Usage of DNS differs for clients and for servers. This section
discusses client usage. We assume that the client is stateful
(either a User Agent Client (UAC) or a stateful proxy). Stateless
proxies are discussed in Section 4.4.
The procedures here are invoked when a client needs to send a request
to a resource identified by a SIP or SIPS (secure SIP) URI. This URI
can identify the desired resource to which the request is targeted
(in which case, the URI is found in the Request-URI), or it can
identify an intermediate hop towards that resource (in which case,
the URI is found in the Route header). The procedures defined here
in no way affect this URI (i.e., the URI is not rewritten with the
result of the DNS lookup), they only result in an IP address, port
and transport protocol where the request can be sent. RFC 3261prop [1]
provides guidelines on determining which URI needs to be resolved in
DNS to determine the host that the request needs to be sent to. In
some cases, also documented in [1], the request can be sent to a
specific intermediate proxy not identified by a SIP URI, but rather,
by a hostname or numeric IP address. In that case, a temporary URI,
used for purposes of this specification, is constructed. That URI is
of the form sip:<proxy>, where <proxy> is the FQDN or numeric IP
address of the next-hop proxy. As a result, in all cases, the
problem boils down to resolution of a SIP or SIPS URI in DNS to
determine the IP address, port, and transport of the host to which
the request is to be sent.
The procedures here MUST be done exactly once per transaction, where
transaction is as defined in [1]. That is, once a SIP server has
successfully been contacted (success is defined below), all
retransmissions of the SIP request and the ACK for non-2xx SIP
responses to INVITE MUST be sent to the same host. Furthermore, a
CANCEL for a particular SIP request MUST be sent to the same SIP
server that the SIP request was delivered to.
Because the ACK request for 2xx responses to INVITE constitutes a
different transaction, there is no requirement that it be delivered
to the same server that received the original request (indeed, if
that server did not record-route, it will not get the ACK).
We define TARGET as the value of the maddr parameter of the URI, if
present, otherwise, the host value of the hostport component of the
URI. It identifies the domain to be contacted. A description of the
SIP and SIPS URIs and a definition of these parameters can be found
in [1].
We determine the transport protocol, port and IP address of a
suitable instance of TARGET in Sections 4.1 and 4.2.
First, the client selects a transport protocol.
If the URI specifies a transport protocol in the transport parameter,
that transport protocol SHOULD be used.
Otherwise, if no transport protocol is specified, but the TARGET is a
numeric IP address, the client SHOULD use UDP for a SIP URI, and TCP
for a SIPS URI. Similarly, if no transport protocol is specified,
and the TARGET is not numeric, but an explicit port is provided, the
client SHOULD use UDP for a SIP URI, and TCP for a SIPS URI. This is
because UDP is the only mandatory transport in RFC 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop) [6], and thus
the only one guaranteed to be interoperable for a SIP URI. It was
also specified as the default transport in RFC 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop) when no transport
was present in the SIP URI. However, another transport, such as TCP,
MAY be used if the guidelines of SIP mandate it for this particular
request. That is the case, for example, for requests that exceed the
path MTU.
Otherwise, if no transport protocol or port is specified, and the
target is not a numeric IP address, the client SHOULD perform a NAPTR
query for the domain in the URI. The services relevant for the task
of transport protocol selection are those with NAPTR service fields
with values "SIP+D2X" and "SIPS+D2X", where X is a letter that
corresponds to a transport protocol supported by the domain. This
specification defines D2U for UDP, D2T for TCP, and D2S for SCTP. We
also establish an IANA registry for NAPTR service name to transport
protocol mappings.
These NAPTR records provide a mapping from a domain to the SRV record
for contacting a server with the specific transport protocol in the
NAPTR services field. The resource record will contain an empty
regular expression and a replacement value, which is the SRV record
for that particular transport protocol. If the server supports
multiple transport protocols, there will be multiple NAPTR records,
each with a different service value. As per RFC 2915(-> 3404prop | 3403prop | 3402prop | 3401) [3], the client
discards any records whose services fields are not applicable. For
the purposes of this specification, several rules are defined.
