William Waites
2003-Nov-30 16:31 UTC
[Asterisk-Users] LCR with ENUM and DDNS: half the story
Ok, so you've read the Wiki and gotten call routing using ENUM to work
(http://www.voip-info.org/tiki-index.php?page=Asterisk%20E164%20Call%20Routing)
with your own ENUM-alike domain, e164.example.com.
But how do you populate it with data? You can do it manually, but that gets
very tedious very quickly. Or you can use the nifty DDNS updating program
that comes with bind9.
The first thing is to set configure your e164.example.com to allow ddns updates.
A very good document describing how to do this (just ignore the DHCP stuff) is
http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
In a nutshell (I used TSIG keys for simplicity, the procedure is analogous with
SIG(0) asymettric keys) this is how you do it.
On the client computer that will be allowed to update the database do:
% dnssec-keygen -a HMAC-MD5 -b 512 -n HOST client.example.com
Kclient.example.com.+157+13404
This creates the shared key, which will live in a file called
Kclient.example.com.+157+13404.key and .private
% cat Kclient.example.com.+157+13404.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key:
I9FvX+F3fcSVLkzlPSVR9THww+oN6o0mj/JgKTu9auzMx0IM7lmBd9RIfk2cbHvoV9drGQVsk+svkrf+AeN0JQ=
Now on the server, let that key update e164.example.com. To do this, change
named.conf
to have
key "client.example.com." {
algorithm HMAC-MD5;
secret
"I9FvX+F3fcSVLkzlPSVR9THww+oN6o0mj/JgKTu9auzMx0IM7lmBd9RIfk2cbHvoV9drGQVsk+svkrf+AeN0JQ==";
};
zone "e164.example.com" {
type master;
file "dynamic/e164.example.com";
update-policy {
grant client.example.com. subdomain e164.example.com. ANY;
};
};
and restart the nameserver.
That's it for the configuration.
Now, say you have just found a very good IAX2 peer, FooFone that offers
/wonderful/ rates
to the ficticious country code 666. You can use a script like this, to tell the
asterisk application EnumLookup (see the howto above) to use this peer for that
country:
#!/bin/sh
TTL=3600
SERVER=nameserver.example.com
SERVER=sparx
ZONE=e164.example.com
KEYFILE=Kclient.example.com.+157+13404.key
nsupdate -v -k ${KEYFILE} << EOF
server ${SERVER}
zone ${ZONE}
update delete *.6.6.6.e164.example.com.
update add *.6.6.6.e164.example.com. ${TTL} NAPTR 100 100 "u"
"E2U+IAX2" "!\\\\+(.*)!iax2:foofone/\\\\1!" .
update add *.6.6.6.e164.example.com. ${TTL} TXT "greate $0.00/minute rate
from FooFone!"
show
send
EOF
the first update line deletes any existing records for +666, the second adds the
NAPTR
record for ENUM call routing, and the third adds a nice informational message in
the DNS
which is useful if you want a quick way to find out how much a call will be
billed at.
Note the escaped-escaped-escape characters. The first is because the shell will
try to
interpret \, so what actually gets sent to nsupdate is \\ which is correct for
what BIND
wants.
And the second half of the puzzle? Figuring out how to know what to put in the
DNS,
calculating the best rates...
Hope someone finds this useful,
-w
--
/~\ The ASCII Ribbon Campaign
\ / No HTML/RTF in email
X No Word docs in email
/ \ Respect for open standards
Also I must point out that your NAPTR record is a bit wrong: wrong:(bind9) "!\\\\+(.*)!iax2:foofone/\\\\1!" Correct: "!\\+(.*)!iax2:foofone/\\1!" Thats how I have it setup. bkw On Sun, 30 Nov 2003, William Waites wrote:> Ok, so you've read the Wiki and gotten call routing using ENUM to work > (http://www.voip-info.org/tiki-index.php?page=Asterisk%20E164%20Call%20Routing) > with your own ENUM-alike domain, e164.example.com. > > But how do you populate it with data? You can do it manually, but that gets > very tedious very quickly. Or you can use the nifty DDNS updating program > that comes with bind9. > > The first thing is to set configure your e164.example.com to allow ddns updates. > A very good document describing how to do this (just ignore the DHCP stuff) is > http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html > > In a nutshell (I used TSIG keys for simplicity, the procedure is analogous with > SIG(0) asymettric keys) this is how you do it. > > On the client computer that will be allowed to update the database do: > > % dnssec-keygen -a HMAC-MD5 -b 512 -n HOST client.example.com > Kclient.example.com.+157+13404 > > This creates the shared key, which will live in a file called > Kclient.example.com.+157+13404.key and .private > > % cat Kclient.example.com.+157+13404.private > Private-key-format: v1.2 > Algorithm: 157 (HMAC_MD5) > Key: I9FvX+F3fcSVLkzlPSVR9THww+oN6o0mj/JgKTu9auzMx0IM7lmBd9RIfk2cbHvoV9drGQVsk+svkrf+AeN0JQ=> > Now on the server, let that key update e164.example.com. To do this, change named.conf > to have > > key "client.example.com." { > algorithm HMAC-MD5; > secret "I9FvX+F3fcSVLkzlPSVR9THww+oN6o0mj/JgKTu9auzMx0IM7lmBd9RIfk2cbHvoV9drGQVsk+svkrf+AeN0JQ=="; > }; > > zone "e164.example.com" { > type master; > file "dynamic/e164.example.com"; > update-policy { > grant client.example.com. subdomain e164.example.com. ANY; > }; > }; > > and restart the nameserver. > > That's it for the configuration. > > Now, say you have just found a very good IAX2 peer, FooFone that offers /wonderful/ rates > to the ficticious country code 666. You can use a script like this, to tell the > asterisk application EnumLookup (see the howto above) to use this peer for that country: > > #!/bin/sh > > TTL=3600 > SERVER=nameserver.example.com > SERVER=sparx > ZONE=e164.example.com > KEYFILE=Kclient.example.com.+157+13404.key > > nsupdate -v -k ${KEYFILE} << EOF > server ${SERVER} > zone ${ZONE} > update delete *.6.6.6.e164.example.com. > update add *.6.6.6.e164.example.com. ${TTL} NAPTR 100 100 "u" "E2U+IAX2" "!\\\\+(.*)!iax2:foofone/\\\\1!" . > update add *.6.6.6.e164.example.com. ${TTL} TXT "greate $0.00/minute rate from FooFone!" > show > send > EOF > > the first update line deletes any existing records for +666, the second adds the NAPTR > record for ENUM call routing, and the third adds a nice informational message in the DNS > which is useful if you want a quick way to find out how much a call will be billed at. > > Note the escaped-escaped-escape characters. The first is because the shell will try to > interpret \, so what actually gets sent to nsupdate is \\ which is correct for what BIND > wants. > > And the second half of the puzzle? Figuring out how to know what to put in the DNS, > calculating the best rates... > > Hope someone finds this useful, > -w > -- > /~\ The ASCII Ribbon Campaign > \ / No HTML/RTF in email > X No Word docs in email > / \ Respect for open standards > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users >
Possibly Parallel Threads
- Samba and keytab file creation
- Joining Samba4 to Win 2008 AD domain breaks other kerberos functions
- possibly a stupid question, why can I not set sharenfs="sec=krb5, rw"?
- Joining Samba4 to Win 2008 AD domain breaks other kerberos functions
- new installation Samba AD - dnsupdate fail