Cisco Cisco Expressway Manuel De Maintenance
The Domain name is used when attempting to resolve unqualified server addresses (for example
ldapserver
ldapserver
). It is appended to the unqualified server address before the query is sent to the DNS server. If
the server address is fully qualified (for example ldapserver.mydomain.com) or is in the form of an IP
address, the domain name is not appended to the server address before querying the DNS server.
address, the domain name is not appended to the server address before querying the DNS server.
It applies to the following configuration settings in the Expressway:
n
LDAP server
n
NTP server
n
External Manager server
n
Remote logging server
You are recommended to use an IP address or FQDN (Fully Qualified Domain Name) for all server
addresses.
addresses.
Note that the FQDN of the Expressway is the System host name plus the Domain name.
Impact on SIP messaging
The System host name and Domain name are also used to identify references to this Expressway in SIP
messaging, where an endpoint has configured the Expressway as its SIP proxy in the form of an FQDN (as
opposed to an IP address, which is not recommended).
messaging, where an endpoint has configured the Expressway as its SIP proxy in the form of an FQDN (as
opposed to an IP address, which is not recommended).
In this case the Expressway may, for example, reject an INVITE request if the FQDN configured on the
endpoint does not match the System host name and Domain name configured on the Expressway. (Note
that this check occurs because the SIP proxy FQDN is included in the route header of the SIP request sent
by the endpoint to the Expressway.)
endpoint does not match the System host name and Domain name configured on the Expressway. (Note
that this check occurs because the SIP proxy FQDN is included in the route header of the SIP request sent
by the endpoint to the Expressway.)
DNS requests
By default, DNS requests use a random port from within the system's ephemeral port range.
If required, you can specify a custom port range instead by setting DNS requests port range to Use a
custom port range and then defining the DNS requests port range start and DNS requests port range
end fields. Note that setting a small source port range will increase your vulnerability to DNS spoofing
attacks.
custom port range and then defining the DNS requests port range start and DNS requests port range
end fields. Note that setting a small source port range will increase your vulnerability to DNS spoofing
attacks.
Configuring DNS server addresses
You must specify at least one DNS server to be queried for address resolution if you want to:
n
Use FQDNs (Fully Qualified Domain Names) instead of IP addresses when specifying external addresses
(for example for LDAP and NTP servers, neighbor zones and peers).
(for example for LDAP and NTP servers, neighbor zones and peers).
n
.
Default DNS servers
You can specify up to 5 default DNS servers.
n
The Expressway only queries one server at a time; if that server is not available the Expressway will try
another server from the list.
another server from the list.
n
The order that the servers are specified is not significant; the Expressway attempts to favor servers that
were last known to be available.
were last known to be available.
Cisco Expressway Administrator Guide (X8.1.1)
Page 24 of 343
Network and system settings
Network settings