No - you always have to provide the correct and recommended addresses in FreePBX configuration (don’t use those final names - those like h2-epp-110.edns.t-ipnet.de e.g. won’t work) - but you have to take care, that asterisk doesn’t get more than one server from the DNS lookup - that’s why you need the RPZ zone in bind. It’s to workaround the problem, that asterisk can’t handle the fact, that all subsequent requests must go to the destination you are registered to - even if there are more than one servers returned by the original DNS answer. Goal of the RPZ zone is to hide 2 of the 3 servers presented by Telekom to Asterisk.
Configuration has to be done like this. It’s working perfectly!
You may test running w/o the RPZ workaround. It most probably will work most of the time - mainly if you are registering just one number. As soon as I’m registering more than one number, I’m sometimes facing the problem, that the second or third registration fails (at the first try on startup - it times out - I think there are some security rules active on Telekom side preventing DOS attacks - maybe they prefer to see each number on a different server?) and therefore asterisk uses the second server (which proceeds). If you’re doing later on an outbound call using this trunk, asterisk will use the primary server of the list again - which will horribly fail, because the first server doesn’t know you … .
Edit:
How to implement and test the basic configuration?
At first forget about RPZ and DNS. Just configure it as described here - don’t use UDP as SIP protocol! Use TCP! After the first start of asterisk check the registration like this:
asterisk -x "pjsip show registrations"
If you can see, that your trunks to Telekom are registered, check, if they are all using the same destination:
netstat -tpn | grep asterisk | grep 217.0
This assumes, that your asterisk process runs as user asterisk. Grep for another user if your asterisk process uses another user!
All destination servers listed here must be the same. It must be the first server (on base of priority - lowest number is highest priority) of the list you get by
dig +noall +answer _sips._tcp.tel.t-online.de SRV
_sips._tcp.tel.t-online.de. 3600 IN SRV 20 0 5061 b-eps-110.edns.t-ipnet.de.
_sips._tcp.tel.t-online.de. 3600 IN SRV 30 0 5061 h2-eps-110.edns.t-ipnet.de.
_sips._tcp.tel.t-online.de. 3600 IN SRV 10 0 5061 d-eps-110.edns.t-ipnet.de.
Based on this example (it’s using TLS, which should be default nowadays), all open connects must go to this server: d-eps-110.edns.t-ipnet.de (because it has the highest priority 10 (lowest value!))
At this point, placing calls or receiving calls should work most of the time w/o any problem. If you are facing any problems here, you have another problem with your configuration or routing.
EDIT 2:
Another way instead of using a bind RPZ to reduce the server list to one server, could probably be to map all the servers you get by the above dig to the same IP address of of one of the servers in the list in /etc/hosts - but I didn’t test it - don’t know, if it really works. If you’re doing this dynamically, this would be a “solution”, too.