locked
Internal & External SRV records RRS feed

  • Question

  • Hello,

     

    My setup is as follows:

    -- Forest root (foo.com)

    -- 1 child domain (child.foo.com) where OCS EE has been deployed.

    -- _sipinternaltls._tcp.foo.com that points to pool01.child.foo.com

    -- Internal clients are using sip domain, foo.com.

     

    The SRV record in foo.com is accesible externally. That is, external OCS clients can query this record and connect to OCS, but cannot download Address Book files. I know that I need Edge/ISA for external access. 

     

    Is there a way to prevent external user access to OCS in this configuration?

     

    Thank you very much,

     

    BT

    Monday, January 21, 2008 9:00 PM

Answers

  • If split-DNS is not an option, then you can use the Manual Configuration and set the internal clients configuration via GPO.  Not ideal, but Automatic Configuration really wants a proper DNS setup.

    Tuesday, January 22, 2008 2:28 AM
    Moderator

All replies

  • You need to use a split-brain DNS setup. Instead of pointing internal clients at the external DNS server create a version of the external zone name internally. That way you won't need to publish your SRV records to the public/external DNS server.
    Monday, January 21, 2008 9:21 PM
  • If split-DNS is not an option, then you can use the Manual Configuration and set the internal clients configuration via GPO.  Not ideal, but Automatic Configuration really wants a proper DNS setup.

    Tuesday, January 22, 2008 2:28 AM
    Moderator
  •  

    Thank you very much.

     

    What if the traffic from outside to the front end servers are blocked by the firewall and/or router? Would this impact any external user access and/or PIC users?

     

    BT

    Tuesday, January 22, 2008 8:52 PM
  • Normally the Front-End server is not accessible form the Internet anyways, and External and Fed/PIC access would be configured on an Edge server.

    Tuesday, January 22, 2008 9:26 PM
    Moderator
  • Thank you.

     

    Saturday, January 26, 2008 10:29 PM