpoint DNS, then you have to use command line.
From: Erick Wellnitz [mailto:ewellnitzvoip at gmail.com]
Sent: Tuesday, April 14, 2015 12:06 PM
To: Matt Slaga (AM)
Cc: Eric Pedersen; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] jabber dual domain question
That is where the problem lies with the GUI when using the pinpoint subdomain to deal with an internal domain of .local (or any other non-public domain) and a public domain of .com, .net, .us, etc
If the SRV resides in the protocol folder of the pinpoint subdomain, at least in my testing, the SRV information doesn't get returned as expected. Using PowerShell or DNSCMD were the only methods that were able to place the SRV at the root of the pinpoint subdomain which produced the expected behavior.
On Mon, Apr 13, 2015 at 6:16 AM, Matt Slaga (AM) <matt.slaga at dimensiondata.com<mailto:matt.slaga at dimensiondata.com>> wrote:
In the GUI, you have to create the root SRV records under the protocol folder/subdomain, in this case ‘_tcp’.
[cid:image001.png at 01D076B6.5E751040]
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Erick Wellnitz
Sent: Sunday, April 12, 2015 6:30 PM
To: Eric Pedersen
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] jabber dual domain question
I've been labbing this up today and was interested in figuring out what the difference is between dnscmd, powershell and the GUI because my 2012 R2 box gave me a warning that MS is going to stop supporting dnscmd in favor of powershell,
2012 R2 din't like the @, so I used the fqdn of the
dnscmd /recordadd _cisco-uds._tcp.xyz.com<http://tcp.xyz.com/>. _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> SRV 0 0 8443 cucm1.xyz.com<http://cucm1.xyz.com/>
This can be replicated in powershell by tweaking the MS recommended way to use the fqdn for the -Name parameter instead of the 'host' section of the name _cisco-uds._tcp
First add the zone:
Add-DnsServerPrimaryZone -Name _cisc-uds._tcp.xyz -ReplicationScope Domain
Replication Scope options are Domain, Forest, or you can set up a zone file so the zone is not AD integrated.
Add-DnsResourceRecord -Srv -ZoneName _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> -Name _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> -DomainName cucm1.xyz.com<http://cucm1.xyz.com> -Port 8443 -Priority 0 -Weight 0
The GUI doesn't allow for the creation of SRVs at the root of the Zone like the command line and power shell do.
On Fri, Apr 10, 2015 at 9:06 PM, Eric Pedersen <PedersenE at bennettjones.com<mailto:PedersenE at bennettjones.com>> wrote:
Yes that’s right, then you create @ SRV records in that zone. It looked a little bizarre to me. If it’s Window DNS you’re using, you can’t do it with the GUI; you need to use dnscmd. Someone kindly posted this in the Collaboration CCP forum:
dnscmd . /zoneadd _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>. /dsprimary
dnscmd . /recordadd _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>. @ SRV 0 0 8443 cucm1.xyz.com<http://cucm1.xyz.com>
dnscmd . /recordadd _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>. @ SRV 0 0 8443 cucm2.xyz.com<http://cucm2.xyz.com>
From: Erick Wellnitz [mailto:ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>]
Sent: 10 April 2015 9:24 AM
To: Eric Pedersen
Cc: Anthony Holloway; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] jabber dual domain question
Okay, the bulb is getting a little brighter...
So, if I understand what you're saying, create _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> as a zone then create the SRV under that?
On Fri, Apr 10, 2015 at 8:45 AM, Eric Pedersen <PedersenE at bennettjones.com<mailto:PedersenE at bennettjones.com>> wrote:
I was told by a Cisco engineer that cisco-internal is no longer supported and it didn’t work for us after we enabled MRA. I think the pinpoint subdomain being referred to now is creating the _cisco-uds._tcp SRV record as a domain on your internal DNS server. That works perfectly.
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Erick Wellnitz
Sent: 10 April 2015 8:32 AM
To: Anthony Holloway
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] jabber dual domain question
I'm seeing the 10.6.2 client query for _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>, _cuplogin._tcp.xyz.com...then _collab-edge._tls.xyz.com<http://tls.xyz.com>
I don't see a query for cisco-internal.xyz.com<http://cisco-internal.xyz.com>
On Fri, Apr 10, 2015 at 8:09 AM, Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>> wrote:
According to the document you linked, Jabber will first perform this query:
_cisco-uds._tcp.xyz.com<http://tcp.xyz.com>
If nothing comes back, then it will try:
_cisco-uds._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com>
Therefore, the pinpoint subdomain you are creating is: cisco-internal.xyz.com<http://cisco-internal.xyz.com> on your internal DNS server. This alleviates your need to host xyz.com<http://xyz.com> (the parent domain) on your internal DNS, where it would become authoritative and require you to enter every external DNS entry into your internal DNS server.
