Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Instant Messaging DNS config (how to setup my domain for IM)
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
I tried to follow this KB entry to prepare our domain for IM.
But there are some things that don't fit together.

Let's assume we have abc.com as our main domain for our compony.
I can now setup the SRV-entries to point to our Kerio Connect server (connect.def.com) as described in the KB article.
For some reason Apples Messaging app does not take the client SRV entry to find our server for auto-config. It just uses abc.com as server-address. So my first question: is that how it's supposed to be?

Ok, I then found out in the service availability check the Kerio Connect checks for an A-Record of our domain abc.com. That's a problem, because this DNS-record points to our web server, where our website is located. Changing it to our email-system would not be a good idea, would it?

It tried to use an alias domain for IM (im.abc.com), where I could setup an A-Record for the Connect server, but that brought up two other problems:

1. I can't use the alias domain as login.
2. The availability check does not check for alias domains (which probably would not be a real problem).

So, how do you setup your DNS?
Is there a solution for this dilemma?

Thank you, Sven.
  •  
Tomas Skoda (Kerio)

Messages: 107
Karma: 20
Send a private message to this user
desven wrote on Thu, 09 May 2013 14:47

Let's assume we have abc.com as our main domain for our compony.
I can now setup the SRV-entries to point to our Kerio Connect server (connect.def.com) as described in the KB article.
For some reason Apples Messaging app does not take the client SRV entry to find our server for auto-config. It just uses abc.com as server-address. So my first question: is that how it's supposed to be?

It is not. We run on similar configuration and Messages clients are able to auto-configure. Can you post here output from 'dig' command?

Quote:

Ok, I then found out in the service availability check the Kerio Connect checks for an A-Record of our domain abc.com. That's a problem, because this DNS-record points to our web server, where our website is located. Changing it to our email-system would not be a good idea, would it?

From our testing it looks like Messages check only if A record exists. If yes then it reads -xmpp_client record and connect to correct server. Only if -xmpp_client record is not set or is incorrect it uses the A record for connection.
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
Thank you for your reply.
I did setup now an A-Rec for our domain but Messages still does not receive the right server. DNS looks like this now:

;; QUESTION SECTION:
;hausgross.de. IN A
;; ANSWER SECTION:
hausgross.de. 64 IN A 82.192.199.20

;; QUESTION SECTION:
;_xmpp-client._tcp.hausgross.de. IN SRV
;; ANSWER SECTION:
_xmpp-client._tcp.hausgross.de. 17849 IN SRV 0 1 5223 k1.intra-net.eu.

Messages still uses hausgross.de as server when you say automatic.
The Connect IM Service check shows everything ok.

Any other hint?

[Updated on: Fri, 24 May 2013 16:54]

  •  
Tomas Skoda (Kerio)

Messages: 107
Karma: 20
Send a private message to this user
I did check Messages net traffic configured with a test account from your domain (probably non-existent, but it doesn't matter). Messages asks for correct DNS record, receives correct address, correctly resolves its IP address (212.88.148.26). The only problem is Messages tries to connect to 212.88.148.26 without using SSL even though port 5223 is default for SSL XMPP connections - and that is why connection is not established. It is worth mentioning that 5223 and SSL are in xmpp world marked as obsolete or legacy.

I recommend you to configure your DNS settings to use port 5222. It should then work auto-magically. Considering security, TLS is offered by the server and client should use it (depending on its configuration). You can force using TLS by Security Policy settings in WAM. Do not forget to flush your DNS cache on client machine by calling 'sudo killall -HUP mDNSResponder' (on Mac OS X 10.7+).

Cheers,
Tomas Skoda
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
Great tip. It now contacts the right server but gives an SSL error because domain (hausgross.de) and server (k1.intra-net.eu) do not match. For some reason Messages does not enter the server behind the SRV-config but keeps the domain where the SRV-record is configured in it server field. And, of course, these do not match.
Did you observe the behavior as well?
Do other IM clients behave the same (strange) way?
Previous Topic: CardDAV in contact OSX 10.8.3 - groups issue
Next Topic: CardDAV in contact OSX 10.8.3 - groups issue
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Oct 20 05:17:30 CEST 2017

Total time taken to generate the page: 0.00439 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.