[Freeswitch-users] Best practices question about SIP registration

Lawrence Conroy lconroy at insensate.co.uk
Wed Jan 9 03:04:41 MSK 2013

Hi again Steven,
 with apologies for top-posting ...
Re. flowroute.com
Many of us have sup-domains for different classes of users -- looks like your sub-domain is sip.flowroute.com.

However, flowroute.com does have a NAPTR (it has two):
flowroute.com.		21600	IN	NAPTR	100 10 "s" "SIP+D2U" "" _sip._udp.flowroute.com.
flowroute.com.		21600	IN	NAPTR	102 20 "s" "SIP+D2T" "" _sip._tcp.flowroute.com.

Also, the _sip._udp.flowroute SRV shows:
_sip._udp.flowroute.com. 43200	IN	SRV	20 10 5060 sip-ca1.flowroute.com.
_sip._udp.flowroute.com. 43200	IN	SRV	10 10 5060 sip-nv1.flowroute.com.

as does the _sip.tcp.flowroute.com SRV:
_sip._tcp.flowroute.com. 43200	IN	SRV	10 10 5060 sip-nv1.flowroute.com.
_sip._tcp.flowroute.com. 43200	IN	SRV	20 10 5060 sip-ca1.flowroute.com.

so -- if a client is trying to call to sip:1000 at flowroute.com, that client looks up the NAPTR set for flowroute.com (the sip domainpart), gets back the two entries, and chooses to look for a SRV under _sip._udp.flowroute.com (if it wants to call using UDP) or _sip.tcp.flowroute.com (if it wants to call using TCP or use sips:).
flowroute would prefer that you contacted them by UDP (it has a lower preference -- 10 versus the D2T's 20).
If you do contact them, they'd prefer that you used sip-nv1.flowroute.com. (as that has a better/lower preference than sip-cal).

On to the polycoms -- I don't have any of these, so I'm guessing, but ...
It looks strongly like the registration server is at fs.domain.local, which has an IP address of for the DNS-challenged, and is listening on port 5060.
The AuthID/UserID for this 'phone to use 1000, which is kinda apparent from the SIP address the phone has, which is sip:1000 at fs.domain.local.
I'd AssUMe that there's also a password field :).

So ... if you had mydomain.com, and for your internal use you had a sub-domain of, say, internal.mydomain.com, and you had one fS handling your local 'phones, running on a machine called fs.internal.domain.com which had an IP address of, I'd put into the local view of DNS:

internal.mydomain.com. IN NAPTR 100 10 "s" "SIP+D2U" "" _sip._udp.internal.mydomain.com.
_sip._udp.internal.mydomain.com. IN SRV 10 10 5060 fs.internal.mydomain.com
fs.internal.mydomain.com. IN A

Note that I'm assuming that you'd be using a split-view DNS (i.e., your local DNS server would only give these answers to its local machines)
as it's kinda impolite to give private addresses like to the outside world -- clients are sometimes too dumb to realise they can't contact that server using this address.
[...which is why we have one way audio -- stupid implementers :]p

Hope that helps,

On 8 Jan 2013, at 23:02, Steven Schoch wrote:
> On Tue, Jan 8, 2013 at 1:56 PM, Lawrence Conroy <lconroy at insensate.co.uk>wrote:
>> Hi there,
>> at the risk of butting in on someone else's party ...
>> Nope; your interpretations is NOT best practice.
> This party is open to all.  I appreciate these answers, and as usual I have
> noticed that the fastest way to learn is to do it wrong, and then have
> somebody correct me!  Thanks!
>> With SIP (see RFC 3263), you do a lookup on the SRV record (at
>> _sip._udp.<sipdomain>) to find the machine that handles SIP
>> registrations/incalls for the domain. That also gives you the port on
>> which that machine is listening.
> For example, I did a lookup:
> $ dig SRV _sip._udp.sip.flowroute.com.
> This returns:
> _sip._udp.sip.flowroute.com. 43200 IN   SRV     20 10 5060
> sip-ca1.flowroute.com.
> _sip._udp.sip.flowroute.com. 43200 IN   SRV     10 10 5060
> sip-nv1.flowroute.com.
>> (Yup, you can also have a NAPTR record in the domain to tell you where the
>> SRV record is, but many folks don't bother -- for Best Practice, you
>> should, but ...)
> $ dig NAPTR sip.flowroute.com
> sip.flowroute.com.      42818   IN      NAPTR   100 10 "s" "SIP+D2U" ""
> _sip._udp.sip.flowroute.com.
> sip.flowroute.com.      42818   IN      NAPTR   102 20 "s" "SIP+D2U" ""
> _sip._tcp.sip.flowroute.com.
> I found that _sip._tcp.sip.flowroute.com does not have a SRV record.  I
> don't know what that means.  The RFC says that you should use "SIP+D2T" for
> TCP.
> Now, as this relates to the Polycom phone example, there are these fields:
>    reg.1.address="1000 at fs.domain.local"
>    reg.1.auth.userId="1000"
>    reg.1.server.1.address=""
>    reg.1.server.1.port="5060"
> Since this is a VoIP phone that loads its configuration from the server,
> not VoIP software that is configured by the user, it really only needs the
> IP address, so the server address field is kind of moot.
> But the example domain here is "fs.domain.local".  Why not just
> "domain.local"?  Why didn't Flowroute use "flowroute.com" instead of "
> sip.flowroute.com"?
> And my other question was how is the address "1000 at fs.domain.local" used?
> Does FreeSwitch use that or does it just use the auth.userId?
> -- 
> Steve
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list