Bug #2841
missing DNS records
| Status: | Resolved | Start date: | 01/05/2014 | |
|---|---|---|---|---|
| Priority: | Urgent | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | Spent time: | - | |
| Target version: | - | |||
| Component: |
Description
Hi,
Running:
host -t NAPTR ostel.co
host -t SRV _sips._tcp.ostel.co
shows that ostel.co has no NAPTR or SRV records. This makes federating with other sip proxies nearly impossible. I tried calling to your proxy from my kamailio based proxy and get:
ERROR: sl_reply_error used: Unresolvable destination (478/SL)
Jan 5 15:55:02 oxcred /usr/sbin/kamailio3217: ERROR: <core> [resolve.c:1727]: ERROR: sip_hostport2su: could not resolve hostname: "ostel.co"
When I try to ring my proxy from yours I get a timeout/408. I did a packet capture an my proxy via:
ngrep -d any port 5060 or 5061 -W byline
The packets arrived in clear text on port 5060!! I had all these problems originally with my kamailio proxy. I fixed them by:
1) Disabling all transports except TLS on my kamailio proxy see my wiki https://www.johncahill.net/wiki/index.php/Skype_like_conferencing_System (also based on Daniel-Constantin Mierla's work :-) )
2) enabling SRV lookups on Kamailio and setting up dns SRV records for my domain.
Love what you doing by the way with OSTN/OSTEL. Many thanks.
John
History
#1 Updated by lee about 4 years ago
- Status changed from New to Resolved
Good catch. Thanks. I added the SRV record. Unfortunately, my DNS publisher (name.com) doesn't support NAPTR records.
#2 Updated by lee about 4 years ago
Regarding the TLS only issue, I don't think this would be wise. The encrypted protocol is determined by the client. This is much like having an HTTP and HTTPS web site. Very few sites would completely disable HTTP, rather they redirect from HTTP to the HTTPS server. Doing this with SIP is very complicated, though possible. Worth looking into.