First, a client resolving a SIPS URI MUST discard any services that
do not contain "SIPS" as the protocol in the service field. The
converse is not true, however. A client resolving a SIP URI SHOULD
retain records with "SIPS" as the protocol, if the client supports
TLS. Second, a client MUST discard any service fields that identify
a resolution service whose value is not "D2X", for values of X that
indicate transport protocols supported by the client. The NAPTR
processing as described in RFC 2915(-> 3404prop | 3403prop | 3402prop | 3401) will result in the discovery of
the most preferred transport protocol of the server that is supported
by the client, as well as an SRV record for the server. It will also
allow the client to discover if TLS is available and its preference
for its usage.
As an example, consider a client that wishes to resolve
sip:user@example.com. The client performs a NAPTR query for that
domain, and the following NAPTR records are returned:
; order pref flags service regexp replacement
IN NAPTR 50 50 "s" "SIPS+D2T" "" _sips._tcp.example.com.
IN NAPTR 90 50 "s" "SIP+D2T" "" _sip._tcp.example.com
IN NAPTR 100 50 "s" "SIP+D2U" "" _sip._udp.example.com.
This indicates that the server supports TLS over TCP, TCP, and UDP,
in that order of preference. Since the client supports TCP and UDP,
TCP will be used, targeted to a host determined by an SRV lookup of
_sip._tcp.example.com. That lookup would return:
;; Priority Weight Port Target
IN SRV 0 1 5060 server1.example.com
IN SRV 0 2 5060 server2.example.com
If a SIP proxy, redirect server, or registrar is to be contacted
through the lookup of NAPTR records, there MUST be at least three
records - one with a "SIP+D2T" service field, one with a "SIP+D2U"
service field, and one with a "SIPS+D2T" service field. The records
with SIPS as the protocol in the service field SHOULD be preferred
(i.e., have a lower value of the order field) above records with SIP
as the protocol in the service field. A record with a "SIPS+D2U"
service field SHOULD NOT be placed into the DNS, since it is not
possible to use TLS over UDP.
It is not necessary for the domain suffixes in the NAPTR replacement
field to match the domain of the original query (i.e., example.com
above). However, for backwards compatibility with RFC 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop), a domain
MUST maintain SRV records for the domain of the original query, even
if the NAPTR record is in a different domain. As an example, even
though the SRV record for TCP is _sip._tcp.school.edu, there MUST
also be an SRV record at _sip._tcp.example.com.
RFC 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop) will look up the SRV records for the domain directly. If
these do not exist because the NAPTR replacement points to a
different domain, the client will fail.
For NAPTR records with SIPS protocol fields, (if the server is using
a site certificate), the domain name in the query and the domain name
in the replacement field MUST both be valid based on the site
certificate handed out by the server in the TLS exchange. Similarly,
the domain name in the SRV query and the domain name in the target in
the SRV record MUST both be valid based on the same site certificate.
Otherwise, an attacker could modify the DNS records to contain
replacement values in a different domain, and the client could not
validate that this was the desired behavior or the result of an
attack.
If no NAPTR records are found, the client constructs SRV queries for
those transport protocols it supports, and does a query for each.
Queries are done using the service identifier "_sip" for SIP URIs and
"_sips" for SIPS URIs. A particular transport is supported if the
query is successful. The client MAY use any transport protocol it
desires which is supported by the server.
This is a change from RFC 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop). It specified that a client would
lookup SRV records for all transports it supported, and merge the
priority values across those records. Then, it would choose the
most preferred record.
If no SRV records are found, the client SHOULD use TCP for a SIPS
URI, and UDP for a SIP URI. However, another transport protocol,
such as TCP, MAY be used if the guidelines of SIP mandate it for this
particular request. That is the case, for example, for requests that
exceed the path MTU.
Once the transport protocol has been determined, the next step is to
determine the IP address and port.
If TARGET is a numeric IP address, the client uses that address. If
the URI also contains a port, it uses that port. If no port is
specified, it uses the default port for the particular transport
protocol.
If the TARGET was not a numeric IP address, but a port is present in
the URI, the client performs an A or AAAA record lookup of the domain
name. The result will be a list of IP addresses, each of which can
be contacted at the specific port from the URI and transport protocol
determined previously. The client SHOULD try the first record. If
an attempt should fail, based on the definition of failure in Section
4.3, the next SHOULD be tried, and if that should fail, the next
SHOULD be tried, and so on.
This is a change from RFC 2543(-> 3265prop | 3264prop | 3263prop | 3262prop | 3261prop). Previously, if the port was
explicit, but with a value of 5060, SRV records were used. Now, A
or AAAA records will be used.
