24 Configuring Domain Name Systems (DNS)

This chapter covers DNS configurations on the ME system.

Domain Name System (DNS) Overview

Domain Name System (DNS) servers are responsible for translating Internet domain and host names to IP addresses. DNS converts the name entered on a Web browser address bar to the IP address of the Web server that hosts that particular Web site. DNS uses a distributed database to store this name and address information for all public hosts on the Internet.

When an Internet client issues a request that involves an Internet host name, a DNS server determines the host's IP address. If the DNS server cannot service the request, it forwards the request to other DNS servers until the IP address is resolved, completing the Internet client request.

The ME maintains a cache of query responses: positive responses were successful and negative (reject) responses failed. This response is the DNS resource record, allowing the ME to consult its cache for mapping information before querying a server.

RADIUS and Diameter group accounting configurations, for example, require that you configure DNS to resolve the IP addresses associated with RADIUS and Diameter servers being used to capture call detail records.

The following image illustrates a sample network with a DNS server that resolves RADIUS server IP addresses using the domain name.

Surrounding text describes admin_32.png.

Configuring the DNS Resolver

The ME system functions as a DNS client (resolver) that forwards requests for IP address resolutions, but does not act as a server in accepting requests. As a resolver, the ME obtains resource records from DNS servers on behalf of resident or requesting applications. You must configure the resolver function before other objects within the DNS configuration object.

Note:

You must configure the settings of the resolver object before setting other objects under DNS.

The DNS object configures the ME domain name, one or more DNS servers, and static mapping between host names and addresses. You can also configure static service locations, naming authority pointers, and how to resolve negative entries.

CLI Session

The following CLI session configures and enables the DNS resolver, sets the domain name to be used for DNS mappings, sets the DNS server IP address, port number and transport protocol, and the DNS query properties.

NNOS-E> config vsp
config vsp> config dns
config dns> config resolver
config resolver> set admin enabled
config resolver> set server 192.168.10.10 UDP 54
config resolver> set query-timeout 10
config resolver> set query-retries 5
config resolver> set cache-poll-interval 60

The query-timeout property specifies the time, in seconds (between 1 to 10), that a DNS lookup can go unanswered before it times out. The query-retries property specifies the number of DNS query (lookup) retries to execute if a DNS query times out. Enter a number of retries between 0 to 5, where 0 indicates no retries.

The cache-poll-interval property specifies the number of seconds that the ME waits between refreshing the cache. The interval controls the rate at which the ME polls the location-cache to purge stale location bindings.

Configure as many DNS servers as you need. Refer to the Oracle Communications WebRTC Session Controller Media Engine Object Reference for information on additional settings.

Configuring DNS Hosts and IPs

For each host in your network domain, you need to statically map IP addresses to host names. The host object requires that you supply a name variable. This is the name of an Internet node, for example, a SIP server, a RADIUS server, or a PC in your network.

You can enter:

An existing name and new address; the corresponding address is mapped to the name for use in DNS lookups, or
A new name and existing address; the system creates a named entry for DNS use.

CLI Session

The following DNS session configures the DNS host name for the RADIUS server named radServer1 and sets the IP address to be returned in DNS lookups.

NNOS-E> config vsp
config vsp> config dns
config dns> config host radServer1
Creating &rsquor;host radServer1'
config host radServer1> set address 192.168.124.6

The following DNS session configures the DNS host name for the SIP server named lcsServer1 and sets the IP address to be returned in DNS lookups.

NNOS-E> config vsp
config vsp> config dns
config dns> config host lcsServer1
Creating &rsquor;host lcsServer1
config host lcsServer1> set address 192.168.125.3

Mapping SIP Services

The DNS service object allows you to statically map SIP services to specific SIP servers. Using a configured rule, DNS resolves the SIP service and maps the service to a specific SIP server. By adding DNS server resource (SRV) records for each SIP service, SRV records provide contacts for the specific DNS servers.

The rule property establishes the preference level for selecting a named SIP service if you configure multiple SIP service mappings. Configuring the service object for each SIP service establishes the sequence to use when contacting the configured SIP servers.

CLI Session

The following CLI session maps the TLS service on the company.com domain. DNS resolves the TLS service to lcsServer1 using the configured rule (port, priority, and weight settings).

NNOS-E> config vsp
config vsp> config dns
config dns> config service company.com tls
Creating &rsquor;service company.com tls'
config service company.com> set rule lcsServer1.company.com 5001 10 5

Configuring NAPTR

The Naming-authority pointer (called NAPTR) creates a static mapping of service information to a specific server or domain name. This mapping performs DNS lookups for requests in cases where the ME system cannot determine either the protocol or port of the destination.

Naming-authority pointer (NAPTR) records contain rules for converting each request to the correct configured service. Because each transport service over SIP is viewed as a different service (TCP, UDP, or TLS), they establish three different NAPTR records. This object configures the preference for use of an appropriate service for each domain.

Set one rule for each protocol: UDP, TCP, and TLS. Before a request can be forwarded on, the system must know the protocol and the port for the destination.

CLI Session

The following CLI session sets the NAPTR rules (protocol, order, preference) for SIP TLS, TCP and UDP services on the company.com domain. DNS uses the configured SIP services (TLS, TCP, UDP) to resolve the destination SIP server, using exact matching of the company.com domain name.

NNOS-E> config vsp
config vsp> config dns
config dns> config naptr company.com
Creating &rsquor;naptr company.com'
config naptr company.com> set match exact
config naptr company.com> set rule TLS 1 10
config naptr company.com> set rule TCP 2 10
config naptr company.com> set rule UDP 3 10

For more information on NAPTR and DNS on the ME system, refer to the Oracle Communications WebRTC Session Controller Media Engine Object Reference.

Configuring DNS Rejections

You can instruct DNS to ignore lookups that involve certain domain names. The DNS reject object requires that you supply a host name, service name, domain name, or IP address. Any request containing the specified name will be rejected.

Set the type property to identify which record type you are entering:

A : IPv4 address
AAAA : IPv6 address
PTR : Address to name mapping
NAPTR : NAPR rule

CLI Session

The following CLI session rejects DNS lookups that involve the domain named evilBadGuy.com., using the IPv4 address, matching the exact domain name as entered.

NNOS-E> config vsp
config vsp> config dns
config dns> config reject badNetwork.com naptr
Creating &rsquor;reject badNetwork.com naptr'
config reject badNetwork.com> set match exact

For more information on DNS rejections on the ME system, refer to the Oracle Communications WebRTC Session Controller Media Engine Object Reference.