diff --git a/contrail/environment/modules/contrail/manifests/compute/config.pp b/contrail/environment/modules/contrail/manifests/compute/config.pp
index 2aada1c6..668902e6 100644
--- a/contrail/environment/modules/contrail/manifests/compute/config.pp
+++ b/contrail/environment/modules/contrail/manifests/compute/config.pp
@@ -37,6 +37,7 @@
     $contrail_host_roles = $::contrail::params::host_roles,
     $enable_lbass =  $::contrail::params::enable_lbass,
     $xmpp_auth_enable =  $::contrail::params::xmpp_auth_enable,
+    $xmpp_dns_auth_enable =  $::contrail::params::xmpp_dns_auth_enable,
     $enable_dpdk=  $::contrail::params::enable_dpdk,
 )  {
     $config_ip_to_use = $::contrail::params::config_ip_to_use
@@ -286,9 +287,7 @@
     # Ensure ctrl-details file is present with right content.
     include ::contrail::ctrl_details
 
-    if ($xmpp_auth_enable == true) {
-        include ::contrail::xmpp_cert_files
-    }
+    include ::contrail::xmpp_cert_files
 
     if ! defined(File['/opt/contrail/bin/set_rabbit_tcp_params.py']) {
         include ::contrail::compute::exec_set_rabbitmq_tcp_params
@@ -321,6 +320,7 @@
       'DEFAULT/platform' : value => "$contrail_work_mode";
       'DEFAULT/physical_interface_address' : value => "$pci_address";
       'DEFAULT/physical_interface_mac' : value => "$contrail_macaddr";
+      'DEFAULT/xmpp_dns_auth_enable' : value => "$xmpp_dns_auth_enable";
       'DISCOVERY/server' : value => "$discovery_ip";
       'DISCOVERY/max_control_nodes' : value => "$number_control_nodes";
       'HYPERVISOR/type' : value => "$hypervisor_type";
diff --git a/contrail/environment/modules/contrail/manifests/control/config.pp b/contrail/environment/modules/contrail/manifests/control/config.pp
index 5073d887..82944802 100644
--- a/contrail/environment/modules/contrail/manifests/control/config.pp
+++ b/contrail/environment/modules/contrail/manifests/control/config.pp
@@ -8,6 +8,7 @@
     $contrail_logoutput = $::contrail::params::contrail_logoutput,
     $config_ip_to_use = $::contrail::params::config_ip_to_use,
     $xmpp_auth_enable =  $::contrail::params::xmpp_auth_enable,
+    $xmpp_dns_auth_enable =  $::contrail::params::xmpp_dns_auth_enable,
 ) {
     # Main class code begins here
     case $::operatingsystem {
@@ -33,6 +34,7 @@
     }
 
     contrail_dns_config {
+      'DEFAULT/xmpp_dns_auth_enable' : value => "$xmpp_dns_auth_enable";
       'DEFAULT/hostip'    : value => $host_control_ip;
       'DEFAULT/log_file'  : value => '/var/log/contrail/dns.log';
       'DEFAULT/log_level' : value => 'SYS_NOTICE';
@@ -45,9 +47,6 @@
 
     contrail_control_config {
       'DEFAULT/xmpp_auth_enable' : value => "$xmpp_auth_enable";
-      'DEFAULT/xmpp_server_cert' : value => "/etc/contrail/ssl/certs/server.pem";
-      'DEFAULT/xmpp_server_key' : value => "/etc/contrail/ssl/private/server-privkey.pem";
-      'DEFAULT/xmpp_ca_cert' : value => "/etc/contrail/ssl/certs/ca-cert.pem";
       'DEFAULT/hostip'    : value => $host_control_ip;
       'DEFAULT/log_file'  : value => '/var/log/contrail/contrail-control.log';
       'DEFAULT/log_level' : value => 'SYS_NOTICE';
@@ -63,7 +62,5 @@
       'DISCOVERY/port'    : value => '5998';
     }
 
-    if ($xmpp_auth_enable == true) {
-        include ::contrail::xmpp_cert_files
-    }
+    include ::contrail::xmpp_cert_files
 }
diff --git a/contrail/environment/modules/contrail/manifests/init.pp b/contrail/environment/modules/contrail/manifests/init.pp
index beea03c5..caa0e714 100644
--- a/contrail/environment/modules/contrail/manifests/init.pp
+++ b/contrail/environment/modules/contrail/manifests/init.pp
@@ -530,6 +530,10 @@
 #     Flag for enabling xmpp autherization via cert exchange between agent and control.
 #     (optional) - Defaults to false.
 #
+# [*xmpp_dns_auth_enable*]
+#     Flag for enabling xmpp dns autherization via cert exchange between agent and control.
+#     (optional) - Defaults to false.
+#
 class contrail (
     $host_ip = undef,
     $uuid = undef,
@@ -666,6 +670,7 @@
     $tor_ha_config = "",
     $contrail_version = '',
     $xmpp_auth_enable = false,
+    $xmpp_dns_auth_enable = false,
     $package_sku = "juno",
     $core_mask = '',
     $huge_pages = '',
@@ -688,6 +693,7 @@
 	contrail_version =>			hiera(contrail::contrail_version, hiera(contrail::params::contrail_version, $contrail_version)),
 	enable_lbass =>				hiera(contrail::enable_lbass, hiera(contrail::params::enable_lbass, $enable_lbass)),
 	xmpp_auth_enable =>			hiera(contrail::xmpp_auth_enable, hiera(contrail::params::xmpp_auth_enable, $xmpp_auth_enable)),
+	xmpp_dns_auth_enable =>			hiera(contrail::xmpp_dns_auth_enable, hiera(contrail::params::xmpp_dns_auth_enable, $xmpp_dns_auth_enable)),
 	sync_db =>				hiera(contrail::sync_db, hiera(contrail::params::sync_db, $sync_db)),
         package_sku =>        hiera(contrail::package_sku, $package_sku),
         # HA Parameters
diff --git a/contrail/environment/modules/contrail/manifests/params.pp b/contrail/environment/modules/contrail/manifests/params.pp
index 096440da..c96b9bea 100644
--- a/contrail/environment/modules/contrail/manifests/params.pp
+++ b/contrail/environment/modules/contrail/manifests/params.pp
@@ -529,6 +529,10 @@
 #     Flag for enabling xmpp autherization via cert exchange between agent and control.
 #     (optional) - Defaults to false.
 #
+# [*xmpp_dns_auth_enable*]
+#     Flag for enabling xmpp dns autherization via cert exchange between agent and control.
+#     (optional) - Defaults to false.
+#
 class contrail::params (
     $host_ip,
     $uuid,
@@ -665,6 +669,7 @@
     $tor_ha_config,
     $contrail_version,
     $xmpp_auth_enable,
+    $xmpp_dns_auth_enable,
     $package_sku
 ) {
     if (($contrail_internal_vip != '') or