Erick, Yes, you are absolutely correct. If you are configuring pinpoint DNS, then you have to use command line.
From: Erick Wellnitz [mailto:ewellnitzv...@gmail.com] Sent: Tuesday, April 14, 2015 12:06 PM To: Matt Slaga (AM) Cc: Eric Pedersen; cisco-voip@puck.nether.net Subject: Re: [cisco-voip] jabber dual domain question That is where the problem lies with the GUI when using the pinpoint subdomain to deal with an internal domain of .local (or any other non-public domain) and a public domain of .com, .net, .us, etc If the SRV resides in the protocol folder of the pinpoint subdomain, at least in my testing, the SRV information doesn't get returned as expected. Using PowerShell or DNSCMD were the only methods that were able to place the SRV at the root of the pinpoint subdomain which produced the expected behavior. On Mon, Apr 13, 2015 at 6:16 AM, Matt Slaga (AM) <matt.sl...@dimensiondata.com<mailto:matt.sl...@dimensiondata.com>> wrote: In the GUI, you have to create the root SRV records under the protocol folder/subdomain, in this case ‘_tcp’. [cid:image001.png@01D076B6.5E751040] From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>] On Behalf Of Erick Wellnitz Sent: Sunday, April 12, 2015 6:30 PM To: Eric Pedersen Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] jabber dual domain question I've been labbing this up today and was interested in figuring out what the difference is between dnscmd, powershell and the GUI because my 2012 R2 box gave me a warning that MS is going to stop supporting dnscmd in favor of powershell, 2012 R2 din't like the @, so I used the fqdn of the dnscmd /recordadd _cisco-uds._tcp.xyz.com<http://tcp.xyz.com/>. _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> SRV 0 0 8443 cucm1.xyz.com<http://cucm1.xyz.com/> This can be replicated in powershell by tweaking the MS recommended way to use the fqdn for the -Name parameter instead of the 'host' section of the name _cisco-uds._tcp First add the zone: Add-DnsServerPrimaryZone -Name _cisc-uds._tcp.xyz -ReplicationScope Domain Replication Scope options are Domain, Forest, or you can set up a zone file so the zone is not AD integrated. Add-DnsResourceRecord -Srv -ZoneName _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> -Name _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> -DomainName cucm1.xyz.com<http://cucm1.xyz.com> -Port 8443 -Priority 0 -Weight 0 The GUI doesn't allow for the creation of SRVs at the root of the Zone like the command line and power shell do. On Fri, Apr 10, 2015 at 9:06 PM, Eric Pedersen <peders...@bennettjones.com<mailto:peders...@bennettjones.com>> wrote: Yes that’s right, then you create @ SRV records in that zone. It looked a little bizarre to me. If it’s Window DNS you’re using, you can’t do it with the GUI; you need to use dnscmd. Someone kindly posted this in the Collaboration CCP forum: dnscmd . /zoneadd _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>. /dsprimary dnscmd . /recordadd _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>. @ SRV 0 0 8443 cucm1.xyz.com<http://cucm1.xyz.com> dnscmd . /recordadd _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>. @ SRV 0 0 8443 cucm2.xyz.com<http://cucm2.xyz.com> From: Erick Wellnitz [mailto:ewellnitzv...@gmail.com<mailto:ewellnitzv...@gmail.com>] Sent: 10 April 2015 9:24 AM To: Eric Pedersen Cc: Anthony Holloway; cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] jabber dual domain question Okay, the bulb is getting a little brighter... So, if I understand what you're saying, create _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> as a zone then create the SRV under that? On Fri, Apr 10, 2015 at 8:45 AM, Eric Pedersen <peders...@bennettjones.com<mailto:peders...@bennettjones.com>> wrote: I was told by a Cisco engineer that cisco-internal is no longer supported and it didn’t work for us after we enabled MRA. I think the pinpoint subdomain being referred to now is creating the _cisco-uds._tcp SRV record as a domain on your internal DNS server. That works perfectly. From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>] On Behalf Of Erick Wellnitz Sent: 10 April 2015 8:32 AM To: Anthony Holloway Cc: cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> Subject: Re: [cisco-voip] jabber dual domain question I'm seeing the 10.6.2 client query for _cisco-uds._tcp.xyz.com<http://tcp.xyz.com>, _cuplogin._tcp.xyz.com...then _collab-edge._tls.xyz.com<http://tls.xyz.com> I don't see a query for cisco-internal.xyz.com<http://cisco-internal.xyz.com> On Fri, Apr 10, 2015 at 8:09 AM, Anthony Holloway <avholloway+cisco-v...@gmail.com<mailto:avholloway+cisco-v...