Thanks for this suggestion.

I ended up replacing permissions module allow_source_address() with sql queries.    Not sure how well it will scale but seems to work ok on a test system. 
In order to use allow_source_address() I would need to save all returned IP addresses in the database.  The problem with that is it will not automatically update if DNS changes.  I still have not ruled out doing that if this ends up bogging down when the server gets busy.

Excessive DNS queries/delays do not appear to be a problem with this because it is cached in Kamailio DNS resolver. It renews every 120 seconds by default unless configured otherwise.

You can view the contents of the dns resolver by running "kamcmd dns.view".

Here is the replaced IPAUTH section I created for anyone who may be interested.

modparam("sqlops", "sqlcon", "kamailio=>unixodbc:///kamailio-connector")
.
.
.
#!ifdef WITH_IPAUTH
    if((!is_method("REGISTER")) && $au == "")
    {
        sql_query("kamailio", "SELECT ip_addr FROM address", "ka");
        if($dbr(ka=>rows)>0)
        {
            $var(dnsname) = $null;
            $var(i) = 0;
            while($var(i)<$dbr(ka=>rows))
            {
                $var(dnsname) = $dbr(ka=>[$var(i),0]);
                if (dns_int_match_ip("$var(dnsname)", "$si"))
                    {
                        # source IP allowed, leave the 'while' parent loop.
                        $var(i) = $dbr(ka=>rows);
                        return;
                    }
                $var(i) = $var(i) + 1;
            }
            return;
        }
        sql_result_free("ka");       
        return;
    }


On 3/9/2015 4:27 AM, Daniel-Constantin Mierla wrote:
Hello,


On 08/03/15 21:38, canuck15 wrote:

Here is is the relevant section of kamailio.cfg

$var(tempfU) = $fU;
#!ifdef WITH_IPAUTH
    if((!is_method("REGISTER")) && allow_source_address() && $au == "")
    {
        # Loading $fU from database using IP

        sql_pvquery("elxpbx", "SELECT name FROM sip WHERE host = '$si'
AND sippasswd IS NULL", "$var(tempfU)");

        # source IP allowed
        return;
    }

The problem is that when host= somefqdn.com the above will fail since
$si will always be an IP address as far as I can tell.  More often
than not host= is a fqdn and requiring it to always be an IP address
is not an option.  Converting it to IP before storing it in the DB is
also not an option because it needs to be able to work of the IP
address changes.

So how can the above be done to accomodate the possibility that host=
somefqdn.com or an IP address.  Preferably in such a way that it can
scale to hundreds/thousands of rows in the database without slowing
things down or crashing.

as first remark, note that permissions module can work with hostanmes in
the address table.

On the other hand, having what you want might not work. If you want to
test if a request comes from xyz.com, doing a dns query on xyz.com can
return a different IP than what was used for sending. If xyz.com has
many IP addresses associated with and they do load balancing, they are
usually returning just a subset of their IP addresses, not all of them.

In this case, the best is to discover the subnet addresses used by
xyz.com and store them in the address table, then use permissions in the
config.

Otherwise, you can try by doing a query and extract all hostnames from
the database with sqlops and then loop through them and test with the
functions from ipops module. You must have a fast dns server in order to
not slow down the processing in the case you have lots of hostnames.

Cheers,
Daniel