DNS
Click on the red underlined text to get to the source
... 3] records. This document describes the
specific problems that SIP uses DNS to help solve, and provides a
solution.
...
... Problems DNS is Needed to Solve ...
...
DNS is needed to help solve two aspects of the general call flow
described in the Introduction. The first is for proxy ...
... TCP,
so that there is always an intersection of capabilities. Some form
of DNS procedures are needed for proxy 1 to discover the available
transport protocols ...
... SIP trapezoid
It is important to note that DNS lookups can be used multiple times
throughout the processing of a call. In general, an element that
...
... element that
wishes to send a request (called a client) may need to perform DNS
processing to determine the IP address, port ...
... caller initiates a call until the time the called party is
alerted should be no more than a few seconds. Given that there can
be multiple hops, each of which is doing DNS lookups in addition to
other potentially time-intensive operations, the amount of time
available for DNS lookups ...
... DNS lookups in addition to
other potentially time-intensive operations, the amount of time
available for DNS lookups at each hop is limited.
Scalability ...
... proxy 1, which is no longer available. The second aspect of the
flow in the introduction for which DNS is needed, is for proxy 2 to
identify a backup for proxy ...
... URI (i.e., the URI is not rewritten with the
result of the DNS lookup), they only result in an IP address, port
...
... provides guidelines on determining which URI needs to be resolved in
DNS to determine the host that the request needs to be sent to. In
some cases, also documented in [1 ...
... problem boils down to resolution of a SIP or SIPS URI in DNS to
determine the IP address, port ...
... A record with a "SIPS+D2U"
service field SHOULD NOT be placed into the DNS, since it is not
possible to use TLS over UDP ...
... certificate.
Otherwise, an attacker could modify the DNS records to contain
replacement values in a different domain, and the client ...
... cookie session getting routed to different
servers based on DNS randomization. There, such distribution is not
a problem. Farms of servers generally have common back-end data
...
... stateless proxy receives the request, it performs the appropriate
DNS queries as described above. However, the procedures of RFC 2782prop
are not guaranteed to be deterministic. This is because records that
...
... retransmissions to different servers, even if it follows the
recommendations above. This can happen if the DNS TTLs expire in the
middle of a transaction ...
... TLS. An attacker cannot force a bid
down through deletion or modification of DNS records. In the worst
case, they can prevent communication from occurring by deleting all
records. A sips URI ...
... trust that they implement the protocol
properly in order for security to be provided. Falsifying DNS
records can be done by tampering with wire traffic (in the absence of
DNSSEC ...
... Valid Databases: The key resulting from the first well known rule
is looked up in a single database, the DNS [8].
...
... Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR for Specifying the Location of Services (DNS SRV ...
... Mealling, M. and R. Daniel, "The Naming Authority Pointer (NAPTR) DNS Resource Record", RFC 2915(-> 3404prop | 3403prop | 3402prop | 3401), September 2000. ...
... Mealling, M., "Dynamic Delegation Discovery System (DDDS) Part Three: The DNS Database", Work in Progress. ...