<div dir="ltr"><div>I've been labbing this up today and was interested in figuring out what the difference is between dnscmd, powershell and the GUI because my 2012 R2 box gave me a warning that MS is going to stop supporting dnscmd in favor of powershell,</div><div>2012 R2 din't like the @, so I used the fqdn of the </div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">dnscmd /recordadd _cisco-uds._<a href="http://tcp.xyz.com/" target="_blank">tcp.xyz.com</a>. _cisco-uds._<a href="http://tcp.xyz.com">tcp.xyz.com</a> SRV 0 0 8443 <a href="http://cucm1.xyz.com/" target="_blank">cucm1.xyz.com</a></span></div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"><br></span></div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">This can be replicated in powershell by tweaking the MS recommended way to use the fqdn for the -Name parameter instead of the 'host' section of the name _cisco-uds._tcp</span></div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">First add the zone:</span></div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">Add-DnsServerPrimaryZone -Name _cisc-uds._tcp.xyz -ReplicationScope Domain</span></div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">Replication Scope options are Domain, Forest, or you can set up a zone file so the zone is not AD integrated.</span></div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">Add-DnsResourceRecord -Srv -ZoneName _cisco-uds._<a href="http://tcp.xyz.com">tcp.xyz.com</a> -Name _cisco-uds._<a href="http://tcp.xyz.com">tcp.xyz.com</a> -DomainName <a href="http://cucm1.xyz.com">cucm1.xyz.com</a> -Port 8443 -Priority 0 -Weight 0</span></div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"><br></span></div><div><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">The GUI doesn't allow for the creation of SRVs at the root of the Zone like the command line and power shell do.</span></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Apr 10, 2015 at 9:06 PM, Eric Pedersen <span dir="ltr"><<a href="mailto:PedersenE@bennettjones.com" target="_blank">PedersenE@bennettjones.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">Yes that’s right, then you create @ SRV records in that zone. It looked a little bizarre to me. If it’s Window DNS you’re using, you can’t do it with the GUI;
you need to use dnscmd. Someone kindly posted this in the Collaboration CCP forum:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">dnscmd . /zoneadd _cisco-uds._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a>. /dsprimary<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">dnscmd . /recordadd _cisco-uds._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a>. @ SRV 0 0 8443 <a href="http://cucm1.xyz.com" target="_blank">cucm1.xyz.com</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">dnscmd . /recordadd _cisco-uds._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a>. @ SRV 0 0 8443 <a href="http://cucm2.xyz.com" target="_blank">cucm2.xyz.com</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"><u></u> <u></u></span></p>
<div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(181,196,223) currentColor currentColor;padding:3pt 0in 0in">
<p class="MsoNormal"><b><span style="font-family:"Tahoma","sans-serif";font-size:10pt">From:</span></b><span style="font-family:"Tahoma","sans-serif";font-size:10pt"> Erick Wellnitz [mailto:<a href="mailto:ewellnitzvoip@gmail.com" target="_blank">ewellnitzvoip@gmail.com</a>]
<br>
<b>Sent:</b> 10 April 2015 9:24 AM<br>
<b>To:</b> Eric Pedersen<br>
<b>Cc:</b> Anthony Holloway; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] jabber dual domain question<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Okay, the bulb is getting a little brighter...<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">So, if I understand what you're saying, create _cisco-uds._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a>
as a zone then create the SRV under that? <u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Fri, Apr 10, 2015 at 8:45 AM, Eric Pedersen <<a href="mailto:PedersenE@bennettjones.com" target="_blank">PedersenE@bennettjones.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt">I was told by a Cisco engineer that cisco-internal is no longer supported and it didn’t work for
us after we enabled MRA. I think the pinpoint subdomain being referred to now is creating the _<i>cisco-uds.</i>_tcp SRV record as a domain on your internal DNS server. That works perfectly.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="color:rgb(31,73,125);font-family:"Calibri","sans-serif";font-size:11pt"> </span><u></u><u></u></p>
<div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(181,196,223) currentColor currentColor;padding:3pt 0in 0in">
<p class="MsoNormal"><b><span style="font-family:"Tahoma","sans-serif";font-size:10pt">From:</span></b><span style="font-family:"Tahoma","sans-serif";font-size:10pt"> cisco-voip [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Erick Wellnitz<br>
<b>Sent:</b> 10 April 2015 8:32 AM<br>
<b>To:</b> Anthony Holloway<br>
<b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] jabber dual domain question</span><u></u><u></u></p>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">I'm seeing the 10.6.2 client query for _cisco-uds._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a>,
_cuplogin._tcp.xyz.com...then _collab-edge._<a href="http://tls.xyz.com" target="_blank">tls.xyz.com</a><u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I don't see a query for
<a href="http://cisco-internal.xyz.com" target="_blank">
cisco-internal.xyz.com</a><u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On Fri, Apr 10, 2015 at 8:09 AM, Anthony Holloway <<a href="mailto:avholloway+cisco-voip@gmail.com" target="_blank">avholloway+cisco-voip@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal">According to the document you linked, Jabber will first perform this query:<br>
<br>
_cisco-uds._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a><u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">If nothing comes back, then it will try:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">_cisco-uds._<a href="http://tcp.cisco-internal.xyz.com" target="_blank">tcp.cisco-internal.xyz.com</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Therefore, the pinpoint subdomain you are creating is:
<a href="http://cisco-internal.xyz.com" target="_blank">
cisco-internal.xyz.com</a> on your internal DNS server. This alleviates your need to host
<a href="http://xyz.com" target="_blank">
xyz.com</a> (the parent domain) on your internal DNS, where it would become authoritative and require you to enter every external DNS entry into your internal DNS server.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Excerpt from Jabber DNS Guide, modified to fit your example:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><i>When the client queries the name server for SRV records, it issues additional queries if the name server does not return _cisco-uds or _cuplogin.</i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>The additional queries check for the
