[asterisk-users] Change by Deutsche Telekom end of februar. Can someone help me?

Michael Maier m1278468 at mailbox.org
Tue Feb 16 12:56:58 CST 2021


Hi Luca,

On 15.02.21 at 21:48 Luca Bertoncello wrote:
> Am 15.02.2021 um 21:40 schrieb Michael Maier:
> 
> Hi Michael,
> 
>> They're switching to DNS NAPTR / SRV[1]. If you are using Asterisk /
>> pjsip and hostnames (tel.t-online.de e.g. for the AllIP service), you
> 
> Mmm... I'm using tel.t-online.de, but I'm not sure I'm using pjsip...
> 
> module show say me:
> 
> res_pjsip.so                   Basic SIP resource
> 46         Running              core
> 
> Do I use pjsip?

pjsip show registrations

> You mean, I have to create a "fake" Zone tel.t-online.de in my Bind with
> these settings? Looks like dangerous, if they changes something...

If you do that statically -> yes, you're right. You have to do it
dynamically. I attached a script, which can be used to dynamically build
a rpz each 15 minutes e.g. It directly asks the telekom nameserver for
naptr and srv entries. It looks like this:

server 192.168.62.13
zone rpz-tonline
update delete tel.t-online.de.rpz-tonline.
update delete _sips._tcp.tel.t-online.de.rpz-tonline.
update delete _sip._tcp.tel.t-online.de.rpz-tonline.
update add tel.t-online.de.rpz-tonline. 60      NAPTR   10 0 "s"
"SIPS+D2T" "" _sips._tcp.tel.t-online.de.
update add tel.t-online.de.rpz-tonline. 60      NAPTR   30 0 "s"
"SIP+D2T" "" _sip._tcp.tel.t-online.de.
update add _sips._tcp.tel.t-online.de.rpz-tonline.      60 SRV  10 0
5061 s-eps-110.edns.t-ipnet.de.
update add _sip._tcp.tel.t-online.de.rpz-tonline.       60 SRV  10 0
5060 s-epp-110.edns.t-ipnet.de.
send

You have to configure bind to use the rpz for all lookup calls resolving
*.tel.t-online.de. I assume that the individual t-ipnet.de entries are
"statically" and therefore resolved directly (w/o rpz). But this could
be added to the script, too (would be a new rpz).

At the moment, I'm using only one DNS server for digging the NAPTR and
SRV entries - this could be enhanced to use 2 servers if the first
fails. If the first fails, the script currently stops and does nothing.
I assume, that the DNS server is stable.

The script unregisters and registers the telekom trunks, if a change is
detected. This is done as long as there is no call active. This works
for me - but may not wort for others - feel free to change the code.
Independently you have to add your own trunk names to get it working
(telekomPJSIP-a, ...).

You can verify if it's working by checking for entries like this in
journalctl:
Feb 16 19:35:46 myfw named[1516]: client @0x7ff574027bd0
192.168.62.13#25869 (tel.t-online.de): rpz QNAME NODATA rewrite
tel.t-online.de via tel.t-online.de.rpz-tonline
They are appearing at the moment asterisk starts a lookup.


Hope this helps!


Thanks
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check-t-online.pl
Type: application/x-perl
Size: 5021 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20210216/668328fd/attachment.bin>


More information about the asterisk-users mailing list