User Tools

Site Tools


tutorials:dns:dnssec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorials:dns:dnssec [2013/04/21 21:46]
miconda [Init.d Script]
tutorials:dns:dnssec [2013/04/25 12:49] (current)
mariuszbihlei
Line 1: Line 1:
-====== Kamailio with DNSEC ======+====== Kamailio with DNSSEC ======
  
 The **dnssec** module in Kamailio was added during the development of v4.1.0 (expected to be released later in 2013). Therefore this tutorial presents how to add DNSSEC module in the default configuration file of Kamailio, following GIT installation guidelines. The **dnssec** module in Kamailio was added during the development of v4.1.0 (expected to be released later in 2013). Therefore this tutorial presents how to add DNSSEC module in the default configuration file of Kamailio, following GIT installation guidelines.
Line 233: Line 233:
  
 ==== Add DNSSEC Module ==== ==== Add DNSSEC Module ====
 +
 +The README of DNSSEC module is available at:
 +
 +  * http://kamailio.org/docs/modules/devel/modules/dnssec.html
  
 You have to load dnssec module in kamailio.cfg: You have to load dnssec module in kamailio.cfg:
Line 261: Line 265:
  
 Then alice@domainA.com can call bob@domainB.com. Kamailio instance serving domainA.com will do DNS lookup do discover the IP address of domainB.com Then alice@domainA.com can call bob@domainB.com. Kamailio instance serving domainA.com will do DNS lookup do discover the IP address of domainB.com
 +
 +One easy way to test is to use a Open DNS resolver that provides Recursive DNSSEC capabilities. One of those is 8.8.8.8 ( Google Open DNS). 
 +As per the FAQ, DNSSEC support is enabled (https://developers.google.com/speed/public-dns/faq#dnssec)
 +
 +Edit /etc/resolv.conf and modify your nameserver definition to have 'nameserver 8.8.8.8'.
 +
 +Launch Kamailio with DNSSEC module enabled and try to send a SIP package to the domain www.dnssec-failed.org. DNS resolving for this domain should fail, as it is a test domain which provides an incorrect signature. Kamailio should report:
 +"0(70805) INFO: dnssec [dnssec_func.c:145]: invalid domain www.dnssec-failed.org reason VAL_UNTRUSTED_ANSWER"
 +
 +
 +
 +
 +
 +
 +
  
 ===== Remarks ===== ===== Remarks =====
tutorials/dns/dnssec.1366573581.txt.gz ยท Last modified: 2013/04/21 21:46 by miconda