[Users] DNS queries and TLS

Bogdan-Andrei Iancu bogdan at voice-system.ro
Thu Dec 14 18:14:26 CET 2006


Hi George,


TLS = Thread Local Storage



Papadopoulos Georgios wrote:

> Hello,
>  
> I am having some performance issues with Openser and I tend to believe 
> they are related with DNS. So I am trying to figure out when and why 
> Openser is doing DNS queries. Doing ngrep on port 53 I realized that 
> right before sending out the "100 trying -- your call is important to 
> us" message, Openser is doing a reverse DNS lookup for the IP where 
> the INVITE came from. So the sequence is something like:
> client                            Openser                   DNS
>    |---INVITE------------------------>|
>    |<---407 Proxy Auth Reqd---|
>    |---ACK--------------------------->|
>    |---INVITE------------------------>|
>                                            |---client IP?-------->|
>                                            |<-------------------------|
>    |<--------------------100 trying---|
>  
>  
> I am using Openser-1.1.0-notls and in my script I have
> dns=no
> rev_dns=no
> So first question is whether this DNS query is necessary and how I 
> could avoid it.

the configuration options are ok (as time you do not use the command 
line -r or -R). I would say the rev dns query is not triggered by the 
t_relay() (actually the params control what DNS queries should be done 
when testing the "received" VIA param) - I have tested and I see no 
query before 100 trying, so it should be ok.

maybe you are using some nat test functions (like client_nat_test) or 
any other script functions that mask a dns query...can you check on this?

>  
> What is furthermore confusing is that I have a test system with the 
> same Openser version and same script, where this DNS query is not 
> happening. Looking into the production system I found the following:
> ser2:/usr/local/openser-1.1.0-notls/sbin# ldd openser
>         linux-gate.so.1 =>  (0xffffe000)
>         libdl.so.2 => /lib/tls/libdl.so.2 (0x55571000)
>         libresolv.so.2 => /lib/tls/libresolv.so.2 (0x55574000)
>         libc.so.6 => /lib/tls/libc.so.6 (0x55587000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x55555000)
> whereas the test system shows:
> sertest:/usr/local/openser-1.1.0-notls/sbin# ldd openser
>         libdl.so.2 => /lib/libdl.so.2 (0x7002c000)
>         libresolv.so.2 => /lib/libresolv.so.2 (0x70040000)
>         libc.so.6 => /lib/libc.so.6 (0x70064000)
>         /lib/ld-linux.so.2 (0x70000000)
> So the two systems link to different libresolv.so libraries. Is the 
> tls/libresolve.so that is responsible for the DNS query? Given that in 
> both cases I am using the notls version of Openser 1.1, why is there a 
> difference between the two?

the "tls" frm /lib/tls comes from "Thread Local Storage" and there are 
libraries implementations for thread env. It has nothing to do with TLS 
(Transport Layer Security)

regards,
bogdan

>  
> thank you for any help
>  
> George
>  
>
>
>   Disclaimer
>
> The information in this e-mail and any attachments is confidential. It 
> is intended solely for the attention and use of the named 
> addressee(s). If you are not the intended recipient, or person 
> responsible for delivering this information to the intended recipient, 
> please notify the sender immediately. Unless you are the intended 
> recipient or his/her representative you are not authorized to, and 
> must not, read, copy, distribute, use or retain this message or any 
> part of it. E-mail transmission cannot be guaranteed to be secure or 
> error-free as information could be intercepted, corrupted, lost, 
> destroyed, arrive late or incomplete, or contain viruses.
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Users mailing list
>Users at openser.org
>http://openser.org/cgi-bin/mailman/listinfo/users
>  
>





More information about the sr-users mailing list