[Users] DNS queries and TLS

Papadopoulos Georgios geop at altectelecoms.gr
Fri Dec 15 10:50:22 CET 2006 

Hi Bogdan,

I am not using any nat test functions, at least at the part of the
script that handles INVITEs. I am using allow_trusted() in caching mode.
But if allow_trusted was doing the DNS query then I should also see it
after the first INVITE and before the "407 Proxy Auth Reqd". I am also
using lcr module. So, is it possible that load_gws() or next_gw() is
responsible for the DNS query? 

Regards,

George 

 

> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] 
> Sent: Thursday, December 14, 2006 7:14 PM
> To: Papadopoulos Georgios
> Cc: users at openser.org
> Subject: Re: [Users] DNS queries and TLS
> 
> Hi George,
> 
> 
> TLS = Thread Local Storage
> 
> 
> 
> Papadopoulos Georgios wrote:
> 
> > Hello,
> >  
> > I am having some performance issues with Openser and I tend 
> to believe 
> > they are related with DNS. So I am trying to figure out 
> when and why 
> > Openser is doing DNS queries. Doing ngrep on port 53 I 
> realized that 
> > right before sending out the "100 trying -- your call is 
> important to 
> > us" message, Openser is doing a reverse DNS lookup for the IP where 
> > the INVITE came from. So the sequence is something like:
> > client                            Openser                   DNS
> >    |---INVITE------------------------>|
> >    |<---407 Proxy Auth Reqd---|
> >    |---ACK--------------------------->|
> >    |---INVITE------------------------>|
> >                                            |---client IP?-------->|
> >                                            
> |<-------------------------|
> >    |<--------------------100 trying---|
> >  
> >  
> > I am using Openser-1.1.0-notls and in my script I have dns=no 
> > rev_dns=no So first question is whether this DNS query is necessary 
> > and how I could avoid it.
> 
> the configuration options are ok (as time you do not use the 
> command line -r or -R). I would say the rev dns query is not 
> triggered by the
> t_relay() (actually the params control what DNS queries 
> should be done when testing the "received" VIA param) - I 
> have tested and I see no query before 100 trying, so it should be ok.
> 
> maybe you are using some nat test functions (like 
> client_nat_test) or any other script functions that mask a 
> dns query...can you check on this?
> 
> >  
> > What is furthermore confusing is that I have a test system with the 
> > same Openser version and same script, where this DNS query is not 
> > happening. Looking into the production system I found the following:
> > ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser
> >         linux-gate.so.1 =>  (0xffffe000)
> >         libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000)
> >         libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000)
> >         libc.so.6 => /lib/tls/libc.so.6 (0x55587000)
> >         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 
> (0x55555000) whereas 
> > the test system shows:
> > sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser
> >         libdl.so.2 => /lib/libdl.so.2 (0x7002c000)
> >         libresolv.so.2 => /lib/libresolv.so.2 (0x70040000)
> >         libc.so.6 => /lib/libc.so.6 (0x70064000)
> >         /lib/ld-linux.so.2 (0x70000000) So the two systems link to 
> > different libresolv.so libraries. Is the tls/libresolve.so that is 
> > responsible for the DNS query? Given that in both cases I 
> am using the 
> > notls version of Openser 1.1, why is there a difference between the 
> > two?
> 
> the "tls" frm /lib/tls comes from "Thread Local Storage" and 
> there are libraries implementations for thread env. It has 
> nothing to do with TLS (Transport Layer Security)
> 
> regards,
> bogdan
> 
> >  
> > thank you for any help
> >  
> > George
> >  
> >
> >
> >   Disclaimer
> >
> > The information in this e-mail and any attachments is 
> confidential. It 
> > is intended solely for the attention and use of the named 
> > addressee(s). If you are not the intended recipient, or person 
> > responsible for delivering this information to the intended 
> recipient, 
> > please notify the sender immediately. Unless you are the intended 
> > recipient or his/her representative you are not authorized to, and 
> > must not, read, copy, distribute, use or retain this message or any 
> > part of it. E-mail transmission cannot be guaranteed to be 
> secure or 
> > error-free as information could be intercepted, corrupted, lost, 
> > destroyed, arrive late or incomplete, or contain viruses.
> >
> >-------------------------------------------------------------
> ----------
> >-
> >
> >_______________________________________________
> >Users mailing list
> >Users at openser.org
> >http://openser.org/cgi-bin/mailman/listinfo/users
> >  
> >
> 
>

More information about the Users mailing list