locked
Multiple A records to same IP RRS feed

  • Question

  •  

    Hello!

    Is there any one that have noticed any problems regarding multiple SIP fqdn's pointing to the same ip address. I'm thinking if it will be a problem with reverse lookup?

     

     

    Monday, June 23, 2008 8:23 AM

All replies

  • I'm not sure what you mean by a SIP FQDN - If you mean the part of a SIP URI that's after the @ then that is not a problem at all.  It is not unusual at all to find an organization support multiple SIP domains on single server.  When would a reverse IP lookup be required for OCS functionality?

    Monday, June 23, 2008 6:32 PM
  • Hi Steven,

    I don't know of a reason of reverse lookup beeing used, that's the reason for asking, to be sure before we start adding all dns records

     

    Thanks,

    H

     

    Monday, June 23, 2008 8:56 PM
  •  

    All communications in OCS are (or at least can be) secured through certificates so communications between servers and clients are based on FQDN since there are no IP addresses in the certs. It is safe to say that reverse DNS look-ups are irrelevant to OCS functionality.

    Monday, June 23, 2008 9:35 PM
  •  HenrikR wrote:

     

    Hello!

    Is there any one that have noticed any problems regarding multiple SIP fqdn's pointing to the same ip address. I'm thinking if it will be a problem with reverse lookup?

     

    Regrds

    HenrikR

     

    Is there a reasons you want to use multiple A records instead of a single A record and then CNAME alias records for the other entries?  Creating multiple A records for the same IP address is poor basic DNS practice, and I would avoid it if at all possible.

     

    Regardless of how the OCS documentation states it, you can use either A or CNAME records for the standard SIP domain names.  I've pointed out before that I wish the documentation didn't call out A records specifically as it can be a bit misleading that it might be some type of requirements.

     

    Keep in mind this doesn't apply to SRV records, which are a different animal.  I'm just talking about standard name-to-IP hostname resolution, nothing related to port/service definitions.

    Monday, June 23, 2008 10:23 PM
    Moderator
  • Well, then a good question might be whether multiple SIP namespaces could use CNAME entries (instead of A records) for the SRV records to point to.

     

    Something like that:

     

    SRV: _sip._tls.contoso.com --> ocs.contoso.com:5061

    SRV: _sip._tls.nwtraders.com --> ocs.nwtraders.com:5061

     

    CNAME: ocs.contoso.com --> ocs.company.com

    CNAME: ocs.nwtraders.com --> ocs.company.com

     

    A: ocs.company.com --> 10.10.10.10

     

    Will this scheme work okay?

     

    The reason for doing that is that SRV records have to resolve to the FQDN in the same DNS domain, otherwise Comunicator won't connect in the auto mode. If I specify SRV: contoso.com --> ocs.company.com, this won't work IMHO.

     

    Also, can the sip.contoso.com record (which is an alternative to using the SRV records) be a CNAME instead of A record?

    Monday, June 23, 2008 11:00 PM
  •  Jоker wrote:

    Also, can the sip.contoso.com record (which is an alternative to using the SRV records) be a CNAME instead of A record?

     

    Yes, I 've tested and documented this: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=14

     

    I used both A and CNAME records and either option worked. 

    Tuesday, June 24, 2008 1:10 AM
    Moderator
  • Cname=bad idea

     

    It isn't a supported configuration and can wreak havoc on mtls and other parts of OCS.  Stick with the A records.

     

    Tuesday, June 24, 2008 3:28 AM
  •  Mark Poulton1 wrote:

    Cname=bad idea

     

    It isn't a supported configuration and can wreak havoc on mtls and other parts of OCS.  Stick with the A records.

     

     

    So how would you stick with the A records if you have several SIP namespaces and they are different from your DNS namespace? (See my example above). Unless you create A records in each DNS zone for each SIP namespace pointing to the same IP address, you'll have to use CNAMEs, because you cannot point SRV record to a name from a different DNS zone.

    Tuesday, June 24, 2008 6:27 PM
  • You should actually create SRV records in each domain that is SIP-enabled.  The way automatic configuration works is that the domain in the user's sign-in name (e.g. user1@contoso.com) is used for resolution; the OC client would attempt to resolve the SRV records, then for sipinternal, sip, and sipexternal records in that domain.  This is one reason why it's important to have all configured SIP domains included in the certificate's SAN field.

    Thursday, June 26, 2008 5:52 PM
    Moderator
  • That's exactly what I mean. I already presented an example above. I will clarify further:

     

    Configuration 1: this will work

     

    DNS zone: contoso.com

    SRV: _sip._tls.contoso.com --> ocs.contoso.com:5061
    CNAME: ocs.contoso.com --> ocs.company.com

     

    DNS zone: nwtraders.com

    SRV: _sip._tls.nwtraders.com --> ocs.nwtraders.com:5061
    CNAME: ocs.nwtraders.com --> ocs.company.com

     

    DNS zone: company.com

    A: ocs.company.com --> 10.10.10.10

     

    Configuration 2: this will NOT work

     

    DNS zone: contoso.com

    SRV: _sip._tls.contoso.com --> ocs.company.com:5061

     

    DNS zone: nwtraders.com

    SRV: _sip._tls.nwtraders.com --> ocs.company.com:5061

     

    DNS zone: company.com

    A: ocs.company.com --> 10.10.10.10

     

    Configuration 3: this will work but breaks the reverse DNS consistency

     

    DNS zone: contoso.com

    SRV: _sip._tls.contoso.com --> ocs.contoso.com:5061
    A: ocs.contoso.com --> 10.10.10.10

     

    DNS zone: nwtraders.com

    SRV: _sip._tls.nwtraders.com --> ocs.nwtraders.com:5061
    A: ocs.nwtraders.com --> 10.10.10.10

     

    DNS zone: company.com

    A: ocs.company.com --> 10.10.10.10

     

    Friday, June 27, 2008 12:14 AM