- use_dns_cache can be enabled/disabled runtime

[sip-router] / doc / dns.txt

# $Id$
#
# History:
# --------
# 2006-09-08  created by andrei
# 2007-06-18  added naptr & friends, dns_srv_lb, more compile options (andrei)
#

Overview

 The dns subsystem in ser can either directly use libresolv and a combination
  of the locally configured dns server, /etc/hosts and the local Network 
  Information Service (NIS/YP a.s.o) or cache the query results (both positive
  and negative) and look first in its internal cache.
 When its internal dns cache is enabled, ser can also use dns failover: if
  one destination resolves to multiple addresses ser can try all of them until
  it finds one to which it can successfully send the packet or it exhausts all 
  of them. ser (tm to be more precise) uses the dns failover also when the
  destination host doesn't send any reply to a forwarded invite within the
  sip timeout interval (whose value can be configured using the tm fr_timer
   parameter).
 When SRV based load balancing is enabled ser can even do DNS based load 
 balancing (see RFC2782 and the dns_srv_lb option below).


DNS Cache and Failover Drawbacks

 Using the dns cache and the dns failover has also some drawbacks: 

  1. only the locally configured dns server (usually in /etc/resolv.conf) is
  used for the requests (/etc/hosts and the local Network Information Service
  are ignored). 
     Workaround: disable the dns cache (use_dns_cache=off or
  compile without -DUSE_DNS_CACHE).

  2. the dns cache uses extra memory
      Workaround: disable the dns cache.

  3. the dns failover introduces a very small performance penalty 
     Workaround: disable the dns failover (use_dns_failover=off).

  4. the dns failover increases the memory usage (the internal structures
  used to represent the transaction are bigger when the dns failover support is
  compiled).
     Workaround: compile without dns failover support (-DUSE_DNS_FAILOVER).
  Turning it off from the config file is not enough in this case (the extra
   memory will still be used).
 
 On the other hand using the dns cache saves lots of DNS queries and makes
 DNS based failover and DNS based load balancing possible. If the destination
 blacklist is enabled, ser can do failover even if forwarding in stateless 
 mode.
 In the ideal case with dns cache enabled ser will do only one query for
 a NAPTR (if enabled) or SRV lookup and then it will use the results for the
 record's TTL (for example if all the resulting records have 1 minute TTL,
  ser won't make another query for this domain for 1 minute). Even negative
 answers will be cached.
 Without the dns cache, each NAPTR or SRV lookup will result in at least 2 
 queries. These queries will happen every time, for each message (even if 
 all of them go to the same domain).


DNS Resolver Options

 The DNS resolver options control how ser will interact with the external
 DNS servers. These options (with the dns_try_ipv6 exception) are passed to
 libresolv and are used each time a dns request is made.
 The default values are system specific and generally depend on the
 /etc/resolv.conf content. For servers doing a lot of DNS requests it is
 highly recommended to change the default values in the ser config file
  (even if using ser's internal dns cache).

   dns_try_ipv6 = on | off - if on and ser listens on at least one ipv6 socket,
      ipv6 (AAAA) lookups will be performed if the ipv4 (A) lookups fail. 
      If off only ipv4 (A) lookups will be used.
      Default: on if ser is compiled with ipv6 support.

   dns_try_naptr = on | off - if on ser will first try a NAPTR lookup for
      destinations that don't have the protocol or port specified and 
      are not simple ip addresses (as described in RFC 3263). This will 
      introduce a slight performance penalty and will probably cause extra
      DNS lookups. For example a lookup for a non-existing domain will
      produce one extra query: NAPTR(domain), SRV(_sip._udp.domain) 
      and A/AAAA(domain).
      If the result of a query contains several NAPTR records, ser will select
      among them according to the RFC2915 and ser preference towards a
      specific protocol (see dns_udp_pref, dns_tcp_pref and dns_tls_pref 
      below). For an RFC3263 compliant configuration (choose the remote side
      preferred protocol if supported), set dns_udp_pref, dns_tcp_pref and
      dns_tls_pref to the same value (>=0), e.g. 0.
      Default: off

