locked
SIP Domain RRS feed

  • Question

  • We have an internal domain name that differs from our public domain name. I was wondering if it is best to setup the sip domain for the internal or external domain name or both and if there is any guidance on setting this up.

     

    Thank you in advance.

     

    Monday, April 16, 2007 3:02 PM

Answers

  • You need to manage your internal and external DNS separately.  Both SRV records will resolve to mocs.corp.mycorp.com, but that FQDN will resolve to a different IP address internally than externally.

     

    Internal:

    mocs.corp.mycorp.com  172.16.1.1

     

    External

    mocs.corp.mycorp.com  x.x.x.x

     

    If you are doing this in a lab, you will either need to install DNS on a server in your DMZ or use hosts files on your external clients.

    Friday, April 20, 2007 1:37 PM

All replies

  •  I would use something like email addresses for your sip addresses and sip domain.

     

    Do you plan on using external access? , you can add sip domains from the Global properties in the snap in, then the general tab, and add it there.
    Monday, April 16, 2007 5:32 PM
  • Yes, we do plan to have external access.

     

    I see that I can add sip domains but would it be better to have one, say our external domain, and use it internally as well, or to have two, one for internal use and one for external use?

     

    Also, doesn't having multiple SIP domaind require additional DNS and other configuration?

    Monday, April 16, 2007 7:50 PM
  • Any given user can only have one SIP address.  Since you're going to use external access, it's best to configure and use the external domain for your SIP addresses.

     

    Z

    Tuesday, April 17, 2007 11:24 PM
    Moderator
  • is there any documentation about the best practice for a deployment because the documents i have don't explain it deeply enough.

     

    Thursday, April 19, 2007 2:01 PM
  •  

    I agree, I'm too a little bit confused with sip domains. Her is an exemple topology :

     

    External domain (email, web...) is mycomp.com

    Internal domain is corp.mycomp.com

    Internal MOCS serveur is mocs.corp.mycomp.com

     

    So I just want my internal an external users to have a sip account matching they mail adresses (sip:user.name@mycomp.com).

    The main problem is how to configure DNS for auto-connect for both internal AND external users ? If we are using mycomp.com   sip domain, communicator client try to loockup mycomp.com domain SRV record. So should I put a SRV record on my public DNS with a internal host information (mocs.corp.mycomp.com) ???.

     

    Thanks for help.

    Friday, April 20, 2007 8:43 AM
  • You have to add the SRV record to the mycorp.com DNS zone and have it point to the mocs.corp.mycorp.com A record so that clients will connect with the proper DNS name to match the certificate on the external interface of your edge server.

     

    By the same logic, if you had 10 SIP domains, all 10 of them would need to resolve to mocs.corp.mycorp.com so they would use the proper host name to match the certificate on the external interface of the edge server.

     

    Pete

    Friday, April 20, 2007 1:09 PM
  •  

    Yes, I understand but this configuration is valid for externals users only.

     

    My Internal users are on corp.mycomp.com domain and they use [user.name]@mycomp.com to log on communicator. Problem is that internally, communicator make a DNS query on mycomp.com domain, not in corp.mycomp.com. So they will be redirected to Edge server external ip too... it's weird (and by the way impossible due to firewall routes / restrictions).

     

    I'm a little lost and the documentation seems to be beta version too....

    Friday, April 20, 2007 1:30 PM
  • You need to manage your internal and external DNS separately.  Both SRV records will resolve to mocs.corp.mycorp.com, but that FQDN will resolve to a different IP address internally than externally.

     

    Internal:

    mocs.corp.mycorp.com  172.16.1.1

     

    External

    mocs.corp.mycorp.com  x.x.x.x

     

    If you are doing this in a lab, you will either need to install DNS on a server in your DMZ or use hosts files on your external clients.

    Friday, April 20, 2007 1:37 PM
  • Peety's right, the best way to do this is via split brain DNS, where you hold separate mycorp.com zones internally and externally.  However, the external record that points to your edge server would need to be <server>.mycorp.com.  If for some reason you can't create a separate internal zone (all you have to do is add mycorp.com to your existing internal DNS server), it is possible to put all these records in the external zone.  The downfall is that you're now exposing internal server names and IP addresses to the internet.

     

    Z

    Friday, April 20, 2007 1:44 PM
    Moderator
  • Also, the internal mocs.corp.mycorp.com should point to your pool FQDN, not to the internal interface of the edge server.
    Friday, April 20, 2007 1:45 PM