Closed
Bug 1065254
Opened 10 years ago
Closed 10 years ago
Change DNS SRV records for SIP @mozilla.com to point at anonsip.scl3 instead of pbx.mtv2
Categories
(Infrastructure & Operations :: Change Requests, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: justdave, Assigned: justdave)
Details
anonsip1.dmz.scl3 will be ready to handle inbound anonymous SIP traffic as soon as bug 1065249 is resolved to get it an external IP. Filing this now so it can be discussed at CAB on the 10th.
We currently have the following DNS record:
_sip._udp.mozilla.com has SRV record 0 0 5060 pbx.mtv2.mozilla.com.
This instructs SIP clients attempting to place direct point-to-point SIP calls using sip:XXXXX@mozilla.com to send those calls to pbx.mtv2.mozilla.com on port 5060.
bug 1057099 introduces a server in the scl3 datacenter completely dedicated to handling this traffic so we can separate it from the mtv2 phone server. It periodically gets DoSed, and this way it will prevent attacks on it from affecting phone service in Mountain View if the usual safeguards fail to stop the attack.
The change being made by this bug will change the DNS record to read as follows:
_sip._udp.mozilla.com has SRV record 0 0 5060 anonsip.scl3.mozilla.com.
IMPACT
======
Anonymous SIP calls to conference rooms from contributors on the Internet may fail if this service doesn't work.
Dial-by-email to users in Mountain View will no longer work (i.e. sip:justdave@mozilla.com ) since this feature depended on local voicemail configuration which the new server will not have access to. I'm not aware that anyone has actually ever used this feature. We plan to eventually restore (and improve) this feature when bug 679955 is fixed.
ROLLBACK
========
In case any of the tests fail after switching over, the rollback procedure is simply to switch the DNS record back to point at pbx.mtv2.mozilla.com. We plan to allow an hour for resolving problems prior to switching back if there are issues.
REQUESTED DOWNTIME WINDOW
=========================
Would like to do this during the usual HCI Maintenance Window at 6pm pacific Saturday Sept 13.
Flags: cab-review?
Comment 1•10 years ago
|
||
Approved by the CAB for the requested date and time.
Assignee: server-ops → justdave
Flags: cab-review? → cab-review+
Assignee | ||
Comment 2•10 years ago
|
||
DNS change has been made.
In addition I also changed _sip._udp.mozillafoundation.org and deleted _sip._udp.mozilladoundation.net and .com. The latter two were left over from when we were using flat files and all three shared the same zone file. Since nobody has email addresses in those domains, there's no reason for them.
Assignee | ||
Comment 3•10 years ago
|
||
DNS seems to have propagated. None of my clients appear to resolve SRV records so I don't really have a way to test with @mozilla.com. Using @anonsip.scl3.mozilla.com seems to work fine though.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Product: mozilla.org → Infrastructure & Operations
Updated•9 years ago
|
Change Request: --- → approved
Flags: cab-review+
You need to log in
before you can comment on or make changes to this bug.
Description
•