On Wed, Oct 13, 2010 at 10:17 PM, R P Herrold <[email protected]> wrote:
> On Wed, 13 Oct 2010, Tony Graziano wrote: > > > Yes. You need DNS SRV records. > > > > _sip._udp.SIPDOMAIN.TLD. IN SRV 1 0 5060 hostname.SIPDOMAIN.TLD. > > _sip._tcp.SIPDOMAIN.TLD. IN SRV 1 0 5060 hostname.SIPDOMAIN.TLD. > > > > As a minimum for sip. These need to be hosted at the domain > > name server for your primary domain name (as a minimum). > > I guess the question becomes -- What unit is a 'consumer' of > those SRV records? On the chart at: > > http://www.myitdepartment.net/support/sipx_bridge_pfsense_bandwidth-dot-com.pdf > > The unit can be: A pure sip based call to your sip uri: [email protected] If the dns server for the domain is hosted at provider xyz, the PUBLIC queries will go there. The DNS does not normally go to the sipx system, it goes to the authoritive public dns server for the domain. Like an email, the lookup is done and the MX record9s) tell the remote mail server where to send the message.SRV records are similar, but not used exclusively for a single service (like MX records). They are also used by UA (remote users) that are not VPN or internally connected in that they make a DSN query on the domain to find out where their SIP server is, the port it runs on, etc. However, if the phone is a hardphone and it stays powered up it may be weeks at a time (when it reboots) before it makes another query. I had understood that the sipXecs unit behind the firewall > (upper right corner) was reaching out to, and transferring > non-local content in and out across a 'trunk' to a > counterparty sipXecs ISP (lower right corner) > > The sipXecs ISP (lower right corner) is out in fully routable > space, and in in turn is connection and authentication to [in > this example] bandwidth.com (center lower cloud). Why do we > care where the unit behind the fireswall is, as it will never > receive direct content, as I understand the setup > > [I may be wholly wrong here, and some unit other than the > sipXecs ISP may be initiating connections ... ] > It's an example of how one might put a server behind a firewall. I did that BECAUSE a lot of people who were new were putting their sip servers out in the wild with no firewall in front or running on the system whatsover. It was a gentle nudge. > > I ask, because we added support in our DNS management GUI for > SRV records for a customer wanting it for FreeSwitch support, > but we cannot see any queries hitting it in our domain query > logs A sanitized version of a zone file, not showing that > customer's details, is at: > http://gallery.herrold.com/pmman_srv.png > > Well, sip records don't change very often, so maybe the TTL should be 14400 (IMO) but since its not getting any queries I'm not sure it matters. I would also suggest if you install a sipx system to grab the DNS records from the zone file, because NAPTR, SRV records for XMPP and (IMO) sip tls records are not there. The DNS advisor in sipx tells plenty. > -- Russ herrold > Incidentally the wiki has a good article on split dns, which is the most commonly used approach. I have also blogged about the lack of proper DNS support at some DNS hosting companies. I'm lucky where I never run into that deficiency on my servers, but some of the lowest cost providers don't even support SRV, which is a big fat problem. > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
