[Users] DNS queries and TLS

Klaus Darilion klaus.mailinglists at pernau.at
Fri Dec 15 11:42:22 CET 2006 

Can you also post the INVITE which is processd and the ngrep of the DNS 
lookup (which domain is lookup up)

regards
klaus

Papadopoulos Georgios wrote:
> Hi Bogdan,
> 
> I am not using any nat test functions, at least at the part of the
> script that handles INVITEs. I am using allow_trusted() in caching mode.
> But if allow_trusted was doing the DNS query then I should also see it
> after the first INVITE and before the "407 Proxy Auth Reqd". I am also
> using lcr module. So, is it possible that load_gws() or next_gw() is
> responsible for the DNS query? 
> 
> Regards,
> 
> George 
> 
>  
> 
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] 
>> Sent: Thursday, December 14, 2006 7:14 PM
>> To: Papadopoulos Georgios
>> Cc: users at openser.org
>> Subject: Re: [Users] DNS queries and TLS
>>
>> Hi George,
>>
>>
>> TLS = Thread Local Storage
>>
>>
>>
>> Papadopoulos Georgios wrote:
>>
>>> Hello,
>>>  
>>> I am having some performance issues with Openser and I tend 
>> to believe 
>>> they are related with DNS. So I am trying to figure out 
>> when and why 
>>> Openser is doing DNS queries. Doing ngrep on port 53 I 
>> realized that 
>>> right before sending out the "100 trying -- your call is 
>> important to 
>>> us" message, Openser is doing a reverse DNS lookup for the IP where 
>>> the INVITE came from. So the sequence is something like:
>>> client                            Openser                   DNS
>>>    |---INVITE------------------------>|
>>>    |<---407 Proxy Auth Reqd---|
>>>    |---ACK--------------------------->|
>>>    |---INVITE------------------------>|
>>>                                            |---client IP?-------->|
>>>                                            
>> |<-------------------------|
>>>    |<--------------------100 trying---|
>>>  
>>>  
>>> I am using Openser-1.1.0-notls and in my script I have dns=no 
>>> rev_dns=no So first question is whether this DNS query is necessary 
>>> and how I could avoid it.
>> the configuration options are ok (as time you do not use the 
>> command line -r or -R). I would say the rev dns query is not 
>> triggered by the
>> t_relay() (actually the params control what DNS queries 
>> should be done when testing the "received" VIA param) - I 
>> have tested and I see no query before 100 trying, so it should be ok.
>>
>> maybe you are using some nat test functions (like 
>> client_nat_test) or any other script functions that mask a 
>> dns query...can you check on this?
>>
>>>  
>>> What is furthermore confusing is that I have a test system with the 
>>> same Openser version and same script, where this DNS query is not 
>>> happening. Looking into the production system I found the following:
>>> ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser
>>>         linux-gate.so.1 =>  (0xffffe000)
>>>         libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000)
>>>         libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000)
>>>         libc.so.6 => /lib/tls/libc.so.6 (0x55587000)
>>>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 
>> (0x55555000) whereas 
>>> the test system shows:
>>> sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser
>>>         libdl.so.2 => /lib/libdl.so.2 (0x7002c000)
>>>         libresolv.so.2 => /lib/libresolv.so.2 (0x70040000)
>>>         libc.so.6 => /lib/libc.so.6 (0x70064000)
>>>         /lib/ld-linux.so.2 (0x70000000) So the two systems link to 
>>> different libresolv.so libraries. Is the tls/libresolve.so that is 
>>> responsible for the DNS query? Given that in both cases I 
>> am using the 
>>> notls version of Openser 1.1, why is there a difference between the 
>>> two?
>> the "tls" frm /lib/tls comes from "Thread Local Storage" and 
>> there are libraries implementations for thread env. It has 
>> nothing to do with TLS (Transport Layer Security)
>>
>> regards,
>> bogdan
>>
>>>  
>>> thank you for any help
>>>  
>>> George
>>>  
>>>
>>>
>>>   Disclaimer
>>>
>>> The information in this e-mail and any attachments is 
>> confidential. It 
>>> is intended solely for the attention and use of the named 
>>> addressee(s). If you are not the intended recipient, or person 
>>> responsible for delivering this information to the intended 
>> recipient, 
>>> please notify the sender immediately. Unless you are the intended 
>>> recipient or his/her representative you are not authorized to, and 
>>> must not, read, copy, distribute, use or retain this message or any 
>>> part of it. E-mail transmission cannot be guaranteed to be 
>> secure or 
>>> error-free as information could be intercepted, corrupted, lost, 
>>> destroyed, arrive late or incomplete, or contain viruses.
>>>
>>> -------------------------------------------------------------
>> ----------
>>> -
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>>  
>>>
>>
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users


-- 
Klaus Darilion
nic.at

More information about the Users mailing list