[SR-Users] how can I use WITH_IPAUTH when the IP may be stored in the DB as a FQDN?

Wed Mar 11 19:13:38 CET 2015

After further investigation I am considering the ipops module 
dns_query() command.
http://kamailio.org/docs/modules/4.3.x/modules/ipops.html

It needs to be fast to prevent a bottleneck so I have a few things I 
need to verify.

Will it save to/check internal DNS resolver cache first and if so how 
many dns_querys can this handle before it starts to affect performance 
or use excessive amounts of memory etc?

If not what can I use that uses the DNS resolver cache?

For what I am doing it would need to scale to many hundreds of DNS 
Authenticated SIP trunks.  So perhaps hundreds of querys/sec I suppose.  
Perhaps many thousands of SIP extensions using those trunks but not 
directly using DNS authentication themselves.

On 3/9/2015 4:27 AM, Daniel-Constantin Mierla wrote:
> Hello,
>
>
> On 08/03/15 21:38, canuck15 wrote:
>> Here is is the relevant section of kamailio.cfg
>>
>> $var(tempfU) = $fU;
>> #!ifdef WITH_IPAUTH
>>      if((!is_method("REGISTER")) && allow_source_address() && $au == "")
>>      {
>>          # Loading $fU from database using IP
>>
>>          sql_pvquery("elxpbx", "SELECT name FROM sip WHERE host = '$si'
>> AND sippasswd IS NULL", "$var(tempfU)");
>>
>>          # source IP allowed
>>          return;
>>      }
>>
>> The problem is that when host= somefqdn.com the above will fail since
>> $si will always be an IP address as far as I can tell.  More often
>> than not host= is a fqdn and requiring it to always be an IP address
>> is not an option.  Converting it to IP before storing it in the DB is
>> also not an option because it needs to be able to work of the IP
>> address changes.
>>
>> So how can the above be done to accomodate the possibility that host=
>> somefqdn.com or an IP address.  Preferably in such a way that it can
>> scale to hundreds/thousands of rows in the database without slowing
>> things down or crashing.
> as first remark, note that permissions module can work with hostanmes in
> the address table.
>
> On the other hand, having what you want might not work. If you want to
> test if a request comes from xyz.com, doing a dns query on xyz.com can
> return a different IP than what was used for sending. If xyz.com has
> many IP addresses associated with and they do load balancing, they are
> usually returning just a subset of their IP addresses, not all of them.
>
> In this case, the best is to discover the subnet addresses used by
> xyz.com and store them in the address table, then use permissions in the
> config.
>
> Otherwise, you can try by doing a query and extract all hostnames from
> the database with sqlops and then loop through them and test with the
> functions from ipops module. You must have a fast dns server in order to
> not slow down the processing in the case you have lots of hostnames.
>
> Cheers,
> Daniel
>