PDA

View Full Version : Step by step tutorial on Wide Area Bonjour




jw2002
Mar 7, 2010, 03:21 PM
Is anyone aware of a step by step tutorial on setting up and using Wide Area Bonjour? I have two subnets and unfortunately they can't see each others machines since mDns can't cross subnets. So I went into Snow Leopard Server and activated Wide Area Bonjour Browsing by following to the letter what the Snow Leopard Network Admin manual says to do. I clicked to enable and named the browsing subdomain "bonjour.example.com." (but used my own domain name in place of example). However, services from one subnet still aren't showing up in the Shared pane of the Finder window of a client on the other subnet. Yes, a little earth icon called "example.com" does show up, containing an icon called "bonjour", but it contains nothing. I also went in to the Sharing on each client mac and clicked on edit, checked "used dynamic global hostname", and checked "advertise using bonjour", but the hosts still aren't showing up on clients on the other subnet. So obviously I am missing some major step.

I'm also wondering if Wide Area Bonjour is even worth the hassle. Maybe it would be easier to just enable multicast routing of the mDNS packets between the subnets and be done with it. It's not like I need Wide Area Bonjour for any fancy reason such as connecting subnets on different continents. It's more a consequence of the inability of OS X to truly bridge network interfaces into a single subnet.



calderone
Mar 7, 2010, 04:35 PM
This should help:
http://www.afp548.com/article.php?story=20090205204942121

andrewtj
Mar 7, 2010, 06:38 PM
Assuming your two subnets are private, Wide-Area Bonjour isn't a good fit. Hosts will only create the appropriate DNS records if they can determine that they have either a world-routeable address or the ability to setup port-forwards via NAT-PMP/uPNP for the services they advertise.

If you can, just enable multicast traffic for 224.0.0.251:5353 between the subnets.

jw2002
Mar 8, 2010, 01:44 PM
Thanks for the link above. I had read that material already, and it was actually what made me question if wide area bonjour is worth the hassle. And thanks for the suggestion to just enable multicast traffic between the two subnets. I will definitely explore that avenue. i'm wondering if this can be achieved by as simply as adding an appropriate "ipfw fwd" rule...

andrewtj
Mar 9, 2010, 07:10 PM
i'm wondering if this can be achieved by as simply as adding an appropriate "ipfw fwd" rule...

I will give you a definite maybe ;)

You may have better luck getting an answer to this over on ServerFault.com (http://serverfault.com/)

macdroid
May 24, 2011, 08:45 PM
Did you ever figure this out? I hate to dig up an old thread, but I support recycling ;)

I just purchased a Canon MX870 printer, and have it connected to my network using the wired Ethernet interface. However, my MBP is usually on my wireless network, which is a separate network segment. Both segments are connected to my main firewall (m0n0wall) which has 3 interfaces, 1 for WAN, 1 for WiFi, and 1 for LAN.

When I plug the laptop in, I can access the scanner/printer services, but when I go back to wifi, I lose this ability. Has anyone figured out an easy way to deal with this? I would like to keep my wired and wireless networks separate.

jw2002
Jul 27, 2011, 02:32 PM
Nope, never got it to work. Apple's documentation on getting DNS to work is the absolute pits.

However, now I have an even simpler application of wide area bonjour that is also not working. When I VPN my iPad into my local network from out in the field, I would like it to be able to see the other hosts. I think I've done all the right stuff like setting up dynamic global hostnames on the computers that will advertise their availability. In addition, I turn on wide area bonjour in the DNS section of Lion Server. However, the dynamic global hostname isn't managing to propagate anywhere, not even on the local subnet, not even on the server itself. This stuff shouldn't be this hard to configure. What a headache! And this is like the simplest possible and most popular application of wide area bonjour: make mobile devices aware of the other resources such as screen sharing, iCal synchronization, etc.

andrewtj
Jul 27, 2011, 11:24 PM
Wide-Area Bonjour is designed to work with clients which have public IP addresses or private IP addresses and NAT-PMP or uPNP available, ie: it's for sharing services over the internet. It's not going to work with private addresses (over a VPN or otherwise) unless you hack mDNSResponder to ignore the address registration check.

