Author Topic: Split DNS  (Read 2897 times)

Online johnp

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2202
  • Country: us
  • Karma: +66/-0
    • View Profile
Split DNS
« on: December 23, 2013, 06:31:59 PM »
I have a customer who may have an issue with getting split dns working external. With that said, has anyone got UCA working externally via ip address? I would figure that the web proxy would need to be bypassed and an external address would need to point to the uca/mas directly.

I do have a few scripts that will let me add the external address as a subject alternate for the cert.

I also know that such a setup likely wouldn't be officially supported. ;-)

Thanks for any insight


Offline dilkie

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 344
  • Karma: +11/-0
    • View Profile
Re: Split DNS
« Reply #1 on: December 23, 2013, 07:27:47 PM »
are you sure it's a good idea to expose your customer to the security risks associated with what you are attempting? The design Mitel has is for a reason, it isn't just cobbled together.

Offline Navarre

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-1
    • View Profile
Re: Split DNS
« Reply #2 on: December 23, 2013, 09:19:50 PM »
If they can't get split DNS working, then they're likely more trouble than they're worth. Hard coding iPs in 2013 is simply no way forward.

Online johnp

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2202
  • Country: us
  • Karma: +66/-0
    • View Profile
Re: Split DNS
« Reply #3 on: December 24, 2013, 11:15:18 AM »
While I think UCA in server mode is supported, with the correct firewall settings I don't see security being unacceptible.

I suppose another alternative would be to run multiple domains on the servers involved. one that resolves internally and another external. The only downside would be the mobile users would need to always use the external.

Just looking for additional thoughts and ideas.

Offline Navarre

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +0/-1
    • View Profile
Re: Split DNS
« Reply #4 on: December 30, 2013, 12:03:01 PM »
While I think UCA in server mode is supported, with the correct firewall settings I don't see security being unacceptible.

I suppose another alternative would be to run multiple domains on the servers involved. one that resolves internally and another external. The only downside would be the mobile users would need to always use the external.

Just looking for additional thoughts and ideas.

The problem with differing internal and external domains is that the links in the web UIs tend to break due to bad assumptions in design, and absolute URLs.


 

Sitemap 1 2 3 4 5 6 7 8 9 10