OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • DNS with FRITZ!Box fails for Telekom SIP
« previous next »
  • Print
Pages: [1]

Author Topic: DNS with FRITZ!Box fails for Telekom SIP  (Read 1039 times)

crbble

  • Newbie
  • *
  • Posts: 12
  • Karma: 0
    • View Profile
DNS with FRITZ!Box fails for Telekom SIP
« on: March 29, 2022, 04:57:47 pm »
/Edit: Sorry for the preliminary post. Apparently this is FRITZ!Box specific. There are two DNS server settings, one where the internet is configured and one where the ipv4 network is configured. Setting the ipv4 DNS Server to the OPNSense (default setting is the FRITZ!Box itself) solves the problem with different TTLs for the same DNS request.

Hi,

I am running OPNSense on a Sophos box:

Internet -> OPNSense -> FRITZ!Box -> Local Network

The DNS Configuration is:

- "Local Network" uses FRITZ!Box
- FRITZ!Box uses Unbound on OPNSense
- OPNSense uses Provider DNS

Currently most things work as expected, even ipv6 on the local network.  :)

The FRITZ!Box also acts as DECT gateway for SIP telephony. From time to time the SIP connection breaks with "403 Forbidden" and from my impression this is a DNS problem. When I query the FRITZ!Box and OPNSense (which both should use OPNSense as source) I get the following replies:

Code: [Select]
$ dig _sip._udp.tel.t-online.de SRV @opnsense
[...]
;; ANSWER SECTION:
_sip._udp.tel.t-online.de. 2529 IN      SRV     20 0 5060 d-epp-110.edns.t-ipnet.de.
_sip._udp.tel.t-online.de. 2529 IN      SRV     30 0 5060 h2-epp-110.edns.t-ipnet.de.
_sip._udp.tel.t-online.de. 2529 IN      SRV     10 0 5060 k-epp-100.edns.t-ipnet.de.
[...]
$ dig _sip._udp.tel.t-online.de SRV @fritz.box
[...]
;; ANSWER SECTION:
_sip._udp.tel.t-online.de. 308  IN      SRV     20 0 5060 d-epp-110.edns.t-ipnet.de.
_sip._udp.tel.t-online.de. 308  IN      SRV     10 0 5060 h-epp-110.edns.t-ipnet.de.
_sip._udp.tel.t-online.de. 308  IN      SRV     30 0 5060 h2-epp-110.edns.t-ipnet.de.
[...]
The replies are different in this case.

Apparently (and from some information on the internet) Telekom is doing load balancing with DNS for their SIP telephony service. Any ideas why I end up with different replies although the FRITZ!Box should cascade the DNS request to the OPNSense box? Is this simply caching behavior on the FRITZ!Box? Can I change the DNS reply in unbound to modify the TTL that is given to the FRITZ!Box?

Thanks for hints,
Robert
« Last Edit: March 29, 2022, 05:28:17 pm by crbble »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • DNS with FRITZ!Box fails for Telekom SIP
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2