I think it's a combination of many factors. Mainly historical and technical. Our DNS servers had been running on *nix bind servers since the early 90s. We only recently moved to appliances that I believe are still using bind under the covers. Our servers and services have typically been open all the time. We're slowly moving away from that model with a new focus on security as you suggest. But it's difficult to back a change when only one feature requires it.
We'll have to see how it goes. Sent from my iPhone > On Jun 19, 2015, at 8:03 AM, Matthew Loraditch > <mloradi...@heliontechnologies.com> wrote: > > I’m honestly surprised security rules allow this. Then again sounds like you > both use BIND instead of AD, probably a result of the same EDUness you > mention. Interesting, have fun with those projects, sounds crazy. > > Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA > Network Engineer > Direct Voice: 443.541.1518 > > Facebook | Twitter | LinkedIn | G+ > > From: Lelio Fulgenzi [mailto:le...@uoguelph.ca] > Sent: Friday, June 19, 2015 7:59 AM > To: Matthew Loraditch > Cc: Ed Leatherman; Cisco VOIP > Subject: Re: [cisco-voip] Expressway ?'s > > That's correct. We've not had a need to separate them. I'm _guessing_ many > EDUs would be in a similar position. > > Sent from my iPhone > > On Jun 19, 2015, at 7:54 AM, Matthew Loraditch > <mloradi...@heliontechnologies.com> wrote: > > So this is a curiosity to me, you (Ed and Lelio) both have the same DNS > servers you use internally, publically exposed and providing the DNS results > for your domain both internal and external? > > > Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA > Network Engineer > Direct Voice: 443.541.1518 > > > Facebook | Twitter | LinkedIn | G+ > > From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ed > Leatherman > Sent: Friday, June 19, 2015 7:48 AM > To: Lelio Fulgenzi > Cc: Cisco VOIP > Subject: Re: [cisco-voip] Expressway ?'s > > I'm chasing this issue now... if palo can't filter on it I might have to > (short term) try having people use a separate domain name for external > logins, which is also ick. > > > On Thu, Jun 18, 2015 at 10:01 PM, Lelio Fulgenzi <le...@uoguelph.ca> wrote: > I really wish there was another option other than split DNS to get MRA > working from off-premise. I mean, why rely on DNS response rather than lack > of connectivity to decide which path to take? A parameter in the > jabber-config.xml file could help with that. > > Anyways, I know it's gonna be fun to use the workaround of configuring our > edge firewall to filter out DNS responses. ugh. > > --- > Lelio Fulgenzi, B.A. > Senior Analyst, Network Infrastructure > Computing and Communications Services (CCS) > University of Guelph > > 519‐824‐4120 Ext 56354 > le...@uoguelph.ca > www.uoguelph.ca/ccs > Room 037, Animal Science and Nutrition Building > Guelph, Ontario, N1G 2W1 > > From: "Charles Goldsmith" <wo...@justfamily.org> > To: "Scott Voll" <svoll.v...@gmail.com> > Cc: cisco-voip@puck.nether.net > Sent: Thursday, 18 June, 2015 7:45:14 PM > Subject: Re: [cisco-voip] Expressway ?'s > > > As said by others, license is free for the MRA part, to get the free license, > here is a handy blog entry : > https://ciscocollab.wordpress.com/2014/02/20/how-to-get-expressway-c-and-e-licenses/ > > > He also has entries on helping set it up, but it's pretty simple once you get > in and start configuring. Hard part is getting the certs, DNS and firewall > in line :) > > > On Thu, Jun 18, 2015 at 4:58 PM, Scott Voll <svoll.v...@gmail.com> wrote: > I"m still on UC 8.6. we are planning an upgrade to 10.x We currently have > DLU's for licensing and will be moving to CUWL Standard ( I think). > > How does Expressways factor into this? > > is it part of CUWL? Is there a Cost? What all can you do with Expressway. > What I believe I understand is that it can get your external voice and video > internal. does it replace my lan to lan connections to get an IP phone > registered to CM? > > Does it also do video bridging? Example. Polycom HDX unit, cisco SX20, > jabber and skype all in a single call? > > TIA > > Scott > > > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > > _______________________________________________ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > > > > -- > Ed Leatherman
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip