Domain Name System (DNS)
Domain Name System, DNS is a system for converting host names and domain names into IP addresses on the Internet, or on local networks that use the TCP/IP protocol.
MX-ONE systems use DNS to associate host names to IP addresses to perform name resolution in the network.
Each MX-ONE server has a DNS Server running locally by default. The Local DNS server is always enabled in all servers in the MX-ONE System and it shall be used to translate names internally in the MX-ONE System.
The reason for using local DNS in MX-ONE is the fact that a real time communication system cannot afford to have network delays on name resolution, because it can compromise the whole communication system operation. In case of network failure or a DNS failure, all MX-ONE names can be resolved by the local DNS.
The MX-ONE local DNS Server shall be a sub-domain (a separate DNS zone) of the company DNS Server (domain.com), for example, mx-one.domain.com.
Alternative 1:
Configure the corporate DNS to delegate the DNS Zone, for example mx-one.domain.com, to MX-ONE Server. If there are more than one MX-ONE servers in the system, add multiple alias addresses to MX-ONE sub-domain in the corporate DNS.
The delegation is effected by advertising mx-one.domain.com as a “NS RR” record and an “A RR” record mapping mx-one.domain.com to the IP address of MX-ONE Server. The first query to the corporate DNS on some host in mx-one.domain.com will now be forwarded to DNS in MX-ONE Server. The result will be cached in the corporate DNS in order to lessen the traffic to MX-ONE Server.
The DNS in MX-ONE Server only resolves its own domain hosts, so for external DNS queries, the corporate DNS must be set as the DNS forwarder server. The forwarder DNS server must support DNSSEC. If the corporate DNS does not support DNSSEC, add a new DNS server in between (proxy) that supports DNSSEC, then use this new DNS server as proxy to forward requests to the coporate DNS.
The figure below explains the interaction when several DNS are involved.
Alternative 2:
All the hosts resolved by the DNS in MX-ONE may be defined as a DNS Zone in the corporate DNS instead of defining a delegation to the MX-ONE Server. The reason for this could be to ease administration of SRV Records and multiple A records for the mx-one domain. The drawback is that the DNS Server data between DNS in MX-ONE and the corporate DNS Server may diverge over time.
To be able to register terminals in TLS mode the internal names used by MX-ONE must be added to the DNS. See operational direction for Certificate Management for description of the internal FQDN name.