DNS is new resolved for a new Dialog after "Authentication Required" -> Authentication failes

[haeferer]

Our Provider uses DNS to spread request over different machines

Take a look at ``nslookup sip.solucon.com"

Name:    sip.solucon.com
Addresses:  92.197.181.225
          92.197.178.224
          92.197.178.226
          92.197.181.224
          92.197.178.225
          92.197.180.225
          92.197.180.227
          92.197.180.229
          92.197.181.229
          92.197.181.228
          92.197.178.229
          92.197.180.224
          92.197.181.227
          92.197.180.226
          92.197.181.226
          92.197.178.228
          92.197.178.227
          92.197.180.228

Every DNS Call gets a new TOP-HIT.

This ends in a Problem:

IF you Start an INVITE Dialog and gets an Authentication Required the new Dialog with prepard Authentication Headers goes to another Server, which does not know anthing about the nounce etc.

IF you fix the Sip Adress from "sip.solucon.com" to 92.197.181.228 everything is fine.

So DNS should only be resolved per CALLID, not per Request or dialog

[haeferer]

Here is a Log for this bevaviour

2018-11-22T15:05:10.885Z drachtio:agent wp connecting (tcp) to 172.22.17.11:9022
2018-11-22T15:05:10.888Z drachtio:agent wp#on connect 172.22.17.11:9022
2018-11-22T15:05:10.890Z drachtio:agent wp#send 172.22.17.11:9022 - 56#84ccef55-c278-4a51-90bf-d94f56212d6f|authenticate|cymru|
2018-11-22T15:05:10.891Z drachtio:agent <===151#8ce29846-9bdb-41bc-b0b9-dc884171bf42|response|84ccef55-c278-4a51-90bf-d94f56212d6f|OK|udp/172.22.17.11:5060,udp/172.22.17.11:5060,udp/172.22.17.11:5060
2018-11-22T15:05:10.892Z drachtio:agent sucessfully authenticated, hostport is  udp/172.22.17.11:5060,udp/172.22.17.11:5060,udp/172.22.17.11:5060
2018-11-22T15:05:10.892Z drachtio:agent wp#send 172.22.17.11:9022 - 49#2e7c41a2-9ee8-4d8a-b0b1-899654480451|route|invite
2018-11-22T15:05:10.895Z drachtio:agent options: {"uri":"sip:01715302xxx@sip.solucon.com","method":"INVITE","headers":{"From":"sip:fo281943tr34752_17@sip.solucon.com","To":"sip:01715302xxx@sip.solucon.com"},"auth":{"username":"fo281943tr34752_17@sip.solucon.com","password":"***"}}
2018-11-22T15:05:10.896Z drachtio:agent wp#send 172.22.17.11:9022 - 196#08c70477-eb14-424c-8a0b-4adb6e3cf431|sip||
INVITE sip:01715302xxx@sip.solucon.com SIP/2.0
From: sip:fo281943tr34752_17@sip.solucon.com
To: sip:01715302xxx@sip.solucon.com
Content-Length: 0


2018-11-22T15:05:10.896Z drachtio:agent <===85#f61904fa-b54e-4437-984a-cba2ed57f8da|response|2e7c41a2-9ee8-4d8a-b0b1-899654480451|OK
2018-11-22T15:05:10.905Z drachtio:agent <===549#1605322e-42ae-422f-a25d-58a663b832cd|response|08c70477-eb14-424c-8a0b-4adb6e3cf431|OK|application|362|udp|172.17.0.3|5060|15:05:10.945550|b4942575-631e-41bb-8923-305873632daf|Msg sent:|
INVITE sip:01715302xxx@sip.solucon.com SIP/2.0
Via: SIP/2.0/UDP 172.22.17.11;rport;branch=z9hG4bKQNBpaQDeK5gKe
Max-Forwards: 70
From: <sip:fo281943tr34752_17@sip.solucon.com>;tag=2FSvg2Uy7346c
To: <sip:01715302xxx@sip.solucon.com>
Call-ID: d931824e-690a-1237-ee8d-0242ac110003
CSeq: 131113491 INVITE
Contact: <sip:172.22.17.11:5060>
Content-Length: 0