   dns_udp_pref = number - udp protocol preference when doing NAPTR lookups.
      This option works together with dns_tcp_pref and dns_tls_pref. If all
      this options have the same positive value and more NAPTR records are
      available, ser will select the NAPTR record preferred by the remote side
      (according to RFC2915). If the values are positive but different, ser
      will select the NAPTR record whose protocol it prefers the most
      (the protocol with the highest dns_<proto>_pref number). If there are 
      several NAPTR records with the same preferred protocol, ser will select
      among them based on their order and preference (see RFC2915).
      To completely disable selecting a specific protocol, use  a negative
      number. For example dns_tcp_pref=-1 will completely disable selection
      of tcp NAPTR records, even if this will result in the NAPTR lookup
      failure.
      Default: dns_udp_pref=3, dns_tcp_pref=2 and dns_tls_pref=1
      (prefer udp, but if no udp NAPTR record found or no SRV-resolvable 
      udp NAPTR record found use tcp records and if this fails too use tls)

   dns_tcp_pref = number  (see dns_udp_pref above)

   dns_tls_pref = number (see dns_udp_pref above)

   dns_retr_time = time - time in s before retrying a dns request.
      Default: system specific, depends also on the/etc/resolv.conf content
      (usually 5 s).

   dns_retr_no = no. - number of dns retransmissions before giving up.
      Default: see above (usually 4)

   dns_servers_no = no. - how many dns servers from the ones defined in 
      /etc/resolv.conf will be used. Default: all of them.

   dns_use_search_list= yes/no - if no, the search list in /etc/resolv.conf
      will be ignored (=> fewer lookups => gives up faster).
      Default: yes.
      HINT: even if you don't have a search list defined, setting this option
      to "no" will still be "faster", because an empty search list is in 
      fact search "" (so even if the search list is empty/missing there will
      still be 2 dns queries, eg. foo+'.' and foo+""+'.')

   dns_search_full_match = yes/no - controls the check of the name part
      which is found in the answer expanding the searched name before
      the answer is treated as correct and "link" (fake CNAME record)
      between the short name (query) and long name (answer) is created
      which is then stored in dns_cache and reused for next queries.
      If set to no - no additional check is done.
      If set to yes - the additional part is checked against the search list.

 The maximum time a dns request can take (before failing) is:
 (dns_retr_time*dns_retr_no)*(search_list_domains) If dns_try_ipv6 is yes,
 mutliply it again by 2.

 The option combination that produces the "fastest" dns resolver config
  (the "faster" in the sense that it gives up the quickest) is:

      dns_try_ipv6=no
      dns_retr_time=1
      dns_retr_no=1
      dns_servers_no=1
      dns_use_search_list=no

 The recommended dns configuration is to have a "close" dns caching recursive
 server configured in /etc/resolv.conf, set the dns resolver options in ser's
 config as in the above example and enable the dns cache (in ser).
 Pay particular attention to dns_servers_no and dns_use_search_list. It's a
 good idea to make sure you don't need / use the search list or more then one
 dns server (to avoid unnecessary extra lookups).


DNS Resolver Compile Options

   USE_NAPTR - if defined the naptr lookup support will be compiled in.
      NAPTR support still has to be enabled from ser's config file (it's
      off by default).

   RESOLVE_DBG - if defined, the resolver will be very verbose: it will log
      a lot of debugging information at L_DBG level.

   NAPTR_DBG - if defined the NAPTR related resolver functions will be very
       verbose.


DNS Cache and Failover Config Variables

   use_dns_cache = on | off - if off the dns cache won't be used (all dns
      lookups will result into a dns request).  When on all the dns request
      results will be cached.
      WARNING: when enabled /etc/hosts will be completely bypassed, all the dns
      request will go directly to the system configured (resolv.conf) dns
      server.
      Default: on.

   use_dns_failover = on |off - if on and sending a request fails (due to not
      being allowed from an onsend_route, send failure, blacklisted destination
      or, when using tm, invite timeout), and the destination resolves to
      multiple ip addresses and/or multiple SRV records, the send will be
      re-tried using the next ip/record. In tm's case a new branch will be
      created for each new send attempt.
      Default: off.
   Depends on use_dns_cache being on. If tm is used along with dns failover is
   recommended to also turn on dst_blacklist.

   dns_srv_lb = on | off or
   dns_srv_loadbalancing = on | off - if on instead of doing simple dns 
        failover (like above), ser will load balance requests to different srv
        records of the same priority based on the srv records weights (like 
        described in RFC2782). For a destination which has different priorities
        for all its srv records, this option will be equivalent with simple
        dns failover.
        Note: this option requires having dns failover enabled (see 
        use_dns_failover above).
        Default: off.

