Hi Bogdan,
I am not using any nat test functions, at least at the part of the
script that handles INVITEs. I am using allow_trusted() in caching mode.
But if allow_trusted was doing the DNS query then I should also see it
after the first INVITE and before the "407 Proxy Auth Reqd". I am also
using lcr module. So, is it possible that load_gws() or next_gw() is
responsible for the DNS query?
Regards,
George
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan@voice-system.ro]
Sent: Thursday, December 14, 2006 7:14 PM
To: Papadopoulos Georgios
Cc: users(a)openser.org
Subject: Re: [Users] DNS queries and TLS
Hi George,
TLS = Thread Local Storage
Papadopoulos Georgios wrote:
Hello,
I am having some performance issues with Openser and I tend
to believe
they are related with DNS. So I am trying to
figure out
when and why
Openser is doing DNS queries. Doing ngrep on port
53 I
realized that
right before sending out the "100 trying --
your call is
important to
us" message, Openser is doing a reverse DNS
lookup for the IP where
the INVITE came from. So the sequence is something like:
client Openser DNS
|---INVITE------------------------>|
|<---407 Proxy Auth Reqd---|
|---ACK--------------------------->|
|---INVITE------------------------>|
|---client IP?-------->|
|<-------------------------|
|<--------------------100 trying---|
I am using Openser-1.1.0-notls and in my script I have dns=no
rev_dns=no So first question is whether this DNS query is necessary
and how I could avoid it.
the configuration options are ok (as time you do not use the
command line -r or -R). I would say the rev dns query is not
triggered by the
t_relay() (actually the params control what DNS queries
should be done when testing the "received" VIA param) - I
have tested and I see no query before 100 trying, so it should be ok.
maybe you are using some nat test functions (like
client_nat_test) or any other script functions that mask a
dns query...can you check on this?
What is furthermore confusing is that I have a test system with the
same Openser version and same script, where this DNS query is not
happening. Looking into the production system I found the following:
ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser
linux-gate.so.1 => (0xffffe000)
libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000)
libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000)
libc.so.6 => /lib/tls/libc.so.6 (0x55587000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2
(0x55555000) whereas
the test system shows:
sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser
libdl.so.2 => /lib/libdl.so.2 (0x7002c000)
libresolv.so.2 => /lib/libresolv.so.2 (0x70040000)
libc.so.6 => /lib/libc.so.6 (0x70064000)
/lib/ld-linux.so.2 (0x70000000) So the two systems link to
different libresolv.so libraries. Is the tls/libresolve.so that is
responsible for the DNS query? Given that in both cases I
am using the
notls version of Openser 1.1, why is there a
difference between the
two?
the "tls" frm /lib/tls comes from "Thread Local Storage" and
there are libraries implementations for thread env. It has
nothing to do with TLS (Transport Layer Security)
regards,
bogdan
thank you for any help
George
Disclaimer
The information in this e-mail and any attachments is
confidential. It
is intended solely for the attention and use of
the named
addressee(s). If you are not the intended recipient, or person
responsible for delivering this information to the intended
recipient,
please notify the sender immediately. Unless you
are the intended
recipient or his/her representative you are not authorized to, and
must not, read, copy, distribute, use or retain this message or any
part of it. E-mail transmission cannot be guaranteed to be
secure or
error-free as information could be intercepted,
corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses.
-------------------------------------------------------------
----------
-
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users