Cisco Cisco Expressway Maintenance Manual
Configuring DNS Zones
DNS zones allow you to locate endpoints via a DNS lookup. You can create one or more search rules for DNS zones
based on pattern matching of the endpoints’ aliases.
based on pattern matching of the endpoints’ aliases.
After you have configured one or more DNS zones, you can:
■
apply transforms to alias search requests directed to that group of endpoints
■
control the bandwidth used for calls between your local Expressway and each group of DNS endpoints
The configurable options for a DNS zone are:
Field
Description
Usage tips
Name
The name acts as a unique identifier, allowing you to
distinguish between zones of the same type.
distinguish between zones of the same type.
Type
The nature of the specified zone, in relation to the
local Expressway. Select DNS.
local Expressway. Select DNS.
After a zone has been created, the Type
cannot be changed.
cannot be changed.
Hop count
The hop count is the number of times a request will
be forwarded to a neighbor gatekeeper or proxy (see
the
be forwarded to a neighbor gatekeeper or proxy (see
the
field specifies the hop count to use when sending a
search request to this particular zone.
search request to this particular zone.
If the search request was received from
another zone and already has a hop count
assigned, the lower of the two values is used.
another zone and already has a hop count
assigned, the lower of the two values is used.
H.323
mode
mode
Determines whether H.323 calls are allowed to
systems and endpoints located using DNS lookups
via this zone.
systems and endpoints located using DNS lookups
via this zone.
SIP mode
Determines whether SIP calls are allowed to systems
and endpoints located using DNS lookups via this
zone.
and endpoints located using DNS lookups via this
zone.
TLS verify
mode and
subject
name
mode and
subject
name
Controls whether the Expressway performs X.509
certificate checking against the destination system
server returned by the DNS lookup.
certificate checking against the destination system
server returned by the DNS lookup.
If TLS verify mode is enabled, a TLS verify subject
name must be specified. This is the certificate
holder's name to look for in the destination system
server's X.509 certificate.
name must be specified. This is the certificate
holder's name to look for in the destination system
server's X.509 certificate.
This setting only applies if the DNS lookup
specifies TLS as the required protocol. If TLS
is not required then the setting is ignored. See
specifies TLS as the required protocol. If TLS
is not required then the setting is ignored. See
TLS verify
subject
name
subject
name
The certificate holder's name to look for in the
destination system server's X.509 certificate (must
be in either the Subject Common Name or the
Subject Alternative Name attributes).
destination system server's X.509 certificate (must
be in either the Subject Common Name or the
Subject Alternative Name attributes).
Fallback
transport
protocol
transport
protocol
The transport type to use for SIP calls from the DNS
zone, when DNS NAPTR records and SIP URI
parameters do not provide the preferred transport
information.
zone, when DNS NAPTR records and SIP URI
parameters do not provide the preferred transport
information.
The default is UDP (if enabled).
Media
encryption
mode
encryption
mode
Controls the media encryption policy applied by the
Expressway for SIP calls (including interworked calls)
to the internet.
Expressway for SIP calls (including interworked calls)
to the internet.
for more information.
ICE
support
support
Controls whether ICE messages are supported by the
devices in this zone.
devices in this zone.
105
Cisco Expressway Administrator Guide