[Serusers] Re: [Serdev] ENUM issues - req. for discussion
Andrei Pelinescu-Onciul
andrei at iptel.org
Tue Jun 7 16:27:36 CEST 2005
On Jun 07, 2005 at 13:43, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> Hi all!
>
> Some time of using ser with ENUM revealed several problems which I would
> like to dicuss with you. Be aware - this email is long!
>
> ENUM is a wonderful thing for call routing nevertheless, as it is DNS
> based there are some important things an ENUM aware application has to
> consider:
> 1. You never know how long the lookup takes
> 2. You never know if the lookup will fail or succeed
> 3. If the lookup was successful, you never may trust the result
>
> I will explain this points in detail know:
>
> 1+2:
> Using enum, the application is giving control to the DNS resolver of the
> OS and the DNS infrastructure. Thus, the ser thread which performs the
> ENUM lookup will be blocked until there is a result from the system's
> DNS resolver.
>
> If DNS is slow, or misconfigured (e.g. a zone is delegated to a
> nameserver which is down), the thread will be blocked for several
> seconds. E.g. if you use debian woody and 2 nameservers in
> /etc/resolv.conf, the timeout is 20 seconds. If you are lucky, the OS
> allows configuration of the DNS timeouts. Nevertheless, you have to
> consider that a ser thread will be blocked up to 20 seconds. This has
> impacts on your configuration:
This could be fixed by limiting the ammount of time that a dns lookup
can take in ser (e.g. a new config parameter).
Right now the best practice is to use a caching dns server/proxy, that
will cache also negative replies.
[...]
>
> 3:
> If the ENUM lookup succeeds, you never may trust the result. It may be a
> invalid SIP URI, or a tel: URI, or anything else a user puts into its
> NAPTRs. This may result in a failed transaction, or like revealed at the
> ENUM plugtest in failed accounting. Even worse, maybe it is possible to
> complete crash ser using realy bad formated URIs?
No, it shouldn't be able to crash ser. ser survives bad uris.
>
> Thus you can't avoid doing some URI checks against the URI received from
> the ENUM lookup. Perfomance issues are no valid arguements! Once I give
> control to external services (DNS, radius, exec), the perfomance
> penalties due to parsing the SIP URI are much more less than due to the
> ENUM lookup.
What kind of checks? Run parse_uri and if fails return an error?
This will happen any way at the first forward attempt that takes uri
into account (the forward will fail).
>
> In case of ser, I would do the URI parsing in the ENUM module, or maybe
> generate a dedicated function/module for checking SIP URIs inside the
> routing logic. Thus, I can also check the result of exec calls.
This could be easily done, but as I said above, if the uri is bad
forwarding will fail anyway.
Andrei
More information about the sr-users
mailing list