If the TARGET was not a numeric IP address, and no port was present
in the URI, the client performs an SRV query on the record returned
from the NAPTR processing of Section 4.1, if such processing was
performed. If it was not, because a transport was specified
explicitly, the client performs an SRV query for that specific
transport, using the service identifier "_sips" for SIPS URIs. For a
SIP URI, if the client wishes to use TLS, it also uses the service
identifier "_sips" for that specific transport, otherwise, it uses
"_sip". If the NAPTR processing was not done because no NAPTR
records were found, but an SRV query for a supported transport
protocol was successful, those SRV records are selected. Irregardless
of how the SRV records were determined, the procedures of RFC 2782prop,
as described in the section titled "Usage rules" are followed,
augmented by the additional procedures of Section 4.3 of this
document.
If no SRV records were found, the client performs an A or AAAA record
lookup of the domain name. The result will be a list of IP
addresses, each of which can be contacted using the transport
protocol determined previously, at the default port for that
transport. Processing then proceeds as described above for an
explicit port once the A or AAAA records have been looked up.
4.3. Details of RFC 2782prop Process
RFC 2782prop spells out the details of how a set of SRV records are
sorted and then tried. However, it only states that the client
should "try to connect to the (protocol, address, service)" without
giving any details on what happens in the event of failure. Those
details are described here for SIP.
For SIP requests, failure occurs if the transaction layer reports a
503 error response or a transport failure of some sort (generally,
due to fatal ICMP errors in UDP or connection failures in TCP).
Failure also occurs if the transaction layer times out without ever
having received any response, provisional or final (i.e., timer B or
timer F in RFC 3261prop [1] fires). If a failure occurs, the client
SHOULD create a new request, which is identical to the previous, but
has a different value of the Via branch ID than the previous (and
therefore constitutes a new SIP transaction). That request is sent
to the next element in the list as specified by RFC 2782prop.
The process of the previous sections is highly stateful. When a
server is contacted successfully, all retransmissions of the request
for the transaction, as well as ACK for a non-2xx final response, and
CANCEL requests for that transaction, MUST go to the same server.
The identity of the successfully contacted server is a form of
transaction state. This presents a challenge for stateless proxies,
which still need to meet the requirement for sending all requests in
the transaction to the same server.
The problem is similar, but different, to the problem of HTTP
transactions within a cookie session getting routed to different
servers based on DNS randomization. There, such distribution is not
a problem. Farms of servers generally have common back-end data
stores, where the session data is stored. Whenever a server in the
farm receives an HTTP request, it takes the session identifier, if
present, and extracts the needed state to process the request. A
request without a session identifier creates a new one. The problem
with stateless proxies is at a lower layer; it is retransmitted
requests within a transaction that are being potentially spread
across servers. Since none of these retransmissions carries a
"session identifier" (a complete dialog identifier in SIP terms), a
new dialog would be created identically at each server. This could,
for example result in multiple phone calls to be made to the same
phone. Therefore, it is critical to prevent such a thing from
happening in the first place.
The requirement is not difficult to meet in the simple case where
there were no failures when attempting to contact a server. Whenever
the stateless proxy receives the request, it performs the appropriate
DNS queries as described above. However, the procedures of RFC 2782prop
are not guaranteed to be deterministic. This is because records that
contain the same priority have no specified order. The stateless
proxy MUST define a deterministic order to the records in that case,
using any algorithm at its disposal. One suggestion is to
alphabetize them, or, more generally, sort them by ASCII-compatible
encoding. To make processing easier for stateless proxies, it is
RECOMMENDED that domain administrators make the weights of SRV
records with equal priority different (for example, using weights of
1000 and 1001 if two servers are equivalent, rather than assigning
both a weight of 1000), and similarly for NAPTR records. If the
first server is contacted successfully, the proxy can remain
stateless. However, if the first server is not contacted
successfully, and a subsequent server is, the proxy cannot remain
stateless for this transaction. If it were stateless, a
retransmission could very well go to a different server if the failed
one recovers between retransmissions. As such, whenever a proxy does
not successfully contact the first server, it SHOULD act as a
stateful proxy.
Unfortunately, it is still possible for a stateless proxy to deliver
retransmissions to different servers, even if it follows the
recommendations above. This can happen if the DNS TTLs expire in the
middle of a transaction, and the entries had changed. This is
unavoidable. Network implementors should be aware of this
limitation, and not use stateless proxies that access DNS if this
error is deemed critical.
