VoIPowering Your Office: Recovering SipX Passwords and DNS Done Right

Last week we downloaded and installed SipX, and logged into both the Web interface and the Linux command shell. Today we’ll learn how to recover lost passwords, and then spend some quality time getting DNS (Domain Name Services) done right. DNS mistakes are among the most common problems SipX admins trip over, so we’re aiming to eliminate the trip hazards.

Important post-installation step
The fine folks at Pingtel reminded me of an important step to take immediately
after installing your SipX server. Once your SipX server has Internet access,
you should run this command:

[[email protected] ~]# yum update

This could take a while, as it updates all the software on your system.
When it’s finished downloading all the updated packages, Yum will ask for permssion
to download GPG keys. Say yes. It’s not necessary to reboot, but you should, especially
if it upgrades the kernel, PAM, or glibc.

Help, I lost my passwords!
You have two important passwords to track on SipX: the system root password
on the server, and the “superadmin” user for the Web interface. However, if
you should happen to lose either of these, in actual fact it’s not such a big
deal, for they are easy to recover.

If you lose your Linux root password, one easy way to reset it is to boot
your SipX server with a Linux rescue CD, such as Knoppix, the Ubuntu liveCD,
or any Linux distribution that you like that has a liveCD edition. Then mount
SipX’s root filesystem as read/write. Knoppix makes this as easy as clicking
on an icon to mount the filesystem, then right-click the icon and set it as
read/write. Other Linuxes do this in different ways.

However you get there, your goal is to use an external device to mount the SipX root filesystem so you can edit the /etc/shadow file. The root entry looks like this:


Delete everything between the first two colons, so it looks like this:


Save your changes and boot up SipX. Now you have no root password at all, so you must be sure to create one immediately.

If you forget your “superadmin” password for the Web interface, there is a special command to reset it. Log in as root on the server and run this command:

[[email protected] ~]# sipxconfig.sh --database reset-superadmin

This deletes the password. Go to a neighboring PC to bring up the Web interface,
then log in without a password, or PIN as the login page says. Then hie thee forthwith
to the Users tab to set a new password.

You should practice using a Linux rescue CD—it’s an essential part of any network or system administrator’s toolkit. Bootable USB sticks are equally essential in these here modern times, and you will find many Linux distributions designed for these.

Important moral
Yes, there is a moral here: she who has physical access to the box owns it. Physical locks work wonders.

Configuring DNS
It’s important to get the DNS configuration for your SipX server correct from
the start, because going back and reconfiguring phones and other devices that
connect to your server is not at all fun. We’re going to use SRV records in
our DNS configuration, for two reasons: to show how awesomely cool we are, and
because it prevents headaches with client configurations. Using SRV records
means that clients don’t need to know the server’s hostname. When you don’t
use SRV records, a SIP endpoint needs a URI (Uniform Resource Identifier) that
looks like this, including the server hostname:

sip:[email protected]

Using SRV records means the client only needs to know the domain name:

sip:[email protected]

Feel the freedom? Now you don’t have to worry about silly stuff like re-configuring masses of SIP phones when you make a server change, or drive yourself nuts managing multiple servers.

This example shows how to run the BIND DNS server on the SipX server. You can do this even if you already have another DNS server running. After setting up DNS on SipX, all you have to do is add a delegation in your main DNS server pointing to the SipX DNS server.

The SipX installer writes out an incredibly useful log file at /var/log/sipxpbx/setup.log.
This shows exactly which configuration files it wrote to and what entries it
made. Even more helpfully, it writes out a complete BIND configuration that
you can copy and paste. (The easy way is to enable it at installation. But I
didn’t do this last week, so here we are.)

Copy these three files from /var/log/sipxpbx/setup.log into their correct locations:


Of course, they will have your domain name and network, so you can copy them exactly. Then run chkconfig to start BIND at boot:

[[email protected] ~]# chkconfig named --add 
[[email protected] ~]# chkconfig named on 

You can verify that the startup files were created with this command:

[[email protected] ~]# for i in  1 2 3 4 5 6; do ls /etc/rc.d/rc$i.d/*named*; done

Now start up BIND:

[[email protected] ~]# /etc/init.d/named start

And run the dig command to verify that it works:

[[email protected] ~]$ dig -t SRV _sip._udp.alrac.net
[[email protected] ~]$ dig -t A sipx.alrac.net

Among other data, you should see lines like these:

_sip._udp.alrac.net. 3600  IN  SRV  10 100 5060 sipx.alrac.net.
sipx.alrac.net.   3600  IN    A

Now add a couple of lines like this to your main BIND DNS server, to create a delegation pointing to your SipX sub-domain:

sipx.alrac.net.  IN  NS  sipx.alrac.net.
sipx.alrac.net.   IN  A

You may also add the appropriate records directly to your main DNS server instead of running a separate one on the SipX server. See DNS Configuration for instructions on doing this, and for more examples on testing your configuration.

Installing SipX
DNS Configuration for SipX

Latest Articles

Follow Us On Social Media

Explore More