Carriers with DNS names as the signaling address causes inbound calls from the carriers to fail

dOpensource / dsiprouter

UI Interface for implementing Kamailio to provide PBX Hosting and SIP Trunking Services

https://dsiprouter.org

Apache License 2.0

197 stars 104 forks source link

Carriers with DNS names as the signaling address causes inbound calls from the carriers to fail #348

Open mackhendricks opened 3 years ago

mackhendricks commented 3 years ago

This happens because dSIP only allows calls inbound from known IP addresses and a DNS name could resolve to multiple IP addresses.

I propose that we have a service that resolves all DNS names into IP addresses and store them in the address table. This service will run on a configurable timer.

devopsec commented 3 years ago

I agree, we have some functions already to resolve the DNS names but they all take the first valid IP and return it.
Would need to add an implementation or allow passing an arg to the func that returns all the IP's.
Then this can be run on first insert into address table and periodically in the background.
Could possibly be optimized by spinning up multiple processes when the cronjob kicks off...

tuxpowered commented 2 years ago

This should also make use of looking up SRV records,

dig SRV _sip._udp.us-west-or.sip.flowroute.com +short
20 50 5060 ep-us-east-nj-02.flowroute.com.
30 50 5060 ep-us-east-va-02.flowroute.com.
10 50 5060 ep-us-west-or-02.flowroute.com.
20 50 5060 ep-us-east-nj-01.flowroute.com.
10 50 5060 ep-us-west-or-01.flowroute.com.
30 50 5060 ep-us-east-va-01.flowroute.com.

When adding a Carrier group, it should additionally check if the hostname entered has SRV records, and update internally for those additional hosts. That should be added to any regular update checks.

The SRV lookups should include UDP/TCP and TLS (used by some providers including Lync)

_sip._udp.<domain>
_sip._tcp.<domain>
_sip._tls.<domain>

devopsec commented 9 months ago

@tuxpowered we have a separate issue open for SRV support, ref #522

devopsec commented 9 months ago

This did not make it into v0.70

This is a pretty high priority issue but we are keeping the scope for v0.75 intentionally small to make sure we hit all of the features slated for that release.

Bumping to v0.76

One more thing I want to add is that this feature should have DNS refresh rates configurable.
Think of it as a local cache....
The resolved addresses for each entry in the (not yet existing) dns_mapping table can be periodically updated.
Entries in the dns_mapping table will have a list of IDs for entries in the address table or uacreg table.
Both the permissions module and uac module can reload via RPC so that will be reloaded on a cronjob based on the DNS refresh rate.

This shouldn't be too hard to implement on the system side, but some more thought into how the local DNS settings should look in the GUI is up for discussion.