Discovering Endpoints > Configuring DNS Service Record Discovery
Configuring DNS Service Record Discovery
Endpoints poll the DNS server for information about the PCoIP Management Console (i.e., the EBM/EM) to which they should connect only if the DHCP server does not have a DHCP option containing the PCoIP Management Console’s IP address or FQDN.
If an endpoint has already retrieved a DNS record before the DNS server is configured with PCoIP Management Console information, it does not poll the DNS server again until the record’s Time-To-Live expires (or the endpoint is rebooted). If the DHCP server does provide an option for the PCoIP Management Console address but the endpoint fails to connect for any reason (e.g., because of a certificate verification failure or the PCoIP Management Console address is not reachable), DNS record lookup will not occur.
Note: Do not configure DHCP options if you want to use DNS record discovery. Endpoints always prefer the PCoIP Management Console address or fingerprint that is specified in the DHCP options over that specified in the DNS record. If you provide the PCoIP Management Console address both as DHCP option and also as the DNS record, the endpoint will only use the PCoIP Management Console address found in the DHCP option.
DNS service record discovery requires you to have a DNS server in your network that is configured with the following DNS records:
- An address record (A record) that specifies the FQDN and IP address of the PCoIP Management Console. This record may be automatically created by the DHCP server.
Note: If you are configuring a DNS TXT record containing the certificate fingerprint (see below) and your endpoints are running a 5.0.x firmware version, a DNS PTR record that maps the PCoIP Management Console’s IP address to its host name is also required in order for the endpoint to find the DNS TXT record. Typically, the DHCP server talks to the DNS server to create the forward and reverse lookup records. Depending on the DHCP/DNS server configuration, however, the reverse lookup record may not get created automatically. Also, if the DNS forward lookup was created manually and the “Create associated pointer (PTR) record” checkbox was not enabled, the DNS reverse lookup record will not get created. If you experience any problems with your DNS configuration, see Appendix A: Troubleshooting DNS for the steps to perform to ensure that DNS is configured correctly for the PCoIP Management Console.
- A service location record (SRV record) that associates information such as the PCoIP Management Console’s TCP/IP service and the port the PCoIP Management Console listens on with the PCoIP Management Console’s domain and host name. The PCoIP Management Console’s TCP/IP service is called _pcoip-bootstrap, as shown in the example below.
- A DNS TXT record that contains the PCoIP Management Console certificate SHA-256 fingerprint is also required if you have not installed the PCoIP Management Console’s trusted root CA certificate (the PCoIP Management Console chain certificate) in the endpoint’s certificate store and you want to use automatic discovery. The record’s name must be the host name of the PCoIP Management Console offering the service. In the example below, this record is called pcoip-mc38719. The domain is appended automatically. If you configure a DNS TXT record, a DNS PTR record is also required. See the above note for details.
Note: The endpoint only picks up the fingerprint from the DNS TXT record if the PCoIP Management Console address is specified in a DNS SRV record. For example, if the PCoIP Management Console address is specified as a DHCP option but the fingerprint is provided as a DNS TXT record, the endpoint will not retrieve the fingerprint information in the DNS server. You should configure PCoIP Management Console information using either DHCP options or DNS records, but not both.
Before You Begin
Before beginning, you should have the following information handy:
- The PCoIP Management Console’s FQDN
- The PCoIP Management Console’s certificate fingerprint (i.e., the certificate’s digital signature). If provided, this fingerprint is only used when the endpoint’s security level is set to Low Security Environment and certificate verification has failed. It is ignored when the security level is set to Medium Security Environment or High Security Environment.
You can locate the PCoIP Management Console’s fingerprint as follows:
- Use Firefox to log in to the PCoIP Management Console web interface.
- Click the padlock icon in the browser’s address bar.
- Click More Information.
- Click View Certificate.
- In the Fingerprints section, copy and paste the SHA-256 fingerprint into a text editor.
Note: The examples in this section use Windows Server 2012 R2. The instructions may vary with other systems.
Adding the DNS SRV Record
To add the PCoIP Management Console DNS SRV record to DNS server:
- Log in to your Windows Server and select DNS.
- Right-click on your DNS server in the SERVERS pane and select DNS Manager from the context menu.
- In Forward Lookup Zones, right-click on your domain and select Other New Records from the context menu.
![](../Resources/Screenshots/WindowsServer/OtherNewRecords_479x351.png)
- In the Resource Record Type dialog, select Service Location (SRV) from the list and click Create Record.
![](../Resources/Screenshots/WindowsServer/CreateRecord_515x359.png)
- Fill in the entries as shown in the example below. Set Service to _pcoip-bootstrap, protocol to _tcp, and Port number to 5172, the PCoIP Management Console’s default listening port. For Host offering this service, enter the PCoIP Management Console’s FQDN.
Note: The PCoIP Management Console’s FQDN must be entered because the DNS specification does not allow an IP address in SRV records.
![](../Resources/Screenshots/WindowsServer/SRV_Record_350x244.png)
- Click OK.
- If you are not adding an optional DNS TXT record (see below) and have finished configuring your DNS server, power cycle your endpoints or put them online to allow them to make the connection to the PCoIP Management Console. You must also upload the PCoIP Management Console’s root CA certificate to the endpoint’s certificate store.
Adding a DNS TXT Record
If your endpoints do not have the PCoIP Management Console’s root CA certificate installed in their certificate store, you must configure your DNS server with a DNS TXT record containing the PCoIP Management Console certificate SHA-256 fingerprint.
- In Forward Lookup Zones, right-click on your domain and select Other New Records from the context menu.
- In the Resource Record Type dialog, select Text (TXT) from the list and click Create Record.
- Fill in the entries as follows:
- In the Record name field, enter the host name of the PCoIP Management Console offering the service (this example uses pcoip-mc38719). The FQDN field will be automatically populated for you. This should match the FQDN of the PCoIP Management Console.
- In the Text field, type pcoip-bootstrap-cert= and then paste the PCoIP Management Console certificate SHA-256 fingerprint you obtained above immediately after this prefix, as shown in the example below.
![](../Resources/Screenshots/WindowsServer/TXT_Record_350x392.png)
- Click OK.
- When you have finished configuring your DNS server, power cycle your endpoints or put them online to allow them to make the connection to the PCoIP Management Console.
Note: You can configure the PCoIP Management Console to automatically name endpoints and place them in a specific group when they are discovered. See Auto Naming Endpoints and Auto Configuring Endpoints for details.
See Appendix A: Troubleshooting DNS to verify that your DNS server is configured correctly for the PCoIP Management Console.