I figured out the problem, and a work around, but not the solution. It is very strange.
The charity has Microsoft domain, with two domain controllers. When they did their rewiring, they forgot to turn one of their domain controllers. The one that was not turned on running on a very old computer with an old version of windows server. Once they turned on that domain controller the problem went away. On OpenBSD NSD acted as an additional name server for the Windows domain. Using the OpenBSD system as an addition name server allowed the fire wall to be booted before the windows domain controllers with its DNS is started. That allows the OpenBSD system to use DNS in its setup. Microsoft has updated something in their DNS that causes NSD to hang,. The newer domain controller was updated, the old one had no updates. The older domain controller was first on the list to have NSD update the domains. So, when both controllers were active NSD behaved properly. Before when the second domain controller was not started, NSD is would initially work for a will then hangs. If NSD was restarted it would work for a while, then again hang. The Polycom phone have a problem that when the first nameserver answers, it never looks further. The Polycom phones found the OpenBSD's named server first. That explains why the phone initially worked, then failed The work around is obvious, make sure the second name server is working. As for the solution, I have no idea why NSD is hanging, nor any idea of how to fix it. -----Original Message----- Sent: Tuesday, August 13, 2024 4:24 AM To: Peter Fraser <[email protected]> Cc: [email protected] Subject: Re: Missing packets? On Mon, Aug 12, 2024 at 09:29:57PM +0000, Peter Fraser wrote: > I support a charity and I look after a OpenBSD firewall. > The firewall supports asterisk, nsd, unbound, dhcpd. > Everything was working properly. > > Then they did some rewiring, and the behaviour of the system is now very > strange. > > When the system starts up, everything behaved properly, their phones > register, and calls can come in and go. > All the extension work, > Web access is fine, dns works fine, as does ssh, dhcp > > But once the registration of the phones to asterisk time out. The phones do > not reregister. > The registration by asterisk to the sip supplier (voip.ms) work fine. > > I put a packet trace on the interface, and I don't see and packets either as > tcp, udp or eithernet from the phones. > Not do I see an logs for pf for packets passed or blocked. > > I have been known to bark up the wrong tree, but I am suspecting the problem > is something I did in OpenBSD. > > I can't figure out when asterisk works with just booted. > That imply that the sip packets are reaching asterisk at the beginning. > Why do sip packets not get to astrerisk after the first registration times > out. > > I might be suspicious of the phones, but there are 9 of them (Polycom 550), > and I don't believe that all of them could fail at the same time and same way. > > Any help of suggestions would be appreciated Thanks
