Pierre-Olivier Mercier
5ccdd8892f
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Add individual reference pages for all domain health checkers (EN/FR), update the homepage feature descriptions in both languages to highlight monitoring, notifications, and domain availability checks.
44 lines
3.5 KiB
Markdown
44 lines
3.5 KiB
Markdown
---
|
|
date: 2026-06-11T09:00:00+02:00
|
|
author: nemunaire
|
|
title: SIP
|
|
description: "Probes a domain's SIP/VoIP deployment end-to-end: RFC 3263 NAPTR/SRV resolution, endpoint reachability over UDP/TCP/TLS, and a SIP OPTIONS ping with capability inspection."
|
|
weight: 270
|
|
---
|
|
|
|
The **SIP** checker probes a domain's SIP/VoIP deployment from its DNS records, following RFC 3263 resolution: NAPTR → SRV (`_sip._udp`, `_sip._tcp`, `_sips._tcp`) → A/AAAA. It tests reachability on every resolved `target:port` over UDP, TCP and TLS, then sends a raw SIP `OPTIONS` ping and inspects the reply (status line, `Server`/`User-Agent`, advertised `Allow` methods, round-trip time).
|
|
|
|
This checker is **service-level**: it targets a *SIP* service (`abstract.SIP`) published on a subdomain and is configured from that service's own **Checks** tab. When no SRV record is published, the checker falls back to `<domain>:5060` / `<domain>:5061`, with a visible info marker in the report.
|
|
|
|
{{% notice style="info" title="TLS posture is folded in, not duplicated" %}}
|
|
For the TLS handshake the checker uses `InsecureSkipVerify`: it confirms only that a TLS session can be established. Every `_sips._tcp` target is published as a `tls.endpoint.v1` discovery entry so the dedicated TLS checker can verify the certificate chain, hostname match, expiry and cipher posture. Those findings are folded back onto the SIP service page through the `sip.tls_quality` rule. See {{< relref "/reference/checkers/tls" >}}.
|
|
{{% /notice %}}
|
|
|
|
## What it checks
|
|
|
|
| Rule | What it verifies | Severity |
|
|
|---|---|---|
|
|
| `sip.srv_present` | `_sip._udp` / `_sip._tcp` / `_sips._tcp` SRV records are published and resolvable. | Critical |
|
|
| `sip.transport_diversity` | Modern SIP transports (TCP, and ideally TLS) are published alongside legacy UDP. | Warning |
|
|
| `sip.srv_targets_resolvable` | Every SRV target resolves to at least one A or AAAA address. | Critical |
|
|
| `sip.endpoint_reachable` | Every discovered SIP endpoint accepts a connection on its transport. | Critical |
|
|
| `sip.options_response` | Every reachable SIP endpoint answers `OPTIONS` with a 2xx response. | Critical |
|
|
| `sip.options_capabilities` | Reviews the `Allow` header advertised in `OPTIONS` replies (INVITE support, presence of `Allow`). | Warning |
|
|
| `sip.ipv6_coverage` | At least one SIP endpoint is reachable over IPv6. | Info |
|
|
| `sip.tls_quality` | Folds the downstream TLS checker findings (chain, hostname match, expiry) onto the SIP service. | Critical |
|
|
|
|
The checker performs, in order: the NAPTR lookup (`SIP+D2U`, `SIP+D2T`, `SIPS+D2T`), the SRV lookup for the three transports (with the `5060`/`5061` fallback), A/AAAA resolution of every SRV target, TCP connect / UDP send / TLS handshake, and the SIP `OPTIONS` request with its status, headers and `Allow` parsed.
|
|
|
|
## Options
|
|
|
|
| Option | Meaning | Default |
|
|
|---|---|---|
|
|
| SIP domain | The domain to test (auto-filled from the service scope). Required. | *(auto)* |
|
|
| Per-endpoint timeout (seconds) | Probe timeout for each endpoint. | `5` |
|
|
| Probe `_sip._udp` | Whether to probe the UDP transport. Disable if UDP is firewalled or the checker host cannot send UDP. | `true` |
|
|
| Probe `_sip._tcp` | Whether to probe the TCP transport. | `true` |
|
|
| Probe `_sips._tcp` (TLS) | Whether to probe the TLS transport. | `true` |
|
|
|
|
## In happyDomain
|
|
|
|
Enable the SIP checker from the **Checks** tab of a SIP service. The domain is filled in automatically. See {{< relref "/pages/checks" >}} for the full workflow, and {{< relref "/reference/checkers/tls" >}} for the certificate posture of the `_sips._tcp` endpoints.
|