Excerpt from Jabber DNS Guide, modified to fit your example:
When the client queries the name server for SRV records, it issues additional queries if the name server does not return _cisco-uds or _cuplogin.
The additional queries check for the cisco-internal.xyz.com<http://cisco-internal.xyz.com> pinpoint subdomain zone.
For example, Adam McKenzie's services domain is xyz.com<http://xyz.com> when he starts the client. The client then issues the following query:
_cisco-uds._tcp.xyz.com<http://tcp.xyz.com>
_cuplogin._tcp.xyz.com<http://tcp.xyz.com>
_collab-edge._tls.xyz.com<http://tls.xyz.com>
If the name server does not return _cisco-uds or _cuplogin SRV records, the client then issues the following query:
_cisco-uds._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com>
_cuplogin._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com>
On Fri, Apr 10, 2015 at 9:02 AM Erick Wellnitz <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:
I understand how to create a pinpoint zone but I'm trying to understand how to create the SRV records for Jabber service discovery based on this example. Do they just get created like:
Jabber1.xyz.com<http://Jabber1.xyz.com> zone
Create _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> under this or will that not give expected behvior?
On Apr 10, 2015 4:42 AM, "Justin Steinberg" <jsteinberg at gmail.com<mailto:jsteinberg at gmail.com>> wrote:
This is more of a feature of DNS than jabber.
See if this blog article helps.
http://exchangenerd.com/2014/03/pin-point-dns-split-dns-alternative/
On Apr 10, 2015 12:05 AM, "Erick Wellnitz" <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:
The 10.6 planning guide makes mention of it but only a one liner.
On Apr 9, 2015 9:33 PM, "Anthony Holloway" <avholloway+cisco-voip at gmail.com<mailto:avholloway%2Bcisco-voip at gmail.com>> wrote:
I don't have anything to indicate that it is, or isn't still supported, but I would guess that it would be until we hear an officially announcement and that document get's updated.
I might just fire this up in dCloud and take it for a test drive tomorrow.
Another thing to consider is Jabber via MRA and trying to sign your inside host certs with a public CA. In November of this year (2015), that goes away.
https://www.digicert.com/internal-names.htm
If you would have had .com externally, and .net internally, then the cert thing doesn't matter, and your question still stands. So, again, I'll see if I can lab it up tomorrow with the latest version of Jabber.
On Thu, Apr 9, 2015 at 8:54 PM Erick Wellnitz <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:
Jabber 10.6.2
I have an internal domain (xyz.com<http://xyz.com>) and an internal domain (xyx.local)
Is the pinpoint subdomain still supported in Jabber 10.6? If not, what are the ramifications to adding xyz.com<http://xyz.com> zone to my internal DNS servers?
The last update of the DNS guide was a year ago.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide_chapter_010.html#CJAB_TK_UEAD61BF_00
Thanks!
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
The contents of this message may contain confidential and/or privileged subject matter. If this message has been received in error, please contact the sender and delete all copies. Like other forms of communication, e-mail communications may be vulnerable to interception by unauthorized parties. If you do not wish us to communicate with you by e-mail, please notify us at your earliest convenience. In the absence of such notification, your consent is assumed. Should you choose to allow us to communicate by e-mail, we will not take any additional security measures (such as encryption) unless specifically requested.
If you no longer wish to receive commercial messages, you can unsubscribe by accessing this link: http://www.bennettjones.com/unsubscribe
The contents of this message may contain confidential and/or privileged subject matter. If this message has been received in error, please contact the sender and delete all copies. Like other forms of communication, e-mail communications may be vulnerable to interception by unauthorized parties. If you do not wish us to communicate with you by e-mail, please notify us at your earliest convenience. In the absence of such notification, your consent is assumed. Should you choose to allow us to communicate by e-mail, we will not take any additional security measures (such as encryption) unless specifically requested.
If you no longer wish to receive commercial messages, you can unsubscribe by accessing this link: http://www.bennettjones.com/unsubscribe
itevomcid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150414/d315fec1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 27405 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150414/d315fec1/attachment.png>
More information about the cisco-voip
mailing list