<a href="http://cisco-internal.xyz.com" target="_blank">
cisco-internal.xyz.com</a> pinpoint subdomain zone.</i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>For example, Adam McKenzie's services domain is
<a href="http://xyz.com" target="_blank">
xyz.com</a> when he starts the client. The client then issues the following query:</i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>_cisco-uds._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a></i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>_cuplogin._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a></i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>_collab-edge._<a href="http://tls.xyz.com" target="_blank">tls.xyz.com</a></i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>If the name server does not return _cisco-uds or _cuplogin SRV records, the client then issues the following query:</i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>_cisco-uds._<a href="http://tcp.cisco-internal.xyz.com" target="_blank">tcp.cisco-internal.xyz.com</a></i><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><i>_cuplogin._<a href="http://tcp.cisco-internal.xyz.com" target="_blank">tcp.cisco-internal.xyz.com</a></i><u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On Fri, Apr 10, 2015 at 9:02 AM Erick Wellnitz <<a href="mailto:ewellnitzvoip@gmail.com" target="_blank">ewellnitzvoip@gmail.com</a>> wrote:<u></u><u></u></p>
<p>I understand how to create a pinpoint zone but I'm trying to understand how to create the SRV records for Jabber service discovery based on this example. Do they just get created like:<u></u><u></u></p>
<p><a href="http://Jabber1.xyz.com" target="_blank">Jabber1.xyz.com</a>
zone<br>
Create _cisco-uds._<a href="http://tcp.xyz.com" target="_blank">tcp.xyz.com</a>
under this or will that not give expected behvior?<u></u><u></u></p>
<div>
<p class="MsoNormal">On Apr 10, 2015 4:42 AM, "Justin Steinberg" <<a href="mailto:jsteinberg@gmail.com" target="_blank">jsteinberg@gmail.com</a>> wrote:<u></u><u></u></p>
<p>This is more of a feature of DNS than jabber. <u></u><u></u></p>
<p>See if this blog article helps.<u></u><u></u></p>
<p><a href="http://exchangenerd.com/2014/03/pin-point-dns-split-dns-alternative/" target="_blank">http://exchangenerd.com/2014/03/pin-point-dns-split-dns-alternative/</a><u></u><u></u></p>
<div>
<p class="MsoNormal">On Apr 10, 2015 12:05 AM, "Erick Wellnitz" <<a href="mailto:ewellnitzvoip@gmail.com" target="_blank">ewellnitzvoip@gmail.com</a>> wrote:<u></u><u></u></p>
<p>The 10.6 planning guide makes mention of it but only a one liner.<u></u><u></u></p>
<div>
<p class="MsoNormal">On Apr 9, 2015 9:33 PM, "Anthony Holloway" <<a href="mailto:avholloway%2Bcisco-voip@gmail.com" target="_blank">avholloway+cisco-voip@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal">I don't have anything to indicate that it is, or isn't still supported, but I would guess that it would be until we hear an officially announcement and that document get's updated.<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I might just fire this up in dCloud and take it for a test drive tomorrow.<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Another thing to consider is Jabber via MRA and trying to sign your inside host certs with a public CA. In November of this year (2015), that goes away.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="https://www.digicert.com/internal-names.htm" target="_blank">https://www.digicert.com/internal-names.htm</a><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">If you would have had .com externally, and .net internally, then the cert thing doesn't matter, and your question still stands. So, again, I'll see if I can lab it up tomorrow
with the latest version of Jabber.<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On Thu, Apr 9, 2015 at 8:54 PM Erick Wellnitz <<a href="mailto:ewellnitzvoip@gmail.com" target="_blank">ewellnitzvoip@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal">Jabber 10.6.2<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I have an internal domain (<a href="http://xyz.com" target="_blank">xyz.com</a>)
and an internal domain (xyx.local)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Is the pinpoint subdomain still supported in Jabber 10.6? If not, what are the ramifications to adding
<a href="http://xyz.com" target="_blank">
xyz.com</a> zone to my internal DNS servers?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> The last update of the DNS guide was a year ago.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide_chapter_010.html#CJAB_TK_UEAD61BF_00" target="_blank">http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide_chapter_010.html#CJAB_TK_UEAD61BF_00</a>
<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks!<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12pt"><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><br>
<br>
The contents of this message may contain confidential and/or privileged subject matter. If this message has been received in error, please contact the sender and delete all copies. Like other forms of communication, e-mail communications may be vulnerable to
interception by unauthorized parties. If you do not wish us to communicate with you by e-mail, please notify us at your earliest convenience. In the absence of such notification, your consent is assumed. Should you choose to allow us to communicate by e-mail,
we will not take any additional security measures (such as encryption) unless specifically requested.
<br>
<br>
If you no longer wish to receive commercial messages, you can unsubscribe by accessing this link:
<a href="http://www.bennettjones.com/unsubscribe" target="_blank">
http://www.bennettjones.com/unsubscribe</a> <u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>
<br>
The contents of this message may contain confidential and/or privileged
subject matter. If this message has been received in error, please contact
the sender and delete all copies. Like other forms of communication,
e-mail communications may be vulnerable to interception by unauthorized
parties. If you do not wish us to communicate with you by e-mail, please
notify us at your earliest convenience. In the absence of such
notification, your consent is assumed. Should you choose to allow us to
communicate by e-mail, we will not take any additional security measures
(such as encryption) unless specifically requested.
<br>
<br>
If you no longer wish to receive commercial messages, you can unsubscribe
by accessing this link: <a href="http://www.bennettjones.com/unsubscribe" target="_blank">http://www.bennettjones.com/unsubscribe</a>
</div>
</blockquote></div><br></div>