dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4
share rss forum feed

gweidenh

join:2002-05-18
Houston, TX
kudos:3

1 recommendation

reply to Arne Bolen

Re: CC Disaster

Callcentric have (wisely) changed their DNS reply to be 425 bytes thus it will fit within a single UDP packet response.

Using specific DNS servers should no longer be required (at least with their current SRV records)


garys_2k
Premium
join:2004-05-07
Farmington, MI
Reviews:
·Callcentric
·callwithus

said by gweidenh:

Callcentric have (wisely) changed their DNS reply to be 425 bytes thus it will fit within a single UDP packet response.

Using specific DNS servers should no longer be required (at least with their current SRV records)

When did they do this? I ask because possibly the longer records were the shource of my PAP2's reboot issue.

gweidenh

join:2002-05-18
Houston, TX
kudos:3

I do not know exactly when. I checked this morning based on Iscream's response about changing their DNS SRV weighting.

I am talking specifically about the srv.callcentric.com records.



Arne Bolen
Happy Anveo customer
Premium
join:2009-06-21
Antar
kudos:4
Reviews:
·Anveo
·voip.ms
·callwithus
·Callcentric

said by gweidenh:

I am talking specifically about the srv.callcentric.com records.

It's the same with the callcentric.com records.
--
My VoIP News

DBOD

join:2012-10-17
reply to gweidenh

This happened sometime in the last 10 hours. Both the callcentric.com and srv.callcentric.com are returning shortened records. They probably did this because too many user agents were not processing it correctly. It appears that they also added non zero weights to the srv.callcentric.com answers. This does not work with my 3CX system so I use the callcentric.com port 0 and it seems to be working okay this morning.



Davesnothere
No-BHELL-ity DOES have its Advantages
Premium
join:2009-06-15
START Today!
kudos:7

1 edit
reply to gweidenh

said by gweidenh:

I do not know exactly when. I checked this morning based on Iscream's response about changing their DNS SRV weighting.

I am talking specifically about the srv.callcentric.com records.

 
Yes, I too noticed that change at that same period, and was meaning to ask wassup - now has less servers in the response for srv.callcentric.com - though I had not suffered registration problems yesTURDay.

Also, all of the weights on that are set to 30 now.

At that time, the 'A' record (callcentric.com) reply was still longer and all weights still at ZERO.

EDIT : Actually, it was shorter than it USED to be, but longer than the reply for SRV.

SRV now shows 9 servers, and 'A' shows a total of 11 today.

garys_2k
Premium
join:2004-05-07
Farmington, MI
Reviews:
·Callcentric
·callwithus
reply to DBOD

said by DBOD:

This happened sometime in the last 10 hours. Both the callcentric.com and srv.callcentric.com are returning shortened records. They probably did this because too many user agents were not processing it correctly. It appears that they also added non zero weights to the srv.callcentric.com answers. This does not work with my 3CX system so I use the callcentric.com port 0 and it seems to be working okay this morning.

Thanks, I'll re-try my ATA registration with them to see if I stell get automatic reboots. I'd REALLY like to stick with the SRV SBCs in order to be more insulated from the DDoS issue.


Davesnothere
No-BHELL-ity DOES have its Advantages
Premium
join:2009-06-15
START Today!
kudos:7
reply to gweidenh

said by gweidenh:

Callcentric have (wisely) changed their DNS reply to be 425 bytes thus it will fit within a single UDP packet response.

Using specific DNS servers should no longer be required (at least with their current SRV records)

 
This needed emphasis and repeating, IMNSHO.

Iscream
Premium
join:2009-02-17
New York, NY
kudos:6
Reviews:
·Verizon FiOS
reply to Davesnothere

Dave - "A" records don't have "weights", they have only IP addresses; that's a whole "problem" with them. On another hand - "SRV" records don't have IP addresses, but they resolve to different names (where each name may have multiple IP addresses), different priorities and different weights. This [SRV] mechanism allows for redundancy (including so beloved here - geo-redundancy) on multiple levels, it allows a granular prioritization of serving components (servers) including further prioritization within a group of equal servers - this is controlled by weights.

