Pierre-Olivier Mercier
5ccdd8892f
Add individual reference pages for all domain health checkers (EN/FR), update the homepage feature descriptions in both languages to highlight monitoring, notifications, and domain availability checks.
3.5 KiB
| date | author | title | description | weight |
|---|---|---|---|---|
| 2026-06-11T09:00:00+02:00 | nemunaire | SIP | Probes a domain's SIP/VoIP deployment end-to-end: RFC 3263 NAPTR/SRV resolution, endpoint reachability over UDP/TCP/TLS, and a SIP OPTIONS ping with capability inspection. | 270 |
The SIP checker probes a domain's SIP/VoIP deployment from its DNS records, following RFC 3263 resolution: NAPTR → SRV (_sip._udp, _sip._tcp, _sips._tcp) → A/AAAA. It tests reachability on every resolved target:port over UDP, TCP and TLS, then sends a raw SIP OPTIONS ping and inspects the reply (status line, Server/User-Agent, advertised Allow methods, round-trip time).
This checker is service-level: it targets a SIP service (abstract.SIP) published on a subdomain and is configured from that service's own Checks tab. When no SRV record is published, the checker falls back to <domain>:5060 / <domain>:5061, with a visible info marker in the report.
{{% notice style="info" title="TLS posture is folded in, not duplicated" %}}
For the TLS handshake the checker uses InsecureSkipVerify: it confirms only that a TLS session can be established. Every _sips._tcp target is published as a tls.endpoint.v1 discovery entry so the dedicated TLS checker can verify the certificate chain, hostname match, expiry and cipher posture. Those findings are folded back onto the SIP service page through the sip.tls_quality rule. See {{< relref "/reference/checkers/tls" >}}.
{{% /notice %}}
What it checks
| Rule | What it verifies | Severity |
|---|---|---|
sip.srv_present |
_sip._udp / _sip._tcp / _sips._tcp SRV records are published and resolvable. |
Critical |
sip.transport_diversity |
Modern SIP transports (TCP, and ideally TLS) are published alongside legacy UDP. | Warning |
sip.srv_targets_resolvable |
Every SRV target resolves to at least one A or AAAA address. | Critical |
sip.endpoint_reachable |
Every discovered SIP endpoint accepts a connection on its transport. | Critical |
sip.options_response |
Every reachable SIP endpoint answers OPTIONS with a 2xx response. |
Critical |
sip.options_capabilities |
Reviews the Allow header advertised in OPTIONS replies (INVITE support, presence of Allow). |
Warning |
sip.ipv6_coverage |
At least one SIP endpoint is reachable over IPv6. | Info |
sip.tls_quality |
Folds the downstream TLS checker findings (chain, hostname match, expiry) onto the SIP service. | Critical |
The checker performs, in order: the NAPTR lookup (SIP+D2U, SIP+D2T, SIPS+D2T), the SRV lookup for the three transports (with the 5060/5061 fallback), A/AAAA resolution of every SRV target, TCP connect / UDP send / TLS handshake, and the SIP OPTIONS request with its status, headers and Allow parsed.
Options
| Option | Meaning | Default |
|---|---|---|
| SIP domain | The domain to test (auto-filled from the service scope). Required. | (auto) |
| Per-endpoint timeout (seconds) | Probe timeout for each endpoint. | 5 |
Probe _sip._udp |
Whether to probe the UDP transport. Disable if UDP is firewalled or the checker host cannot send UDP. | true |
Probe _sip._tcp |
Whether to probe the TCP transport. | true |
Probe _sips._tcp (TLS) |
Whether to probe the TLS transport. | true |
In happyDomain
Enable the SIP checker from the Checks tab of a SIP service. The domain is filled in automatically. See {{< relref "/pages/checks" >}} for the full workflow, and {{< relref "/reference/checkers/tls" >}} for the certificate posture of the _sips._tcp endpoints.