Hi Bogdan, I am not using any nat test functions, at least at the part of the script that handles INVITEs. I am using allow_trusted() in caching mode. But if allow_trusted was doing the DNS query then I should also see it after the first INVITE and before the "407 Proxy Auth Reqd". I am also using lcr module. So, is it possible that load_gws() or next_gw() is responsible for the DNS query?
Regards, George > -----Original Message----- > From: Bogdan-Andrei Iancu [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 14, 2006 7:14 PM > To: Papadopoulos Georgios > Cc: [email protected] > Subject: Re: [Users] DNS queries and TLS > > Hi George, > > > TLS = Thread Local Storage > > > > Papadopoulos Georgios wrote: > > > Hello, > > > > I am having some performance issues with Openser and I tend > to believe > > they are related with DNS. So I am trying to figure out > when and why > > Openser is doing DNS queries. Doing ngrep on port 53 I > realized that > > right before sending out the "100 trying -- your call is > important to > > us" message, Openser is doing a reverse DNS lookup for the IP where > > the INVITE came from. So the sequence is something like: > > client Openser DNS > > |---INVITE------------------------>| > > |<---407 Proxy Auth Reqd---| > > |---ACK--------------------------->| > > |---INVITE------------------------>| > > |---client IP?-------->| > > > |<-------------------------| > > |<--------------------100 trying---| > > > > > > I am using Openser-1.1.0-notls and in my script I have dns=no > > rev_dns=no So first question is whether this DNS query is necessary > > and how I could avoid it. > > the configuration options are ok (as time you do not use the > command line -r or -R). I would say the rev dns query is not > triggered by the > t_relay() (actually the params control what DNS queries > should be done when testing the "received" VIA param) - I > have tested and I see no query before 100 trying, so it should be ok. > > maybe you are using some nat test functions (like > client_nat_test) or any other script functions that mask a > dns query...can you check on this? > > > > > What is furthermore confusing is that I have a test system with the > > same Openser version and same script, where this DNS query is not > > happening. Looking into the production system I found the following: > > ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser > > linux-gate.so.1 => (0xffffe000) > > libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000) > > libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000) > > libc.so.6 => /lib/tls/libc.so.6 (0x55587000) > > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 > (0x55555000) whereas > > the test system shows: > > sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser > > libdl.so.2 => /lib/libdl.so.2 (0x7002c000) > > libresolv.so.2 => /lib/libresolv.so.2 (0x70040000) > > libc.so.6 => /lib/libc.so.6 (0x70064000) > > /lib/ld-linux.so.2 (0x70000000) So the two systems link to > > different libresolv.so libraries. Is the tls/libresolve.so that is > > responsible for the DNS query? Given that in both cases I > am using the > > notls version of Openser 1.1, why is there a difference between the > > two? > > the "tls" frm /lib/tls comes from "Thread Local Storage" and > there are libraries implementations for thread env. It has > nothing to do with TLS (Transport Layer Security) > > regards, > bogdan > > > > > thank you for any help > > > > George > > > > > > > > Disclaimer > > > > The information in this e-mail and any attachments is > confidential. It > > is intended solely for the attention and use of the named > > addressee(s). If you are not the intended recipient, or person > > responsible for delivering this information to the intended > recipient, > > please notify the sender immediately. Unless you are the intended > > recipient or his/her representative you are not authorized to, and > > must not, read, copy, distribute, use or retain this message or any > > part of it. E-mail transmission cannot be guaranteed to be > secure or > > error-free as information could be intercepted, corrupted, lost, > > destroyed, arrive late or incomplete, or contain viruses. > > > >------------------------------------------------------------- > ---------- > >- > > > >_______________________________________________ > >Users mailing list > >[email protected] > >http://openser.org/cgi-bin/mailman/listinfo/users > > > > > > _______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
