Access Enterprise DNS applications with Service Discovery
Learn to use EAA Client for accessing enterprise DNS applications with Service Discovery.
Domain Name System (DNS) is the process of converting a domain name, like a web URL to an IP address for the server providing the service. This translation is done using A record (address record). In addition, DNS provides SRV (Service) and PTR (Pointer) records. SRV records are used to discover services on an Enterprise server. PTR records are used to do reverse look-up by translating an IP address to a domain or host name. Enterprise applications like Microsoft Outlook use SRV and PTR queries to find the correct server for delivering services like mail and calendar. EAA Client will need to intercept these PTR and SRV queries so that it can be forwarded to the enterprise DNS server. The DNS server selects the responsible server to provide the service to the user. When EAA Client intercepts these queries, it uses the DNS applications in the EAA Management portal to resolve them.
For this to work, configure these steps:
STEP 1: Create a DNS application. You can create DNS applications to handle PTR and SRV records by enabling service discovery option.
STEP 2: Enable the Enable Service Discovery DNS request in the identity provider Allow the identity provider to send DNS requests for discovering services offered by Enterprise servers. The IdP also informs EAA Client to take care of handling SRV and PTR records.
STEP 3: Create and configure a wildcard tunnel-type client-access application with the relevant wildcard domains that should be intercepted by EAA Client.
For example, if you want EAA Client to handle SRV and PTR records to Microsoft Enterprise DNS, you can provide microsoft.com as the search domain in the DNS application, allow the IdP for enabling Service discovery DNS requests, and create a wildcard tunnel-type client application with *.microsoft.com as the internal host.
- The EAA administrator cannot customize the Enterprise DNS application URL.
- You cannot attach an IdP to an Enterprise DNS application. It is not possible to have specific DNS servers for the same search domain for users in a particular region served by an identity provider. This can increase the latency for the users.
STEP 1: Create a DNS application
- Log into the Enterprise Application Access Management Portal.
- From the top menu bar, click
- Click Add DNS.
Provide this data for the DNS
- Name. A name for the DNS application.
- Description. A description for the DNS application.
- Click Create and configure.
Provide this data for the
- Search Domain/s. The domain name you want EAA Client to intercept.
- (Optional) Click Add Domain. Enter any additional search domains you want EAA Client to intercept.
- Service Discovery. Enable this option to allow EAA Client to resolve PTR records and SRV records.
- Application Discovery. Enable this option to allow EAA Client to resolve A records.
For DNS server you
can select one of these:
- Use connector’s DNS server. Uses the DNS server of the connector.
Custom DNS server.
Provide this data:
Primary DNS. Provide as Primary DNS IP address and port number.
Secondary DNS. Provide as Secondary DNS IP address and port number.
Provide this data for the
- Akamai Cloud Zone. Select the cloud zone closest to the connector.
- Associated connectors. Click Add or remove connector. Select the connector which has the connectivity to the DNS server in step 7.
- Click Done.
- Click Save changes.
STEP 2: Enable the identity provider to use the DNS application
Before you begin
- Log in to the Enterprise Application Access Management Portal.
- From the top menu bar click .
- Click the settings (gear) icon on the IdP card for which you have enabled EAAClient settings.
- Click Advanced Settings.
- Select Enable Service Discovery DNS request.
- Click Save and go to Deployment.. Then deploy the identity provider.