Deploy360 19 November 2013

New Kamailio DNSSEC Module Enables Higher Security For SIP / VoIP

By Dan YorkSenior Advisor

Kamailio LogoIf you are using voice-over-IP (VoIP), and specifically the Session Initiation Protocol (SIP), how do you know if you are really connecting to the correct SIP server when you make a connection?  When you call someone, your SIP server needs to make a connection to the SIP server for the recipient – how is it sure it is reaching the correct server?

As I’ve talked about and written about in the past, one way to help with this is to use DNSSEC to validate that the information received by the SIP server from DNS is in fact accurate.  While DNSSEC support in VoIP systems has been somewhat limited to date, the great Kamailio team has added a module that provides DNSSEC support.  It will be included in the forthcoming Kamailio 4.1 release (whose development was recently frozen, so it should be available soon), but in the meantime it can be added to Kamailio installations using this tutorial:

http://www.kamailio.org/wiki/tutorials/dns/dnssec

The actual module itself can be found at:

http://kamailio.org/docs/modules/devel/modules/dnssec.html

This kind of support for DNSSEC within VoIP is great to see and will lead to more secure communications over IP in the future.  Plus, getting this kind of DNSSEC support out there now will lay the groundwork for potentially using DANE in the future to secure the certificates used in VoIP communications.

Congrats to the Kamailio team and we look forward to learning more about people using this module in the future!

P.S. See our DNSSEC and DNSSEC Basics pages to learn more about how you can get started with DNSSEC.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...