Hi Bogdan,
I am not using any nat test functions, at least at the part of the script that handles INVITEs. I am using allow_trusted() in caching mode. But if allow_trusted was doing the DNS query then I should also see it after the first INVITE and before the "407 Proxy Auth Reqd". I am also using lcr module. So, is it possible that load_gws() or next_gw() is responsible for the DNS query?
Regards,
George
-----Original Message----- From: Bogdan-Andrei Iancu [mailto:bogdan@voice-system.ro] Sent: Thursday, December 14, 2006 7:14 PM To: Papadopoulos Georgios Cc: users@openser.org Subject: Re: [Users] DNS queries and TLS
Hi George,
TLS = Thread Local Storage
Papadopoulos Georgios wrote:
Hello,
I am having some performance issues with Openser and I tend
to believe
they are related with DNS. So I am trying to figure out
when and why
Openser is doing DNS queries. Doing ngrep on port 53 I
realized that
right before sending out the "100 trying -- your call is
important to
us" message, Openser is doing a reverse DNS lookup for the IP where the INVITE came from. So the sequence is something like: client Openser DNS |---INVITE------------------------>| |<---407 Proxy Auth Reqd---| |---ACK--------------------------->| |---INVITE------------------------>| |---client IP?-------->|
|<-------------------------|
|<--------------------100 trying---|
I am using Openser-1.1.0-notls and in my script I have dns=no rev_dns=no So first question is whether this DNS query is necessary and how I could avoid it.
the configuration options are ok (as time you do not use the command line -r or -R). I would say the rev dns query is not triggered by the t_relay() (actually the params control what DNS queries should be done when testing the "received" VIA param) - I have tested and I see no query before 100 trying, so it should be ok.
maybe you are using some nat test functions (like client_nat_test) or any other script functions that mask a dns query...can you check on this?
What is furthermore confusing is that I have a test system with the same Openser version and same script, where this DNS query is not happening. Looking into the production system I found the following: ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser linux-gate.so.1 => (0xffffe000) libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000) libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000) libc.so.6 => /lib/tls/libc.so.6 (0x55587000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2
(0x55555000) whereas
the test system shows: sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser libdl.so.2 => /lib/libdl.so.2 (0x7002c000) libresolv.so.2 => /lib/libresolv.so.2 (0x70040000) libc.so.6 => /lib/libc.so.6 (0x70064000) /lib/ld-linux.so.2 (0x70000000) So the two systems link to different libresolv.so libraries. Is the tls/libresolve.so that is responsible for the DNS query? Given that in both cases I
am using the
notls version of Openser 1.1, why is there a difference between the two?
the "tls" frm /lib/tls comes from "Thread Local Storage" and there are libraries implementations for thread env. It has nothing to do with TLS (Transport Layer Security)
regards, bogdan
thank you for any help
George
Disclaimer
The information in this e-mail and any attachments is
confidential. It
is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended
recipient,
please notify the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it. E-mail transmission cannot be guaranteed to be
secure or
error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Can you also post the INVITE which is processd and the ngrep of the DNS lookup (which domain is lookup up)
regards klaus
Papadopoulos Georgios wrote:
Hi Bogdan,
I am not using any nat test functions, at least at the part of the script that handles INVITEs. I am using allow_trusted() in caching mode. But if allow_trusted was doing the DNS query then I should also see it after the first INVITE and before the "407 Proxy Auth Reqd". I am also using lcr module. So, is it possible that load_gws() or next_gw() is responsible for the DNS query?
Regards,
George
-----Original Message----- From: Bogdan-Andrei Iancu [mailto:bogdan@voice-system.ro] Sent: Thursday, December 14, 2006 7:14 PM To: Papadopoulos Georgios Cc: users@openser.org Subject: Re: [Users] DNS queries and TLS
Hi George,
TLS = Thread Local Storage
Papadopoulos Georgios wrote:
Hello,
I am having some performance issues with Openser and I tend
to believe
they are related with DNS. So I am trying to figure out
when and why
Openser is doing DNS queries. Doing ngrep on port 53 I
realized that
right before sending out the "100 trying -- your call is
important to
us" message, Openser is doing a reverse DNS lookup for the IP where the INVITE came from. So the sequence is something like: client Openser DNS |---INVITE------------------------>| |<---407 Proxy Auth Reqd---| |---ACK--------------------------->| |---INVITE------------------------>| |---client IP?-------->|
|<-------------------------|
|<--------------------100 trying---|
I am using Openser-1.1.0-notls and in my script I have dns=no rev_dns=no So first question is whether this DNS query is necessary and how I could avoid it.
the configuration options are ok (as time you do not use the command line -r or -R). I would say the rev dns query is not triggered by the t_relay() (actually the params control what DNS queries should be done when testing the "received" VIA param) - I have tested and I see no query before 100 trying, so it should be ok.
maybe you are using some nat test functions (like client_nat_test) or any other script functions that mask a dns query...can you check on this?
What is furthermore confusing is that I have a test system with the same Openser version and same script, where this DNS query is not happening. Looking into the production system I found the following: ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser linux-gate.so.1 => (0xffffe000) libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000) libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000) libc.so.6 => /lib/tls/libc.so.6 (0x55587000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2
(0x55555000) whereas
the test system shows: sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser libdl.so.2 => /lib/libdl.so.2 (0x7002c000) libresolv.so.2 => /lib/libresolv.so.2 (0x70040000) libc.so.6 => /lib/libc.so.6 (0x70064000) /lib/ld-linux.so.2 (0x70000000) So the two systems link to different libresolv.so libraries. Is the tls/libresolve.so that is responsible for the DNS query? Given that in both cases I
am using the
notls version of Openser 1.1, why is there a difference between the two?
the "tls" frm /lib/tls comes from "Thread Local Storage" and there are libraries implementations for thread env. It has nothing to do with TLS (Transport Layer Security)
regards, bogdan
thank you for any help
George
Disclaimer
The information in this e-mail and any attachments is
confidential. It
is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended
recipient,
please notify the sender immediately. Unless you are the intended recipient or his/her representative you are not authorized to, and must not, read, copy, distribute, use or retain this message or any part of it. E-mail transmission cannot be guaranteed to be
secure or
error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Klaus Darilion -
Papadopoulos Georgios