@gmail.com>> wrote: According to the document you linked, Jabber will first perform this query: _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> If nothing comes back, then it will try: _cisco-uds._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com> Therefore, the pinpoint subdomain you are creating is: cisco-internal.xyz.com<http://cisco-internal.xyz.com> on your internal DNS server. This alleviates your need to host xyz.com<http://xyz.com> (the parent domain) on your internal DNS, where it would become authoritative and require you to enter every external DNS entry into your internal DNS server. Excerpt from Jabber DNS Guide, modified to fit your example: When the client queries the name server for SRV records, it issues additional queries if the name server does not return _cisco-uds or _cuplogin. The additional queries check for the cisco-internal.xyz.com<http://cisco-internal.xyz.com> pinpoint subdomain zone. For example, Adam McKenzie's services domain is xyz.com<http://xyz.com> when he starts the client. The client then issues the following query: _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> _cuplogin._tcp.xyz.com<http://tcp.xyz.com> _collab-edge._tls.xyz.com<http://tls.xyz.com> If the name server does not return _cisco-uds or _cuplogin SRV records, the client then issues the following query: _cisco-uds._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com> _cuplogin._tcp.cisco-internal.xyz.com<http://tcp.cisco-internal.xyz.com> On Fri, Apr 10, 2015 at 9:02 AM Erick Wellnitz <ewellnitzv...@gmail.com<mailto:ewellnitzv...@gmail.com>> wrote: I understand how to create a pinpoint zone but I'm trying to understand how to create the SRV records for Jabber service discovery based on this example. Do they just get created like: Jabber1.xyz.com<http://Jabber1.xyz.com> zone Create _cisco-uds._tcp.xyz.com<http://tcp.xyz.com> under this or will that not give expected behvior? On Apr 10, 2015 4:42 AM, "Justin Steinberg" <jsteinb...@gmail.com<mailto:jsteinb...@gmail.com>> wrote: This is more of a feature of DNS than jabber. See if this blog article helps. http://exchangenerd.com/2014/03/pin-point-dns-split-dns-alternative/ On Apr 10, 2015 12:05 AM, "Erick Wellnitz" <ewellnitzv...@gmail.com<mailto:ewellnitzv...@gmail.com>> wrote: The 10.6 planning guide makes mention of it but only a one liner. On Apr 9, 2015 9:33 PM, "Anthony Holloway" <avholloway+cisco-v...@gmail.com<mailto:avholloway%2bcisco-v...@gmail.com>> wrote: I don't have anything to indicate that it is, or isn't still supported, but I would guess that it would be until we hear an officially announcement and that document get's updated. I might just fire this up in dCloud and take it for a test drive tomorrow. Another thing to consider is Jabber via MRA and trying to sign your inside host certs with a public CA. In November of this year (2015), that goes away. https://www.digicert.com/internal-names.htm If you would have had .com externally, and .net internally, then the cert thing doesn't matter, and your question still stands. So, again, I'll see if I can lab it up tomorrow with the latest version of Jabber. On Thu, Apr 9, 2015 at 8:54 PM Erick Wellnitz <ewellnitzv...@gmail.com<mailto:ewellnitzv...@gmail.com>> wrote: Jabber 10.6.2 I have an internal domain (xyz.com<http://xyz.com>) and an internal domain (xyx.local) Is the pinpoint subdomain still supported in Jabber 10.6? If not, what are the ramifications to adding xyz.com<http://xyz.com> zone to my internal DNS servers? The last update of the DNS guide was a year ago. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide/CJAB_BK_C606D8A9_00_cisco-jabber-dns-configuration-guide_chapter_010.html#CJAB_TK_UEAD61BF_00 Thanks! _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip The contents of this message may contain confidential and/or privileged subject matter. If this message has been received in error, please contact the sender and delete all copies. Like other forms of communication, e-mail communications may be vulnerable to interception by unauthorized parties. If you do not wish us to communicate with you by e-mail, please notify us at your earliest convenience. In the absence of such notification, your consent is assumed. Should you choose to allow us to communicate by e-mail, we will not take any additional security measures (such as encryption) unless specifically requested. If you no longer wish to receive commercial messages, you can unsubscribe by accessing this link: http://www.bennettjones.com/unsubscribe The contents of this message may contain confidential and/or privileged subject matter. If this message has been received in error, please contact the sender and delete all copies. Like other forms of communication, e-mail communications may be vulnerable to interception by unauthorized parties. If you do not wish us to communicate with you by e-mail, please notify us at your earliest convenience. In the absence of such notification, your consent is assumed. Should you choose to allow us to communicate by e-mail, we will not take any additional security measures (such as encryption) unless specifically requested. If you no longer wish to receive commercial messages, you can unsubscribe by accessing this link: http://www.bennettjones.com/unsubscribe itevomcid
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