   dns_try_ipv6 = on | off - shared with the resolver (see resolver 
        description).

   dns_try_naptr = on | off - shared with the resolver (see resolver 
        description).

   dns_udp_pref =  number - shared with the resolver (see resolver 
        description).

   dns_tcp_pref =  number - shared with the resolver (see resolver 
        description).

   dns_tls_pref =  number - shared with the resolver (see resolver 
        description).

   dns_cache_flags = dns cache specific resolver flags, used for overriding
     the default behaviour (low level).
      Possible values:
         1 - ipv4 only: only DNS A requests are performed, even if ser listens
                        also on ipv6 addresses.
         2 - ipv6 only: only DNS AAAA requests are performed. Ignored if
                        dns_try_ipv6 is off or ser doesn't listen on any ipv6
                        address.
         4 - prefer ipv6: try first to resolve a host name to an ipv6 address
                          (DNS AAAA request) and only if this fails try an ipv4
                          address (DNS A request).
                          By default the ipv4 addresses are preferred.
      Default: 0

   dns_cache_negative_ttl = time to live for negative results ("not found") in
      seconds. Use 0 to disable.
      Default: 60 s.

   dns_cache_min_ttl = minimum accepted time to live for a record, in seconds.
      If a record has a lower ttl, its value will be discarded and
      dns_cache_min_ttl will be used instead.
      Default: 0

   dns_cache_max_ttl = maximum accepted time to live for a record, in seconds.
      If a record has a higher ttl, its value will be discarded and
      dns_cache_max_ttl will be used instead.
      Default: MAXINT

   dns_cache_mem = maximum memory used for the dns cache in Kb.
      Default: 500 Kb

   dns_cache_gc_interval = how often (in s) the dns cache will be garbage 
      collected.
      Default:  120 s.
      
   dns_cache_del_nonexp = yes | no or
   dns_cache_delete_nonexpired = yes | no - allow deletion of non-expired
      records from the cache when there is no more space left for new
      ones. The last-recently used entries are deleted first.
      Default: no

   dns_cache_init = on | off - if off, the dns cache is not initialized
      at startup and cannot be enabled runtime, that saves some memory.
      Default: on

DNS Cache Compile Options

   USE_DNS_CACHE - if defined the dns cache support will be compiled in 
      (default). If not needed/wanted the dns_cache can be disabled from the
      ser's config file. The only advantages for not compiling the dns cache
      support is a slight decrease of the executable size and an extremely 
      small performance increase (1 less comparison per dns request).

   USE_DNS_FAILOVER - if defined the dns failover support will be compiled in.
      (default). Compiling the dns failover support has a few disadvantages,
      see the "Drawbacks" section.

   DNS_SRV_LB  - if defined (default) support for load balancing using 
       srv records weights (as described in RFC2782) will be compiled in.
       Note however that it still must be enabled from the ser config, it's
       disabled by default (see the dns_srv_lb config option).

   USE_NAPTR  - (shared with the resolver)  if defined NAPTR support will
       be compiled in (default). Note that even if compiled, NAPTR support
       must be enabled also from the ser config (see the dns_try_naptr option).

   NAPTR_CACHE_ALL_ARS - if defined all the additional records in a NAPTR
       answer will be cached. Normally ser would cache only "related" records
       (records that are directly referred), but for answers with lots of 
        A/AAAA records it might happen that not all of the SRV records will fit
       in the AR section. In this case, without this compile option ser will 
       not cache the un-referred A/AAAA records. BY default this option is
       disabled.

   CACHE_RELEVANT_RECS_ONLY - if defined (default), records in the AR section
       of an answer will be cached only if they are "related" to the query.
       For example if the query is for a SRV record, A & AAAA records in the
       AR section will be cached only if there are SRV records pointing to 
       them. This avoids adding possible garbage to the cache.
       If this option is not defined (experimental), everything in the AR
       section will be added to the cache.

   DNS_CACHE_DEBUG - if defined the dns cache will be very verbose (it will
       log lots of messages at the L_DBG levell).
 
 Note: To remove a compile options,  edit ser's Makefile.defs and remove it 
   form DEFS list. To add a compile options add it to the make command line,
     e.g.: make proper; make all extra_defs=-DUSE_DNS_FAILOVER
   or for a permanent solution, edit Makefile.defs and add it to DEFS 
   (don't foget to prefix it with -D). Some options require editing 
   dns_cache.c or resolve.[ch] (just grep after them).