2018-11-22T15:05:10.952Z drachtio:agent <===1064#5b8c39e0-7069-4d70-979d-3a850c996b86|sip|network|895|udp|92.197.178.226|5060|15:05:10.968565|b4942575-631e-41bb-8923-305873632daf|52c9228a-4f73-477e-8291-a697ea1d8329|
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 172.22.17.11;rport=14977;branch=z9hG4bKQNBpaQDeK5gKe;received=92.50.94.182
From: <sip:fo281943tr34752_17@sip.solucon.com>;tag=2FSvg2Uy7346c
To: <sip:01715302xxx@sip.solucon.com>;tag=92t6eSDS6SSHK
Call-ID: d931824e-690a-1237-ee8d-0242ac110003
CSeq: 131113491 INVITE
User-Agent: FreeSWITCH-mod_sofia/1.4.19+git~20160308T120410Z~49d25d30bb~64bit
Accept: application/sdp
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: timer, path, replaces
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
Proxy-Authenticate: Digest realm="sip.solucon.com", nonce="01d5563c-ee68-11e8-b358-1d742c36f270", algorithm=MD5, qop="auth"
Content-Length: 0


2018-11-22T15:05:10.953Z drachtio:agent tokens: ["5b8c39e0-7069-4d70-979d-3a850c996b86","sip","network","895","udp","92.197.178.226","5060","15:05:10.968565","b4942575-631e-41bb-8923-305873632daf","52c9228a-4f73-477e-8291-a697ea1d8329",""]
2018-11-22T15:05:10.954Z drachtio:agent received sip response
2018-11-22T15:05:10.954Z drachtio:agent Agent#handle: got a response with status: 407
2018-11-22T15:05:10.957Z drachtio:agent options: {"uri":"sip:01715302xxx@sip.solucon.com","method":"INVITE","headers":{"From":"<sip:fo281943tr34752_17@sip.solucon.com>;tag=2FSvg2Uy7346c","To":"sip:01715302xxx@sip.solucon.com","content-length":0,"CSeq":"131113492 INVITE","call-id":"d931824e-690a-1237-ee8d-0242ac110003","Proxy-Authorization":"Digest username=\"fo281943tr34752_17@sip.solucon.com\",realm=\"sip.solucon.com\",nonce=\"01d5563c-ee68-11e8-b358-1d742c36f270\",uri=\"sip:01715302xxx@sip.solucon.com\",response=\"e656f041ea2683128f496a8af7683080\",qop=\"auth\",nc=00000001,cnonce=\"48dfbb6a\""},"auth":{"username":"fo281943tr34752_17@sip.solucon.com","password":"bkPtrEp30J"}}
2018-11-22T15:05:10.958Z drachtio:agent wp#send 172.22.17.11:9022 - 554#df964bf2-9b88-4112-b84d-539e919d951c|sip||
INVITE sip:01715302xxx@sip.solucon.com SIP/2.0
From: <sip:fo281943tr34752_17@sip.solucon.com>;tag=2FSvg2Uy7346c
To: sip:01715302xxx@sip.solucon.com
Content-Length: 0
CSeq: 131113492 INVITE
Call-ID: d931824e-690a-1237-ee8d-0242ac110003
Proxy-Authorization: Digest username="fo281943tr34752_17@sip.solucon.com",realm="sip.solucon.com",nonce="01d5563c-ee68-11e8-b358-1d742c36f270",uri="sip:01715302xxx@sip.solucon.com",response="e656f041ea2683128f496a8af7683080",qop="auth",nc=00000001,cnonce="48dfbb6a"


2018-11-22T15:05:10.972Z drachtio:agent <===745#0c793037-4c63-4514-bf94-dbeb4a5ea850|response|df964bf2-9b88-4112-b84d-539e919d951c|OK|application|0|unknown||0|15:05:11.014822|4b23383b-5ad3-4306-aa22-cec5f233caea|Msg sent:|
INVITE sip:01715302xxx@sip.solucon.com SIP/2.0
Max-Forwards: 70
From: <sip:fo281943tr34752_17@sip.solucon.com>;tag=2FSvg2Uy7346c
To: sip:01715302xxx@sip.solucon.com
Call-ID: d931824e-690a-1237-ee8d-0242ac110003
CSeq: 131113492 INVITE
Contact: <sip:172.22.17.11:5060>
Proxy-Authorization: Digest username="fo281943tr34752_17@sip.solucon.com", realm="sip.solucon.com", nonce="01d5563c-ee68-11e8-b358-1d742c36f270", uri="sip:01715302xxx@sip.solucon.com", response="e656f041ea2683128f496a8af7683080", qop="auth", nc=00000001, cnonce="48dfbb6a"
Content-Length: 0


