How to install BIND, so that SIP extensions continue to work when Internet connectivity is lost

In some versions of Asterisk, if there are one or more SIP trunks configured and Internet connectivity is lost, it becomes impossible to place any SIP call, including calls between SIP extensions that are on the same local network as the Asterisk server (and which therefore should be unaffected by the Internet outage - sadly, that is not the case)! Note that calls using protocols other than SIP (such as IAX2) are unaffected. At least one distribution that includes FreePBX has claimed to resolve this issue with the installation of BIND, a local DNS server, so why not try that on any FreePBX-based distribution?

The following information was extracted from posts in the Elastix Forum created on April 9 and 10, 2009. Credit in particular goes to users mbit and Bob for coming up with this procedure. This assumes that your operating system is CentOS (if not, the yum install commands won't work, but the principle is the same).

Note: There are actually two similar but slightly different methods of doing this - one involves the use of Webmin to configure BIND, and the other does not. Don't mix the two methods, or things may not work as expected. The following instructions do NOT involve Webmin and if you use these, don't attempt to use Webmin to administer BIND (if you DO want to use Webmin, scroll down a bit).

The first step is to install BIND to act as a local DNS cache. From a command prompt in a terminal window, run the following commands:

yum -y install bind
yum -y install bind-utils
yum -y install caching-nameserver

Bob explains that "The last yum actually installs the configs for it to act as a Cache-Name Server. I found no configuration necessary to it to act as a DNS Cache. I confirmed this by checking the Cache Entries to confirm it was indeed caching the entries."

After you do the above, make a backup copy of the file /etc/named.caching-nameserver.conf and then load into a text editor on your Asterisk server. For some reason, attempts to run the BIND server seem to fail if this file has been edited on a different system (probably has to do with differences in line endings and/or the use of tabs or something). Midnight Commander's editor seems to work okay, and I would guess that something like nano does as well. You should see a section that looks like this:

// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on 
// caching-nameserver package upgrade.
//
options {
	listen-on port 53 { 127.0.0.1; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

I know it says not to edit this file, but until someone comes up with a better way to do this (that doesn't add an additional layer of complexity) you may wish to do it do it anyway. Right after the final line in the above section (the memstatistics-file definition line), add a line that looks like this:

        forwarders { 208.67.222.222; 208.67.220.220; };

Note that the semicolons immediately following the each IP address including the final one on the line must be present, in addition to the one at the end of the line! Instead of the IP addresses shown in the above line (which point to OpenDNS), you could enter the IP addresses of one or more reliable DNS servers, such as your ISP's primary and secondary DNS servers, or any other DNS server you find fast and/or reliable. As Bob explains,

Just remember that any time BIND is updated - as could happen if you do you do a general yum update - you might have to go in and re-add the forwarders line (until you do, it will still work, but the lookups may be significantly slower). If you have a better solution to this, please leave a comment!

Next you must start BIND and add it to start on boot, so run the following from the command prompt:

service named start
chkconfig named on

The final step is to get the Asterisk server to go to the local DNS cache rather than directly to an outside DNS. If you are using a distribution such as Elastix that has a page that allows you to manage your network connection, go to that page (in Elastix it's under System | Network | Network Parameters) and change the Primary DNS server to 127.0.0.1 (the local loopback address), and leave the Secondary DNS blank. In a distribution that does not have such a page, you may have to use a text editor to edit the /etc/resolv.conf file, and change the following line to point to 127.0.0.1:

nameserver = 127.0.0.1

To test if it is working, ping a couple of unique sites (ones that have nothing to do with FreePBX or any of your service providers). Then run the following from the command prompt:

rndc dumpdb
less /var/named/data/cache_dump.db

As Bob explains, "rndc creates a text file from the DNS Cache that is held in RAM. When you view the file with less, you should see the DNS entries located in this file that you just pinged."

If things don't seem to be working at this point, try rebooting the system, but don't do that during an Internet outage, for the reason explained below.

If things seem really hosed, try the following:

From the command prompt do service named stop, then yum remove all three of the packages you installed above, in the reverse order that you installed them. Then check to see if the directory /var/named exists, and if it does, remove it (delete the entire named subdirectory including all contents - if the thought of doing that makes you squeamish, temporarily rename it to something else and you can delete it later). Also look in the /etc directory for any files starting with bind, and if you find any either rename them or move them to another directory (such as /tmp) until you complete the next step (then you can safely delete them). Now go back to the top of this page and follow the installation instructions from the beginning. The point of this is to clear out any previous BIND installations and/or configurations and start fresh.

One caveat: Although this will keep you from losing SIP connectivity during an Internet outage, it will only work as long as the system is not rebooted. So if a tree limb falls and takes out both your electricity AND your Internet connection, and the power comes back on first, this won't help - that's because BIND apparently flushes its cache at every startup. In that situation, the only thing you can do is manually disable all outside SIP trunks and restart Asterisk - that SHOULD at least give you local connectivity until your Internet connection is restored.

If you need additional information, or a better explanation of how and why this works, see the original message thread referenced in the second paragraph of this article.

What if I really want to use Webmin?

If you really want to use Webmin to administer BIND, follow the above installation instructions, except do NOT do the yum -y install caching-nameserver, and don't make any edits to the file /etc/named.caching-nameserver.conf. Then do this:

Log in to Webmin and click on Servers, and then click on BIND DNS Server (if you don't find this under Servers, it may be under Un-used Modules - in that case you probably need to "Refresh Modules" in Webmin).

The first time you enter the BIND DNS Server module, it should present you with some options on how to run the DNS server. Accept the default (you want it to be your primary DNS server on the box) and continue.

The main BIND DNS Server page in Webmin will have many options, but the only one you need to worry about is Other DNS Servers. Click on that and on the next page enter just the IP addresses of one or more reliable DNS servers. Don't change any of the other settings. You could use your ISP's primary and secondary DNS servers, or you could go to any other server you find reliable. If you're unsure of what to use, try OpenDNS at addresses 208.67.222.222 and 208.67.220.220. It might be a good idea to point at DNS services from multiple sources (such as your ISP AND OpenDNS) so that if one goes down (and you still have Internet connectivity) you will still be able to do DNS lookups from the other.

Note that using Webmin to administer BIND and installing caching-nameserver are probably incompatible - they are both trying to do the same thing in different ways, so don't do that.