Hi Stefan,
Stefan Prelle wrote:
Hi all,
Am Donnerstag, den 29.03.2007, 09:17 -0400 schrieb Ovidiu Sas:
You can disable the dns blacklist feature in
openser.cfg:
disable_dns_blacklist=true
I ran into the same problem when trying to upgrade to 1.2.
Our PSTN-Gateway regulary maps some SS7 reason codes to a SIP 503.
From what I understand from
http://www.openser.org/docs/modules/1.2.x/tm.html#AEN103 , the first 503
received, blacklists the originating IP address (our gateway).
So, a few seconds after starting the 1.2 version, the OpenSER blocked
the whole trunk (running several thousand calls), just because one call
produced an 503, which originated in the PSTN.
unfortunately we have again an example of differences between theory and
practice. The RFC 3263, section 4.3 says:
For SIP requests, failure occurs if the transaction layer reports a
503 error response or a transport failure of some sort.......
also RFC 3261 says:
1.5.4 503 Service Unavailable
The server is temporarily unable to process the request due to a
temporary overloading or maintenance of the server. The server MAY
indicate when the client should retry the request in a Retry-After
header field. If no Retry-After is given, the client MUST act as if
it had received a 500 (Server Internal Error) response.
A client (proxy or UAC) receiving a 503 (Service Unavailable) SHOULD
attempt to forward the request to an alternate server. It SHOULD NOT
forward any other requests to that server for the duration specified
in the Retry-After header field, if present.
Servers MAY refuse the connection or drop the request instead of
responding with 503 (Service Unavailable).
so, my impression is that the GW does not follow the RFC specs when come
to error codes.
I think the blacklisting feature shouldn't be
enabled by default or at
least should the release notes carry a huge red blinking warning that
this auto blocking might be harmful.
yes, we need to work out this for the future.
Regards,
Bogdan
Regards,
Stefan
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users