2018-11-22T15:05:10.973Z drachtio:agent uac-auth: new transaction 4b23383b-5ad3-4306-aa22-cec5f233caea overwrites b4942575-631e-41bb-8923-305873632daf
2018-11-22T15:05:11.022Z drachtio:agent <===1076#9b8d74b9-aac3-4bac-8c55-1451f4e3bcb5|sip|network|907|udp|92.197.181.225|5060|15:05:11.055021|4b23383b-5ad3-4306-aa22-cec5f233caea|236c0674-9627-413b-9ab9-75e43b842fac|
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 172.22.17.11;rport=31384;branch=z9hG4bKry4ecjyHge75S;received=92.50.94.182
From: <sip:fo281943tr34752_17@sip.solucon.com>;tag=2FSvg2Uy7346c
To: <sip:01715302xxx@sip.solucon.com>;tag=7pm80Kp0mBKXg
Call-ID: d931824e-690a-1237-ee8d-0242ac110003
CSeq: 131113492 INVITE
User-Agent: FreeSWITCH-mod_sofia/1.4.19+git~20160308T120410Z~49d25d30bb~64bit
Accept: application/sdp
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
Supported: timer, path, replaces
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer
Proxy-Authenticate: Digest realm="sip.solucon.com", nonce="01e2b9c6-ee68-11e8-8937-2f8ba37dbd48", stale=true, algorithm=MD5, qop="auth"
Content-Length: 0


2018-11-22T15:05:11.022Z drachtio:agent tokens: ["9b8d74b9-aac3-4bac-8c55-1451f4e3bcb5","sip","network","907","udp","92.197.181.225","5060","15:05:11.055021","4b23383b-5ad3-4306-aa22-cec5f233caea","236c0674-9627-413b-9ab9-75e43b842fac",""]
2018-11-22T15:05:11.022Z drachtio:agent received sip response
2018-11-22T15:05:11.022Z drachtio:agent Agent#handle: got a response with status: 407
2018-11-22T15:05:11.023Z drachtio:agent sendMessage: ACK sip:01715302xxx@sip.solucon.com SIP/2.0
Content-Length: 0


2018-11-22T15:05:11.023Z drachtio:agent opts: {"stackDialogId":"236c0674-9627-413b-9ab9-75e43b842fac"}
2018-11-22T15:05:11.023Z drachtio:agent wp#send 172.22.17.11:9022 - 146#197b1405-9014-4d6a-a158-71658a223718|sip||236c0674-9627-413b-9ab9-75e43b842fac
ACK sip:01715302xxx@sip.solucon.com SIP/2.0
Content-Length: 0


2018-11-22T15:05:11.024Z drachtio:agent <===172#eff7de0e-ecec-4d65-b8a3-83a28cd70909|response|197b1405-9014-4d6a-a158-71658a223718|NOK|Server error: ACK for non-success final response is automatically generated by server

[davehorton]

Agreed this is a problem. I've noticed it before myself. Will look into this this week.

[haeferer]

Perfect, thx a lot Von meinem iPhone gesendet Am 22.11.2018 um 17:50 schrieb Dave Horton <notifications@github.com<mailto:notifications@github.com>>: Agreed this is a problem. I've noticed it before myself. Will look into this this week. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#22 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AYvpiDx6uQWmywKZXMmyrLkPLkFBTn83ks5uxtXFgaJpZM4Yvc3Y>.

[haeferer]

Hi,
Please note: SimpleProxy works perfect (there seems to be NO new DNS resolve, its the same provider)

So some headers (or parameters on headers) comming from the SIP Phone (in the Proxy scenario), suppress the new DNS Resolve in DrachtIO Server? (VIA, RecordRoute?)

[davehorton]

The DNS resolve issue I would expect you to experience when doing an app that is either a UAC or a B2BUA and receive a challenge to an INVITE (or REGISTER) request. When proxying, I think I may be stashing the original server is proxying there -- need to check that.

In any case, I will shortly have a fix for you to test with your original test case. Do you have the ability to test with a version that I tag in github, rather than pulling from npmjs ? I'd like to have your tests pass first before I publish to npm

[davehorton]

I pushed a fix to github, you should be able to test it by changing your package.json to have

drachtio-srf: davehorton/drachtio-srf#v4.4.1-rc1

can you try testing with that? If it works for you then I will push it to npm as version 4.4.1

[haeferer]

I can try this on Monday, i‘m not in the office for the weekend Von meinem iPhone gesendet Am 23.11.2018 um 18:48 schrieb Dave Horton <notifications@github.com<mailto:notifications@github.com>>: I pushed a fix to github, you should be able to test it by changing your package.json to have drachtio-srf: davehorton/drachtio-srf#v4.4.1-rc1 can you try testing with that? If it works for you then I will push it to npm as version 4.4.1 — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#22 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AYvpiMvOm53jtpr_bc9kj8b_9J62kn49ks5uyDTygaJpZM4Yvc3Y>.

[haeferer]

Works with our provider. Perfect.

[haeferer]

Sorry, possible bug from our side