SIP, "Deutsche Telekom" and DNS problems

If you use a telephone system in your green network (unify) with SIP and “Deutsche Telekom” you never should write a Firewall-rule like

Source: green
with use destination NAT (Port Forwarding)
Destination: Firewall
Protocol: 53 DNS

because you will get inexplicable aborts several times a day, but not regularly …

This mistake in our house was very hard to find - until I excluded the telephone system from this rule.

It seems likely to me that the issue you’re experiencing may be related to the VoIP system needing to access a specific DNS server. The current port forwarding rule for port 53 could be causing resolution failures, which in turn lead to intermittent communication issues with your VoIP system.

One way to address this problem is to determine the specific address resolution that is failing and then set up a DNS forwarding rule in IPFire. This rule I think would direct requests for that specific domain to the correct DNS server, bypassing the general rule that forwards all DNS requests to the firewall.

This approach would allow your VoIP system to correctly resolve the necessary addresses and at the same time maintain the DNS redirection rule.


[edit] The post here is wrong. See the following answers as to why that is.[/edit]There seems to be another oddity - at least for me. Your rule has the firewall as the destination. So traffic ends there. If that is correct I wonder what NAT is doing there? Since technically you‘re not leaving your subnet there is no reason to NAT the traffic. If you intend to allow DNS to go outside RED you need to set the destination to ZONE:RED not the firewall interface. But maybe I just misread your config from your description.

@ralph may have been trying to do this:

1 Like

@dal8moc That rule is designed to redirect DNS traffic. Any requests intended for a DNS server (via port 53) are redirected to the Unbound DNS resolver. Unbound then processes these requests and returns the requested information.

1 Like

Ah thanks. I wrongly assumed that NAT isn‘t needed there. And of course I‘ve got the same rule here….without problems with a telekom magenta SIP system (yealink w70b)

1 Like

@… YES - that rule is designed to redirect DNS traffic for all in green (also our UNIFY-System)

In our case with the UNIFY telephone system, I found hints to a solution from users of a 3cx system with the same problem (but without IPFIRE).

I just wanted to point out a possible solution for IPFIRE configuration to the problem “irregularly Interruptions during calls”

1 Like