Step by step tutorial on Wide Area Bonjour

Discussion in 'Mac OS X Server, Xserve, and Networking' started by jw2002, Mar 7, 2010.

  1. jw2002 macrumors 6502

    Feb 23, 2008
    Is anyone aware of a step by step tutorial on setting up and using Wide Area Bonjour? I have two subnets and unfortunately they can't see each others machines since mDns can't cross subnets. So I went into Snow Leopard Server and activated Wide Area Bonjour Browsing by following to the letter what the Snow Leopard Network Admin manual says to do. I clicked to enable and named the browsing subdomain "" (but used my own domain name in place of example). However, services from one subnet still aren't showing up in the Shared pane of the Finder window of a client on the other subnet. Yes, a little earth icon called "" does show up, containing an icon called "bonjour", but it contains nothing. I also went in to the Sharing on each client mac and clicked on edit, checked "used dynamic global hostname", and checked "advertise using bonjour", but the hosts still aren't showing up on clients on the other subnet. So obviously I am missing some major step.

    I'm also wondering if Wide Area Bonjour is even worth the hassle. Maybe it would be easier to just enable multicast routing of the mDNS packets between the subnets and be done with it. It's not like I need Wide Area Bonjour for any fancy reason such as connecting subnets on different continents. It's more a consequence of the inability of OS X to truly bridge network interfaces into a single subnet.
  2. andrewtj macrumors newbie

    Aug 13, 2009
    Assuming your two subnets are private, Wide-Area Bonjour isn't a good fit. Hosts will only create the appropriate DNS records if they can determine that they have either a world-routeable address or the ability to setup port-forwards via NAT-PMP/uPNP for the services they advertise.

    If you can, just enable multicast traffic for between the subnets.
  3. jw2002 thread starter macrumors 6502

    Feb 23, 2008
    Thanks for the link above. I had read that material already, and it was actually what made me question if wide area bonjour is worth the hassle. And thanks for the suggestion to just enable multicast traffic between the two subnets. I will definitely explore that avenue. i'm wondering if this can be achieved by as simply as adding an appropriate "ipfw fwd" rule...
  4. andrewtj macrumors newbie

    Aug 13, 2009
    I will give you a definite maybe ;)

    You may have better luck getting an answer to this over on
  5. macdroid macrumors member

    Mar 3, 2011
    Did you ever figure this out? I hate to dig up an old thread, but I support recycling ;)

    I just purchased a Canon MX870 printer, and have it connected to my network using the wired Ethernet interface. However, my MBP is usually on my wireless network, which is a separate network segment. Both segments are connected to my main firewall (m0n0wall) which has 3 interfaces, 1 for WAN, 1 for WiFi, and 1 for LAN.

    When I plug the laptop in, I can access the scanner/printer services, but when I go back to wifi, I lose this ability. Has anyone figured out an easy way to deal with this? I would like to keep my wired and wireless networks separate.
  6. jw2002 thread starter macrumors 6502

    Feb 23, 2008
    Nope, never got it to work. Apple's documentation on getting DNS to work is the absolute pits.

    However, now I have an even simpler application of wide area bonjour that is also not working. When I VPN my iPad into my local network from out in the field, I would like it to be able to see the other hosts. I think I've done all the right stuff like setting up dynamic global hostnames on the computers that will advertise their availability. In addition, I turn on wide area bonjour in the DNS section of Lion Server. However, the dynamic global hostname isn't managing to propagate anywhere, not even on the local subnet, not even on the server itself. This stuff shouldn't be this hard to configure. What a headache! And this is like the simplest possible and most popular application of wide area bonjour: make mobile devices aware of the other resources such as screen sharing, iCal synchronization, etc.
  7. andrewtj macrumors newbie

    Aug 13, 2009
    Wide-Area Bonjour is designed to work with clients which have public IP addresses or private IP addresses and NAT-PMP or uPNP available, ie: it's for sharing services over the internet. It's not going to work with private addresses (over a VPN or otherwise) unless you hack mDNSResponder to ignore the address registration check.

    If there's interest I might write something to register services advertised on the local network with a DNS server - would anyone be interested in this? (This would let remote VPN clients see services, but not vice-versa.)
  8. dpad macrumors newbie

    Nov 6, 2010
    That would be remarkably useful.
  9. DarthNooR macrumors newbie

    Jan 11, 2004
    I second that!
  10. lws macrumors newbie

    May 14, 2008
    Yes, please. And then setup a donation address!
  11. peterjhill macrumors 65816


    Apr 25, 2002
    Seattle, WA
    mdns and dns-sd

    saw this post when researching an answer for a question on

    Here is my reply:

    Hopefully I can help, happy to answer any networking questions. I am a Networking guy.

    mdns uses link local multicast ip addresses.

    according to RFC 3171, that range of addresses is reserved for "Local Network Control Block" Routers are not allowed to forward these packets between subnets.

    Bonjour does support DNS Update which allows servers to register their services to normal DNS servers. This allows clients to query DNS for services (eg. what are all the ipad compatible print servers?)

    Here are the docs on how to set up your unicast DNS server to support Bonjour across subnets:
    Basically you will set up a dns zone file reserved for dns-sd. For example, macenterprise.local. Your print servers, workgroup manager clients, etc, will not only respond to mdns queries for their service, but also publish to the macenterprise.local DNS server those same services.

    On the client side, you set up your clients to query the dns-sd zone, add it to the list of search domains (system preferences -> network -> advanced -> dns).

    Now, when your ipad wants to print, it will send out the normal link local multicast packet to port 5353, and it will send out a normal unicast dns query to the name server (NS) for all the configured domains in its search domains (including macenterprise.local). The client will get back available responses from both queries and show them all to the user.

    You could get your DNS admin to do the magic on the normal organization DNS server or you could set up a mac server and request that your DNS admins set up an NS record for your mdns domain to point to your mac server. It depends on how much they want to help you. At the very least, if a different group manages your dns servers and they are reluctant to help you, they should have no problems creating an NS record and putting the burden of support on you.

    I found a good description of client set up here:
  12. wedebugyou macrumors newbie

    Sep 21, 2012
    Forget about wide area bonjour

    DNS records are hard to configure and difficult to maintain for the wide area bonjour. You will need to add one every time you add a new service.

    Try using a "bridge" vpn instead. Here is a guide on how to do it.


  13. bathurstguy macrumors newbie

    Jan 30, 2009
  14. Les Kern macrumors 68040

    Les Kern

    Apr 26, 2002
    Also, know Bonjour will not pass between different VLANs.
  15. assembled macrumors regular

    Jan 12, 2009
    I think you mean L2 broadcast domain.

    I'm looking right now at a L2 network broadcast domain that covers 8 physical sites and is on 4 different VLAN IDs depending on which site it is on.

    Aerohive have a Bonjour Gateway...

Share This Page