Hello,
I am having some performance issues with Openser and I tend to believe they are related with DNS. So I am trying to figure out when and why Openser is doing DNS queries. Doing ngrep on port 53 I realized that right before sending out the "100 trying -- your call is important to us" message, Openser is doing a reverse DNS lookup for the IP where the INVITE came from. So the sequence is something like: client Openser DNS |---INVITE------------------------>| |<---407 Proxy Auth Reqd---| |---ACK--------------------------->| |---INVITE------------------------>| |---client IP?-------->| |<-------------------------| |<--------------------100 trying---|
I am using Openser-1.1.0-notls and in my script I have dns=no rev_dns=no So first question is whether this DNS query is necessary and how I could avoid it.
What is furthermore confusing is that I have a test system with the same Openser version and same script, where this DNS query is not happening. Looking into the production system I found the following: ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser linux-gate.so.1 => (0xffffe000) libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000) libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000) libc.so.6 => /lib/tls/libc.so.6 (0x55587000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x55555000) whereas the test system shows: sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser libdl.so.2 => /lib/libdl.so.2 (0x7002c000) libresolv.so.2 => /lib/libresolv.so.2 (0x70040000) libc.so.6 => /lib/libc.so.6 (0x70064000) /lib/ld-linux.so.2 (0x70000000)
So the two systems link to different libresolv.so libraries. Is the tls/libresolve.so that is responsible for the DNS query? Given that in both cases I am using the notls version of Openser 1.1, why is there a difference between the two?
thank you for any help
George
Disclaimer The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
Hi George,
TLS = Thread Local Storage
Papadopoulos Georgios wrote:
Hello,
I am having some performance issues with Openser and I tend to believe they are related with DNS. So I am trying to figure out when and why Openser is doing DNS queries. Doing ngrep on port 53 I realized that right before sending out the "100 trying -- your call is important to us" message, Openser is doing a reverse DNS lookup for the IP where the INVITE came from. So the sequence is something like: client Openser DNS |---INVITE------------------------>| |<---407 Proxy Auth Reqd---| |---ACK--------------------------->| |---INVITE------------------------>| |---client IP?-------->| |<-------------------------| |<--------------------100 trying---|
I am using Openser-1.1.0-notls and in my script I have dns=no rev_dns=no So first question is whether this DNS query is necessary and how I could avoid it.
the configuration options are ok (as time you do not use the command line -r or -R). I would say the rev dns query is not triggered by the t_relay() (actually the params control what DNS queries should be done when testing the "received" VIA param) - I have tested and I see no query before 100 trying, so it should be ok.
maybe you are using some nat test functions (like client_nat_test) or any other script functions that mask a dns query...can you check on this?
What is furthermore confusing is that I have a test system with the same Openser version and same script, where this DNS query is not happening. Looking into the production system I found the following: ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser linux-gate.so.1 => (0xffffe000) libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000) libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000) libc.so.6 => /lib/tls/libc.so.6 (0x55587000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x55555000) whereas the test system shows: sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser libdl.so.2 => /lib/libdl.so.2 (0x7002c000) libresolv.so.2 => /lib/libresolv.so.2 (0x70040000) libc.so.6 => /lib/libc.so.6 (0x70064000) /lib/ld-linux.so.2 (0x70000000) So the two systems link to different libresolv.so libraries. Is the tls/libresolve.so that is responsible for the DNS query? Given that in both cases I am using the notls version of Openser 1.1, why is there a difference between the two?
the "tls" frm /lib/tls comes from "Thread Local Storage" and there are libraries implementations for thread env. It has nothing to do with TLS (Transport Layer Security)
regards, bogdan
thank you for any help
George
Disclaimer
The information in this e-mail and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Bogdan-Andrei Iancu -
Papadopoulos Georgios