If there's interest I might write something to register services advertised on the local network with a DNS server - would anyone be interested in this? (This would let remote VPN clients see services, but not vice-versa.)

dpad
Aug 8, 2011, 04:09 PM
Wide-Area Bonjour is designed to work with clients which have public IP addresses or private IP addresses and NAT-PMP or uPNP available, ie: it's for sharing services over the internet. It's not going to work with private addresses (over a VPN or otherwise) unless you hack mDNSResponder to ignore the address registration check.

If there's interest I might write something to register services advertised on the local network with a DNS server - would anyone be interested in this? (This would let remote VPN clients see services, but not vice-versa.)

That would be remarkably useful.

DarthNooR
Aug 22, 2011, 02:48 PM
That would be remarkably useful.

I second that!

lws
Jan 21, 2012, 04:21 AM
If there's interest I might write something to register services advertised on the local network with a DNS server - would anyone be interested in this? (This would let remote VPN clients see services, but not vice-versa.)

Yes, please. And then setup a donation address!

peterjhill
Jan 30, 2012, 11:40 AM
saw this post when researching an answer for a question on macenterprise.org

Here is my reply:

Hopefully I can help, happy to answer any networking questions. I am a Networking guy.

mdns uses link local multicast ip addresses. 224.0.0.251 http://en.wikipedia.org/wiki/Multicast_DNS

according to RFC 3171, that range of addresses is reserved for "Local Network Control Block"
http://tools.ietf.org/html/rfc3171 Routers are not allowed to forward these packets between subnets.

Bonjour does support DNS Update http://www.ietf.org/rfc/rfc2136.txt which allows servers to register their services to normal DNS servers. This allows clients to query DNS for services (eg. what are all the ipad compatible print servers?)

Here are the docs on how to set up your unicast DNS server to support Bonjour across subnets: http://www.dns-sd.org/ServerSetup.html
Basically you will set up a dns zone file reserved for dns-sd. For example, macenterprise.local. Your print servers, workgroup manager clients, etc, will not only respond to mdns queries for their service, but also publish to the macenterprise.local DNS server those same services.

On the client side, you set up your clients to query the dns-sd zone, add it to the list of search domains (system preferences -> network -> advanced -> dns).

Now, when your ipad wants to print, it will send out the normal link local multicast packet to 224.0.0.251 port 5353, and it will send out a normal unicast dns query to the name server (NS) for all the configured domains in its search domains (including macenterprise.local). The client will get back available responses from both queries and show them all to the user.

You could get your DNS admin to do the magic on the normal organization DNS server or you could set up a mac server and request that your DNS admins set up an NS record for your mdns domain to point to your mac server. It depends on how much they want to help you. At the very least, if a different group manages your dns servers and they are reluctant to help you, they should have no problems creating an NS record and putting the burden of support on you.

I found a good description of client set up here: http://dyn.com/support/bonjour-and-dns-discovery/

wedebugyou
Jan 3, 2013, 04:20 AM
DNS records are hard to configure and difficult to maintain for the wide area bonjour. You will need to add one every time you add a new service.

Try using a "bridge" vpn instead. Here is a guide on how to do it (http://www.wedebugyou.com/2013/01/how-to-use-bonjour-over-vpn/).

Cheers

John

bathurstguy
Feb 13, 2013, 05:16 AM
Just in case anyone in the future is wanting to set up bonjour across subsets using Microsoft DNS, here is a link to a great step-by-step article:
http://sybaspot.com/configuring-dns-to-share-bonjour-printers-across-subnets-and-vlans-including-airprint-for-ios/

Les Kern
Feb 14, 2013, 06:17 AM
Also, know Bonjour will not pass between different VLANs.

assembled
Feb 15, 2013, 05:33 AM
Also, know Bonjour will not pass between different VLANs.

I think you mean L2 broadcast domain.

I'm looking right now at a L2 network broadcast domain that covers 8 physical sites and is on 4 different VLAN IDs depending on which site it is on.

Aerohive have a Bonjour Gateway...