SRV for domain name - cannot connect remote devices


(Maxyca) #1

Hello all!
I use PJSIP and I have created 2 SRV for my domain name like this:
_sip._tls.my-domain.com. priority = 0; priority = 0; weight = 5; port = 7770
_sip._tcp.my-domain.com. priority = 0; weight = 5; port = 443

However, unfortunately, remote devices doesn’t connect to Asterisk. I also use a non-standard port for PJSIP.

What am I doing wrong?


#2

If you have enabled srvlookup in asterisk, you would normally need your nameserver to actually point the SRV destination to a URL


(Maxyca) #3

But what exactly do I need to do?


#4

http://www.asteriskdocs.org/en/3rd_Edition/asterisk-book-html-chunk/asterisk-ICR-SECT-1.html#components_sipsrv


(Maxyca) #5


I have created 2 SRV records but unfortunatelly it doesn’t work :frowning: It looks right.


(Aaron) #6

443 really? That doesnt conflict with anything? Firewalls dont see a problem with that? Does your device support srv? Is it enabled on the devices?


(Maxyca) #7

I use 7770 for SIP TLS. I’m not sure that I need to have 2 records.


(Tom Ray) #8

Then why is the TLS entry using port 443 and the TCP using the 7770? You’ve got that wrong already then. As well is the PBX at domain.com or mypbx.domain.com? Because if it is the latter, the SRV records are wrong.

The SRV should be more like _sip._tls.mypbx.domain.com


(Maxyca) #9


Thanks but unfortunatelly it doesn’t work… I have edited 2 records, stay just this one. Am I right?


#10

Are your phones actually configured to use tls SIP service using SRV lookups? please show us how they look.


(Maxyca) #11

I use Zoiper sip client software to connect. There is no specific SRV setting, just host address, port number and encryption (srtp and zrtp).


#13

When you say host address, do you mean IP address or the base URL that is serving via SRV records the subdomain that is serving SIP

Either way, sngrep should reveal what is going on.


#14

The correct SRV record format for SIP over TLS is _sips._tcp.example.com. not _sip._tls.example.com.


(Aaron) #15

_sip._tls.example.com works fine for me.


(Maxyca) #16

ok, yesterday I have added follow record:


but unfortunatelly it doesn’t work
Today I have changed the record to:

By the way I have an A record for domain name:
sip2

In SIP remote client (in Zoiper) I entered: mypbx.domain.com:7770 but I would like to enter just: mypbx.domain.com without port number.


#17

No, I don’t think it does, unless you’re using Skype for Business, which uses that particular SRV record.


#18

I’d say you need to take an hour and read through RFC 3263 which describes how SRV for SIP works.

If you put the port number after a name, then you are bypassing SRV and telling your client to look up the A or AAAA record and connect to the host on that port.

If you just put the name (without port), your client will possibly first look up the NAPTR record for the domain, to see which transport is preferred. Then it will do an SRV lookup to find the hosts and ports corresponding to the preferred transport. Then it will get the IP address and make the connection.

From where your phones are, make sure you can look up the SRV. Use nslookup or dig. Example:

$ dig _sip._tcp.iptel.org. srv

; <<>> DiG 9.10.6 <<>> _sip._tcp.iptel.org. srv
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8175
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_sip._tcp.iptel.org.		IN	SRV

;; ANSWER SECTION:
_sip._tcp.iptel.org.	577	IN	SRV	0 100 5060 sip.iptel.org.

You can see I got a record back for iptel.org telling me for a TCP connection, connect to port 5060 on sip.iptel.org. Check yours (_sips._tcp.whateveryourdomain.com.).


(Aaron) #19

I only use SRV for Bria Background Push Server Notification Registration for iphone/android. Unless we put an SRV record in they continue to send on 5060. So _sip._tls.example.com has been working. I’ve never used SIPS. Maybe Bria uses the same type of wierd record lookup that microsoft does then.


(system) closed #20

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.