Solved: VCSE and SRV records

faghouri83 · ‎02-16-2014

Hi Everyone

I have a general query about SRV records and just need a bit of clarification. I have a customer who has registered a domain for their VCS express, (tp.example.com). When I do a dns lookup it brings back the correct public ip address of the vcse. Now I will be confuring this system shortly however I dont know anything about SRV records.

Do I have to get the customer to forward the relevant SRV records to their ISP for their external dns host?

Also the customers public domain is the same as their internal domain. Im guessing the exact SRV records need to be added to their internal DNS server too?

Thanks for your help

p.s If there is a good guide on adding srv files etc then ide appreciate it if you could forward me the link. Thanks again

Martin Koch · ‎02-16-2014

As we do not know your deployment its hard to say, Like if you have a cluster internally

you should use SRV records to register clients to allow failover. But that would most likely be

some additional DNS entries and not neccessary the same ones than on the outside.

If systems are registered internally they can work fine with no SRV record for the video domain.

For external connectivity SRV records are more important.

If you have a provider handling the external DNS entries this is the one to ask to set up

the SRV records.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

View solution in original post

Martin Koch · ‎02-16-2014

As we do not know your deployment its hard to say, Like if you have a cluster internally

you should use SRV records to register clients to allow failover. But that would most likely be

some additional DNS entries and not neccessary the same ones than on the outside.

If systems are registered internally they can work fine with no SRV record for the video domain.

For external connectivity SRV records are more important.

If you have a provider handling the external DNS entries this is the one to ask to set up

the SRV records.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

faghouri83 · ‎02-18-2014

Thanks for the reply Martin. Ive advised the customer to get in touch with their ISP to get the SRV records added.

juriss · ‎02-18-2014

My internal DNS folks were a great help setting our SRV records up... and helping educate me a bit on how they work

I now know enough to know what I want and to be dangerous

Standard DNS "A" records are pretty easy to look at with the nslookup command, however I struggeled with the the command line options to use nslookup for SRV records..

Someone recommend http://digwebinterface.com/ and oncce I figured out how the site worked, I was able to lookup and see our SRV records easily

In the VCS X7.2.2 web interface there is also a DNS lookup function...

Maintenace/Tools/Networkutilities/DNS lookup

If you go there and enter Cisco.com or Tandberg.com and then select SRV records from the pull down you can see what SRV records are out there...

I also think there is more than 1 right answer... especially when there are multiple VCS-Expressways and at multiple sites. I think at the time I gave my internal DNS folks a screenshot of how the public Cisco/Tandberg records were setup and they better understood what I wanted.

There are lots of posts on the forum that talk about SIP based attacks to try to access ISDN gateways for Toll Fraud, we killed alot of those attempts by disabling SIP UDP... in retro, I probably would no ask that the SIP UDP SRV records be published, since they are off in the VCS-E...

Security folks indicated that UDP traffic is easly spoofed and that is why the attacks are UDP based

Good Luck

faghouri83 · ‎02-21-2014

Hi

Thanks for that

Ive just used to the website to do an srv record lookup and it doesnt look as though they're set up. It does point to the correct ip address though. Do you think I can still get video calls working using the domain name to call without the srv records?

Jens Didriksen · ‎02-22-2014

If the external sites support DNS A record lookup, then yes, if not, then no.

In that case they can still connect using Alias@VCS-E_IP_address.

(You might have to configure appropriate transform and search rules to cover this option, unless already in place.)

But external SRV records should really be in place for both H.323 and SIP.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

juriss · ‎02-24-2014

I agree with Jens above...

I believe that the originating system should try to lookup/use the SRV record first, then fall back to the A Record, this behavior will vary greatlky based on vendor and software version.

When we test external IP connected systems, here is the general process we perform:

#1 - Have the external party dial Alias@domain e.g. 123456@abc.com

(If this works, they can reach all of our endpoints and dial in to any of bridge calls.... no further testing needed)

If the above fails

#2 - Have them dial the IP address of the VCS-Expressway (This is H.323 only)

We have the fallback alias set for one of out systems in our support center

If this works, at least you know they are reaching you and if you have 2 way audio/video and there is no FW issue

#3 - If the above works, we have them dial alias@ipaddress e.g. 123456@111.111.111.111

This is like #1 above but without the DNS lookup for the domain

If this works, we at least narrowed the issue to DNS domain resolution, they can dial this way if they want or fix the
DNS issue

Most of our external calls are H.323, there are lots of accepatble dial plans for H.323

but we have seen some that come in SIP, in my experience I have seen less one-way video when using SIP

I have also leaned that an endpoint calling to our VCS-Expressway will connect differenly than an endpoint behind a proxy (e.g.Gatekeeper/VCS) the port used are differant

Have you used

http://vtctest.pointsofdata.com/