Monday, November 16, 2009

HOSTs, CNAMEs, SRVs Oh My!

DNS is a bit of an undiscovered country for me.  I’ve never had to set up a zone file.  As far as I know I’ve never even configured BIND (though it might have been configured on a linux distro by default).

Exchange 2007 introduced this wonderful thing called Autodiscover.  It is what it sounds like, a discovery service that Outlook 2007 clients can use to get information about exchange.

It works out-of-the box (mostly) if you’re hosting exchange yourself and your users are on a domain.

Getting it to work when you’re neither on a domain nor hosting exchange yourself is a bit of a bear involving, potentially, CNAMEs, SSL certificates, http redirection and, lastly, SRV records.

Outlook 2007 makes educated guesses about where it can access Autodiscover.  Unfortunately one of those guesses results in a persistent Security Warning if you’ve gone the CNAME route and your CNAME points to someone else’s (your mail hosting service) domain.

The recommended way (after applying this hotfix) to deal with this is to create an SRV record, a kind of specialized DNS entry pointing to the real Autodiscover service.  If you’re lucky enough to be handling DNS on a Windows box then there’s a handy GUI that makes setting up the SRV record a snap.

If you’re unlucky enough to have to use a paper-thin Web-based interface on top of DNS zone files then you, like me, get the joy of experiencing an anachronistic, extremely sparse configuration syntax (think sendmail.conf) that will choke on the slightest grammatical variation (e.g., forgot to end the host, which is actually a domain, with an extra .?  Clearly you weren’t thinking that would fly even though in every other context a trailing . on a domain name will *break* the request…).

What’s more, since DNS is a decentralized confederation every change you make takes a while to make its way through the system.  And while you can trick nslookup into using the nameservers where you made the change (surely they’d be up to date, right?), it’s about the only software you can trick into doing that – making it useless for any end-to-end testing.

No comments :

Post a Comment