User Tools

Site Tools


tutorials:dns:dnssec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
tutorials:dns:dnssec [2013/04/21 14:08]
miconda [Database Setup]
tutorials:dns:dnssec [2013/04/22 23:24]
miconda [Add DNSSEC Module]
Line 1: Line 1:
 ====== Kamailio with DNSEC ====== ====== Kamailio with DNSEC ======
  
-The **dnssec** module was added during the development of v4.1.0 (expected to be released later in 2013). Therefore this tutorial presents how to add DNSSEC module in the default configuration file of Kamailio, following GIT installation guidelines.+The **dnssec** module in Kamailio was added during the development of v4.1.0 (expected to be released later in 2013). Therefore this tutorial presents how to add DNSSEC module in the default configuration file of Kamailio, following GIT installation guidelines.
  
 In short, this tutorial focuses on: In short, this tutorial focuses on:
Line 8: Line 8:
   * add DNSSEC support to configuration file   * add DNSSEC support to configuration file
  
-Note: Ubuntu 12.04 was chosen because dnssec tools devel library are provided for this distribution.+**Note:** the DNSSEC module is several days old at the time of writing initial version of this tutorial. For any assistance, email to **<sr-users [at] sip-router.org>** -- it is a public mailing list that requires subscription, see more details at: 
 + 
 +  * http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users 
 + 
 +**Note:** Ubuntu 12.04 was chosen because dnssec tools devel library are provided for this distribution, making the installation of the required dependencies much easier. There are packages for other Linux distribution (e.g., Fedora), most of the steps provided in this tutorial being valid (the rest have to updated for the specifics of the distribution, e.g., how to install packages, create system users or init.d scripts).
 ===== About DNSSEC ===== ===== About DNSSEC =====
  
Line 29: Line 33:
 ==== DNSSEC Tools Devel Libraries Installation ==== ==== DNSSEC Tools Devel Libraries Installation ====
  
-You need these libraries to compile Kamailio's DNSSEC module. You can download the libraries from:+You need DNSSEC tools devel libraries to compile Kamailio's DNSSEC module. You can download the libraries from:
  
   * http://dnssec-tools.org/download/#gotoBinaries   * http://dnssec-tools.org/download/#gotoBinaries
Line 38: Line 42:
 dns-validator_2.0-1_i386.deb dns-validator_2.0-1_i386.deb
 libval-threads_2.0-1_i386.deb libval-threads_2.0-1_i386.deb
-libsres_2.0-1_i386.deb 
 libval-threads-dev_2.0-1_i386.deb libval-threads-dev_2.0-1_i386.deb
 +libsres_2.0-1_i386.deb
 libsres-dev_2.0-1_i386.deb libsres-dev_2.0-1_i386.deb
 </code> </code>
Line 171: Line 175:
 **__Do change the passwords for these two users to something different that the default values that come with sources.__** **__Do change the passwords for these two users to something different that the default values that come with sources.__**
  
-===== Update Kamailio Configuration File =====+==== Adding SIP Users ==== 
 + 
 +Kamctl can be used for adding users, for example adding user **test** with password **testpasswd**: 
 + 
 +<code> 
 +kamctl add test testpasswd 
 +</code> 
 + 
 +==== Init.d Script ==== 
 + 
 +The init.d script can be used to start/stop the Kamailio server in a nicer way. A sample of init.d script for Kamailio is provided at: 
 + 
 +<code> 
 +  /usr/local/src/kamailio-devel/kamailio/pkg/kamailio/deb/debian/kamailio.init 
 +</code> 
 + 
 +The default file for init.d script is provided at: 
 + 
 + 
 +<code> 
 +  /usr/local/src/kamailio-devel/kamailio/pkg/kamailio/debian/kamailio.default 
 +</code> 
 + 
 +Run next command to deploy the init.d scripts: 
 + 
 +<code> 
 +  make install-initd-debian 
 +</code> 
 + 
 +It will create also user and group **kamailio**, plus runtime directory **/var/run/kamailio**. 
 + 
 +Now Kamailio can be started or stopped with: 
 + 
 +<code> 
 +  /etc/init.d/kamailio start 
 +  /etc/init.d/kamailio stop 
 +</code> 
 + 
 + 
 +===== Update Kamailio Config File =====
  
 Next step is to enable user authentication, persistent location service and add dnssec module. You have to edit the configuration file. Next step is to enable user authentication, persistent location service and add dnssec module. You have to edit the configuration file.
Line 179: Line 222:
 </code> </code>
  
-Follow the instruction in the comments to enable usage of MySQL. Basically you have to add several lines at the top of config file, like:+Follow the instruction in the comments to enable usage of MySQL. Basically you have to add several lines at the top of config file (but after the first line), like:
  
 <code> <code>
Line 189: Line 232:
 If you changed the password for the 'kamailio' user of MySQL, you have to update the value for **DBURL** define. If you changed the password for the 'kamailio' user of MySQL, you have to update the value for **DBURL** define.
  
 +==== Add DNSSEC Module ====
 +
 +The README of DNSSEC module is available at:
 +
 +  * http://kamailio.org/docs/modules/devel/modules/dnssec.html
 +
 +You have to load dnssec module in kamailio.cfg:
 +
 +<code>
 +loadmodule "dnssec.so"
 +</code>
 +
 +Add the above line somewhere before the first line starting with **modparam**.
 +
 +The module does not require any parameter, you are ready to use the configuration file now.
 +
 +Start Kamailio with:
 +
 +<code>
 +/etc/init.d/kamailio start
 +</code>
 +
 +===== DNS Server DNSSEC Enabled =====
 +
 +This tutorial does not include yet (left for future updates) how to setup a DNSSEC-enabled DNS server, there are many useful resources on the web. Among them:
 +
 +  * http://www.howtoforge.com/configuring-dnssec-on-bind9-9.7.3-on-debian-squeeze-ubuntu-11.10
 +  * http://wiki.wsartori.com/wiki/The_Perfect_BIND_DNS_Server_DNSSEC_enabled
 +===== Testing =====
 +
 +One way to test is to setup two instances of Kamailio, one serving domainA.com and the second domainB.com.
 +
 +Then alice@domainA.com can call bob@domainB.com. Kamailio instance serving domainA.com will do DNS lookup do discover the IP address of domainB.com
  
 +===== Remarks =====
  
 +  * setup of a DNS server with DNSSEC support is left for future updates of this tutorial
 +  * the DNSSEC module overwrites the API in the core for doing DNS queries, therefore is nothing else required to do apart of loading the module
 +  * Kamailio will do a DNS query each time it has to forward a SIP request based on hostname
tutorials/dns/dnssec.txt · Last modified: 2013/04/25 12:49 by mariuszbihlei