The result is an ability to protect from DoS and DDOS attacks by creating a huge capacity of fast moving targets changing their parameters quickly in "invisibly" for attackers by replacing actual serving, but currently [over]loaded computers, in real time, within milliseconds, with fresh and not loaded ones while allowing the former keep processing earlier started requests and dialogs.

Also the result is an ability to have a self-healing farm of servers where any server may go south (die) at any moment without affecting any devices working with that farm. The farm may have servers co-located within same room or groups of servers spread geographically (provided all distributed servers have equal resources Internet-wise - same sufficient bandwidth, same speed and same access to originating and terminating carriers which is not the easiest and rather literally and largely impossible part for most today's providers - this is why I'm so against geo-redundancy, but I'll stop on that again later).



Davesnothere
No-BHELL-ity DOES have its Advantages
Premium
join:2009-06-15
START Today!
kudos:7

3 edits

1 recommendation

said by Iscream:

....The result is an ability to protect from DoS and DDOS attacks by creating a huge capacity of fast moving targets, changing their parameters quickly in "invisibly" for attackers by replacing actual serving, but currently [over]loaded computers, in real time, within milliseconds, with fresh and not loaded ones while allowing the former keep processing earlier started requests and dialogs....

 
I see.

This reminds me of that old arcade game at county fairs where you shoot at the ducks and knock them down.

However, there always seem to be more ducks to replace them - maybe even the SAME ducks - but we cannot see what happens below the deck, and it really does not matter, as long as more ducks come into the sight of the rifle.

EDIT : Please note that in this example, WE play the part of the attackers, and no matter how many ducks we knock down, there always seem to be more.

Iscream
Premium
join:2009-02-17
New York, NY
kudos:6
Reviews:
·Verizon FiOS
reply to Davesnothere

That's right - during last couple days we have done some major and dramatic changes to our network's perimeter, processing power and "garbage" utilization while allowing our SBCs' CPU power to do the job they were designed to do).

All those measures together allowed us to reduce number of SRV records per returned result thus going back into "unbuggy" (if I can say it this way - like "undead" ) area of all those UAs which stopped performing when caused to use TCP for larger buffers which in turn caused many devices to reboot.

No need to use any specific DN servers anymore - anything goes - any DNS settings, any "A" or "SRV" settings, any devices may go back to older setting or keep whatever worked in past or works now.

I may only still recommend to use SRV settings or at least try to configure them because of above, earlier listed reasons related to specific "features" which may be used (and already used by our implementation) by providers for great increase in reliability, resiliency thus catering to better security and [what else?] - geographical and local redundancy.



Davesnothere
No-BHELL-ity DOES have its Advantages
Premium
join:2009-06-15
START Today!
kudos:7

1 edit

said by Iscream:

....No need to use any specific DN servers anymore - anything goes - any DNS settings, any "A" or "SRV" settings, any devices may go back to older setting or keep whatever worked in past or works now.

I may only still recommend to use SRV settings or at least try to configure them because of above, earlier listed reasons related to specific "features" which may be used (and already used by our implementation) by providers for great increase in reliability, resiliency thus catering to better security and [what else?] - geographical and local redundancy.

 
Plus Fort (Louder) - Bold Text....

Yes, the shorter DNS records seem like a better way - at least for now.

Iscream
Premium
join:2009-02-17
New York, NY
kudos:6
Reviews:
·Verizon FiOS
reply to Davesnothere

I'd say - it reminds a game/screen-saver/trojan-virus where an entire screen surface quickly populates with cockroaches getting from anywhere where you're required to knock them down by either mouse or fingernail, but they keep coming in, more and more... until you use something like DDT or just remove the software that irritates your mind )


OmagicQ
Posting in a thread near you

join:2003-10-23
Bakersfield, CA
kudos:1
Reviews:
·Bright House

1 recommendation

reply to Iscream

said by Iscream:

... The farm may have servers co-located within same room or groups of servers spread geographically (provided all distributed servers have equal resources Internet-wise - same sufficient bandwidth, same speed and same access to originating and terminating carriers which is not the easiest and rather literally and largely impossible part for most today's providers - this is why I'm so against geo-redundancy, but I'll stop on that again later).

Really...How very interesting....
--
...Who, What, When, Where, How... Why? Why Not?