Client makes a DNS SRV lookup for this domain and the result should be 2 DNS records, like:
199.192.1.2 (external IP)
168.x.x.x (internal IP)
The problem is our clients are sometimes connected via internal Intranet and sometimes over external Internet.
Client then first tries to connect to the external IP and if this doesn’t work, the client is probably in the “intranet” network and tries the internal IP.
If that doesn’t work either, the client should make a DNS TXT lookup and should try to connect with BOSH.
DNS is not provided by Openfire, but by your DNS server. You have to configure the DNS zone for domain.com with the SRV RRs for XMPP. Some goes for XEP-156 2 style “DNS lookup method”. How exactly this is configured depends on your used DNS server software. See also http://wiki.xmpp.org/web/SRV_Records
I would first disable the Java DNS cache to make sure that the clients do lookup the new IP address with “-Dnetworkaddress.cache.ttl=1” in Spark.vmoptions This should work, but one may still use tcpdump/wireshark to make sure that DNS requests are sent.
If you are still using IPv4 It makes sense to set also: “-Djava.net.preferIPv4Stack=true”
Not sure, what you with multi-home. I didn’t setup the network structure + Openfire, but our system admins told us, that when you are in the company’s intranet you can reach it ONLY via an internal IP address and NOT the external one. I don’t know why this is, but this is how it is configured.
If you are in the internet, e.g. at home, you obviously cannot reach it via the internal IP, but only via an external one.
So, you basically have 2 IP addresses pointing to the same server, but depending on where you are (intranet vs internet), then one will work and the other not.
So I thought somehow one DNS server which returns both IP addresses and is reachable from external and internal network may solve this problem, so that collegues don’t need to switch between server settings.
But maybe I am misunderstanding things. I am not very familiar with networking and DNS resolution.
When a service is avaiable under multiple IPs in different subnets.
our system admins told us, that when you are in the company’s intranet you can reach it ONLY via an internal IP address and NOT the external one
That’s madness. You will only run into problems with this setup, as it makes things unnecessarily complex. Even if your company policy is to restrict access to internet IPs, services like your companies XMPP server belong into a DMZ, which is reachable by your internal IPs and externally.
I could tell a dozens examples why you will run into problems with that setup. Good luck with that. DNS is your smallest problem, as that’s where SRV records are really useful.
I guess, it’s because of the general proxy stuff within a company. E.g. we can reach the external IP address from intranet, but only on port 80 over the company’s HTTP proxy server.
That means we can’t connect from intranet to external IP on port 5222 and therefore have to use the internal IP.