Example dns record configuration, Uri dialing and firewall traversal, Recommended configuration – TANDBERG Security Camera User Manual
Page 119: Uri dialing, And firewall traversal
119
D14049.03
MAY 2008
Grey Headline (continued)
TANDBERG
VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
URI Dialing
URI Dialing for Incoming Calls
Example DNS Record Configuration
A company with the domain name
example.com
wants to enable incoming H.323 and SIP calls
using URI addresses in the format
. The VCS hosting the domain has the FQDN
vcs.example.com
.
Their DNS records would typically be as follows:
SRV record for
•
_ h323ls. _ udp.example.com
returns
vcs.example.com
SRV record for
•
_ h323cs. _ tcp.example.com
returns
vcs.example.com
SRV record for
•
_ sip. _ udp.example.com
returns
vcs.example.com
SRV record for
•
_ sip. _ tcp.example.com
returns
vcs.example.com
SRV record for
•
_ sips. _ tcp.example.com
returns
vcs.example.com
A record for
•
vcs.example.com
returns the IPv4 address of the VCS
AAAA record for
•
vcs.example.com
returns the IPv6 address of the VCS
How you add the DNS records depends on the type of DNS server you are using. Instructions for
setting up two common DNS servers are given in the Appendix
.
Recommended Configuration
If URI dialing is being used in conjunction with firewall traversal, DNS zones and DNS Servers
should be configured on the VCS Expressway and any VCSs on the public network only. VCSs
behind the firewall should not have any DNS zones or servers configured. This will ensure that
any outgoing URI calls made by endpoints registered with the VCS will be routed through the VCS
Expressway.
In addition, the DNS records should be configured with the address of the VCS Expressway as
the authoritative gatekeeper/proxy for the enterprise (see the Appendix
).
This ensures that incoming calls placed using URI dialing enter the enterprise through the VCS
Expressway, allowing successful traversal of the firewall.
URI Dialing and Firewall Traversal
In order for locally registered endpoints to be reached using URI dialing, they must register
using a full URI. This applies to both SIP and H.323 endpoints. If endpoints do not register
using a full URI, they will be discoverable only by the VCS to which they are registered, and
any neighbor VCSs.
Several mechanisms could have been used to locate the VCS. You may wish to enable calls
placed to
user@
to be routed to an existing registration for
. In this case you would configure a
that would
strip the IP address of the VCS from the incoming URI and replace it with the domain name of
example.com
.