[OpenSIPS-Users] disable_dns_blacklist=no side effect

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Apr 24 17:17:03 CEST 2013


Hello Daniel,

True.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com


On 04/24/2013 04:46 PM, Daniel Nihlén wrote:
> Hi,
>
> Yes, the call attempt is timed out.
>
> So, destination will be added to "dns" list even if dns was never used 
> to route this request?  In other words, dns based failover is done 
> even if the r-uri contains IP (and not domain name)?
>
> Thanks
> Daniel
>
> On Wednesday 24 April 2013 at 14:15, Bogdan-Andrei Iancu wrote:
>
>> Hello Daniel,
>>
>> and your call times out ? or how is completed the call attempt. 
>> Because, per RFC DNs-based failover should be done if (1) transport 
>> error or (2) SIP error - timeout or 50x replies.
>>
>> In this cases opensips will consider it a failure, will try to do a 
>> DNS-based failover (if multiple IPs are available) and add the failed 
>> destination to the "dns" list.
>>
>> Regards,
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 04/24/2013 10:46 AM, Daniel Nihlén wrote:
>>> Hi,
>>>
>>> Thanks, I somehow manage to get IP-addresses that are never supposed 
>>> to be looked up by dns added to the dns blacklist. Is it someway I 
>>> accidentally cause lookup even when routing on IP?
>>>
>>> Here is what i do (public ip replaced by me)
>>>
>>> 1. INVITE request received with 
>>> sip:0852281833 at sip.mydomain.com;user=phone
>>> 2. I do some custom logic to route from db-saved destinations
>>> 3. r-uri rewritten to sip:087123456 at 10.10.10.10:5060
>>> 4. 10.10.10.10 offline - 10.10.10.10 is added to blacklist.
>>>
>>> From the config, involved lines:
>>> avp_db_query("SELECT dest_ip from my_forward_table where 
>>> number='$rU'", "$avp(result_dest_ip)")
>>> $var(toruri) = "sip:" + $rU +"@" + $avp(result_dest_ip);
>>> $ru = $var(tovururi);
>>> t_relay()
>>>
>>> From command line
>>> > opensipsctl fifo list_blacklists
>>> List:: dns owner=17 flags=6
>>> Rule::  flags=0
>>> IP:: 10.10.10.10
>>> Mask:: 255.255.255.255
>>> Proto:: 1
>>> Port:: 5060
>>> Expire:: 1474
>>>
>>>
>>> BR
>>> Daniel Nihlen
>>>
>>> On Tuesday 23 April 2013 at 11:54, Bogdan-Andrei Iancu wrote:
>>>
>>>> Hello Daniel,
>>>>
>>>> disable_dns_blacklist is used to store failed IPs which were 
>>>> discovered via DNS (NAPTR + SRV + A). Once an IP is blacklisted, it 
>>>> will be blocked in all cases, doesn't matter if calling via FQDN or 
>>>> directly IP.
>>>>
>>>> Regards,
>>>> Bogdan-Andrei Iancu
>>>> OpenSIPS Founder and Developer
>>>> http://www.opensips-solutions.com
>>>>
>>>> On 04/23/2013 11:30 AM, Daniel Nihlén wrote:
>>>>> Hi,
>>>>>
>>>>> (opensips 1.7.2)
>>>>>
>>>>> I have
>>>>> disable_dns_blacklist=no
>>>>>
>>>>> Good: Blacklisting for destinations that are discovered by srv 
>>>>> record but not responding are working.
>>>>>
>>>>> Bad: But I also get blacklisting on destinations that are 
>>>>> addressed with ip-address. Ex sip:087123456 at x.x.x.x:5060. I was 
>>>>> under the assumption that routing by IP-address should not be 
>>>>> blacklisted (judging by the _dns_ in the parameter name. :).
>>>>>
>>>>> Is this the designed behavior am I accidentally using dns for 
>>>>> IP-destiantions?
>>>>>
>>>>> Thanks
>>>>> Daniel Nihlen
>>>>> +46706604530
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130424/5503f30a/attachment.htm>


More information about the Users mailing list