Wide Area Bonjour

From Exterior Memory
Jump to: navigation, search
This article was written in May 2007. Given the volatile nature of this topic, expect that the content of this article is outdated after about two years time.
This article is unfinished.
In late 2012, the IETF chartered a working group, mdnsext, to standardize wide area service discovery. The following no longer works, and given the effort to create a new standard, I expect it be replaced by something else in the 2013-2014 timeframe. In the mean time, your best bet is to use one of the shareware applications that add wide area support to Bonjour.

In May 2007, I sent a private mail to Marc Manthey, which was republished at http://sourceforge.net/apps/wordpress/opencu/2009/05/25/wide-area-bonjour-server-setup/ in May 2009. Since it is now public, I replicate it here.

This how to was written for Mac OS 10.4, which had no build-in Bonjour preference pane. Since things have changed in the mean time, this may no longer work. Likely, you will have to use the Sharing preference pane, click Edit, and select "Use dynamic global hostname".

Unfortunately, since I haven't been using this since late 2005, I no longer am an expert here. Your best bet is to ask this question on the Bonjour mailing list: http://lists.apple.com/mailman/listinfo/bonjour-dev


I'm sorry -- I do not want to set up your configuration; my time is unfortunately limited, and I prefer not to SSH to other computer (even with permission). I simply do not know the details of the set up you desire, and don't have time to learn. Also, that way you don't learn it yourself.

If it helps, here is my set up goal and configuration.

Set-up goal

I have a laptop, whose IP address changes often. So I want it to be reachable on "mbp-freek.macfreek.nl". To do so, it must be able to sent a messages to my DNS server to update the A record for "mbp-freek.macfreek.nl". Since I don't want any computer in the world to change it, I use a shared secret. My DNS server is mickey.macfreek.nl, or (IPv4) and 2002:9163:9423::1 (IPv6).


I implemented mbp-freek.macfreek.nl as a subdomain of macfreek.nl; that's easier to maintain.

1. First, I need my DNS machine, mickey.macfreek.nl to be the authoritive domain for the mbp-freek.macfreek.nl subdomain. The authorative nameservers for macfreek.nl are:

% host -t NS macfreek.nl
macfreek.nl name server ns3.xel.nl.
macfreek.nl name server ns1.xel.nl.
macfreek.nl name server ns2.xel.nl.

To delegate the mbp-freek.macfreek.nl subdomain to mickey.macfreek.nl, I make sure that the above name server have the following configuration:

mbp-freek               IN      NS              mickey.macfreek.nl.
mickey                  IN      A     
mickey                  IN      AAAA            2002:9163:9423::1

(Feel free to ignore the AAAA record -- that's only important if you care about IPv6).

2. The second step is to configure the mbp-freek.macfreek.nl subdomain at mickey.macfreek.nl. here is the relevant part of my BIND configuration, found in named.conf:

// service discovery domain
zone "mbp-freek.macfreek.nl" {
        type master;
        file "mbp-freek.macfreek.nl.zone";
//      allow-update { any; };
        allow-update { key mbp-freek.macfreek.nl.; };

Note that the "allow-update { any; };" can be useful for testing: it would allow anyone in the world to change the DNS configuration, without a password. That is fine for testing. Obviously, I now commented it out.

I recommend to first set "allow-update { any; };" and later add the key if the basics work fine.

3. As a start, you need to create the zone file ("mbp-freek.macfreek.nl.zone" in my configuration.) Be sure to create it in the correct directory. If you use BIND, it is typically set with "directory "/etc/bind";" or "directory "/var/cache/bind";"

Here is the contents of my zone file:

% cat mbp-freek.macfreek.nl.zone
$TTL 3600       ; 1 hour
mbp-freek.macfreek.nl   IN SOA  mickey.macfreek.nl.
hostmaster.macfreek.nl. (
                                3203       ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                60         ; minimum (1 minute)
                        NS      mickey.macfreek.nl.
$TTL 1  ; 1 second
                        AAAA    2002:3516:3292:1::1
$ORIGIN _dns-sd._udp.mbp-freek.macfreek.nl.
$TTL 3600       ; 1 hour
b                       PTR     mbp-freek.macfreek.nl.
lb                      PTR     mbp-freek.macfreek.nl.
r                       PTR     mbp-freek.macfreek.nl.

Again, create this file with a sensible content. It will be changed on the fly, but a good start helps a lot. Make sure the file and directory are writable by your bind daemon.

4. Now, (re)start your bind server:

# /etc/init.d/bind9 restart

(or whatever you use to restart it)

5. Now I have to configure my laptop to tell mickey.macfreek.nl it's IP address every time that changes. I use the Bonjour preference pane for that. You can download it from http://www.dns-sd.org/ClientSetup.html.

See the attached screenshot bonjour-config.tiff for my set-up. Note that I only filled in the "Hostname" tab with "mbp-freek.macfreek.nl". The other tab are unchecked and empty! Also, note that I did not fill in the name of my DNS server (mickey.macfreek.nl): that is not necessary, since the Bonjour preference pane finds it by simply querying for the NS record of "mbp-freek.macfreek.nl". So for my set-up it really is important that the public reachable DNS server point to my own server, as explained in set 1.

6. Test if it works. Look in the log of your DNS server. Does the IP address gets updated. For example, my BIND log reports:

updating zone: deleting rrset at 'mbp-freek.macfreek.nl' AAAA
updating zone: adding an RR at 'mbp-freek.macfreek.nl' AAAA
updating zone: deleting rrset at 'mbp-freek.macfreek.nl' A
updating zone: adding an RR at 'mbp-freek.macfreek.nl' A
updating zone: deleting an RR

(Note: I trimmed the log lines a bit for readability, and had to increase the log verbosity for them to show up).

7. If it works fine, create a shared secret.

dnssec-keygen -a HMAC-MD5 -b 128 -n host mbp-freek.macfreek.nl.

Copy the key (which looks like "") And add it to your named.conf file:

key mbp-freek.macfreek.nl. {
        algorithm hmac-md5;
        secret "i94NgCObg/1t0NtauLB+QQ==";

Also make sure the key is required to update the zone file:

zone "mbp-freek.macfreek.nl" {
        type master;
        file "mbp-freek.macfreek.nl.zone";
        allow-update { key mbp-freek.macfreek.nl.; };

(remove the "allow-update {any;};" if it's still there. finally, add the key to the Bonjour preference pane. You can do so by clicking the "Password..." button in the "Hostname" tab.

Regards, Freek