Difference between revisions of "Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Zeroconf Networking"

From bering-uClibc
Jump to: navigation, search
(Expanded reference to "The Definitive Guide", added section on Testing and Diagnosis Tools and added note regarding Avahi.)
(Implementing mDNS using Avahi)
 
(4 intermediate revisions by one other user not shown)
Line 2: Line 2:
 
! colspan="3" align="center" | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Zeroconf Networking|Advanced Topics - Setting Up Zeroconf Networking]]
 
! colspan="3" align="center" | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Zeroconf Networking|Advanced Topics - Setting Up Zeroconf Networking]]
 
|-
 
|-
| width="20%" align="left"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a File Server|Prev]]
+
| width="20%" align="left"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a Network Emulator|Prev]]
 
! width="60%" align="center" | [[Bering-uClibc 4.x - User Guide]]
 
! width="60%" align="center" | [[Bering-uClibc 4.x - User Guide]]
 
| width="20%" align="right"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|Next]]
 
| width="20%" align="right"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|Next]]
Line 15: Line 15:
 
For information about configuring [[Bering-uClibc 4.x]] for UPnP refer to [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|the next section of this user guide]].
 
For information about configuring [[Bering-uClibc 4.x]] for UPnP refer to [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|the next section of this user guide]].
  
This topic can be confusing because a lot of different names are used to refer to the same or similar things:
+
Zeroconf can be confusing because a lot of different names are used to refer to the same or related things:
 
* '''Bonjour''', previously known as Rendezvous, is Apple's implementation of Zeroconf.
 
* '''Bonjour''', previously known as Rendezvous, is Apple's implementation of Zeroconf.
 
* '''Avahi''' is an alternative implementation of Zeroconf for Linux and BSD.
 
* '''Avahi''' is an alternative implementation of Zeroconf for Linux and BSD.
* '''mDNS''' or [http://multicastdns.org/ Multicast DNS] is one of the technologies used for Zeroconf.
+
* '''mDNS''' or [http://multicastdns.org/ Multicast DNS] is technology used for Zeroconf where regular (Unicast) DNS services are not available.
* '''DNS-SD''' or [http://dns-sd.org/ DNS Service Discovery] is another of the technologies used for Zeroconf.
+
* '''DNS-SD''' or [http://dns-sd.org/ DNS Service Discovery] is technology used for Zeroconf where Unicast DNS services ''are'' available.
 +
* '''IPv4LL''' or IPv4 Link-Local Addressing (those 169.254.0.0/16 addresses you sometimes see when DHCP is not working properly) can be used to support mDNS.
 +
* '''NAT-PMP''' or NAT Port Mapping Protocol can help to reduce the impact of a NAT router between a host and the Internet.
  
  
Line 91: Line 93:
 
* Default Register domain: PTR dr._dns-sd._udp.private.network
 
* Default Register domain: PTR dr._dns-sd._udp.private.network
  
 +
 +
==Implementing mDNS using Avahi==
 +
Some applications / devices only support mDNS, to query the <tt>.local</tt> DNS domain, and do not support full DNS-SD. For these an mDNS implementation like Avahi can be useful.
  
==Implementing mDNS==
+
An implementation of Avahi will be added to the standard [[Bering-uClibc 4.x]] distribution beginning with v4.2.  
TODO Is this relevant for [[Bering-uClibc]]? Should we develop an Avahi package?<br>Some applications / devices only use mDNS, to query the <tt>.local</tt> domain, not full DNS-SD, so something like Avahi would be useful for those. mailto:davidMbrooke@users.sourceforge.net has a prototype implementation of Avahi working as of November 2010.
+
  
 +
===Installing the Packages===
 +
The main Package required is <code class="filename">avahid.lrp</code> which installs the <code class="filename">avahi-daemon</code> executable.
 +
This in turn depends on <code class="filename">libavahi.lrp</code>, <code class="filename">libdaemon.lrp</code> and <code class="filename">libexpat.lrp</code>.
 +
These all need to be added to the <tt>LRP=</tt> line in <code class="filename">leaf.cfg</code>.
  
== Testing and Diagnosis Tools==
+
===Configuring Shorewall===
 +
mDNS operates using UDP port 5353 as the destination for mDNS queries. In principle this can be on top of IPv4, IPv6 or both, though IPv4 is obviously more common at the moment.
 +
Both Shorewall and Shorewall6 have <tt>mDNS</tt> macros defined, which should be used.
 +
 
 +
Entries should therefore be added to the <code class="filename">Shorewall{6}.rules</code> file similar to the following:
 +
mDNS(ACCEPT)        loc        fw
 +
 
 +
==Implementing NAT-PMP==
 +
Network Address Translation - Port Mapping Protocol, described [http://files.dns-sd.org/draft-cheshire-nat-pmp.txt here], is the component of Zeroconf which allows client machines to dynamically create NAT iptables entries so that traffic arriving from the External network (e.g. the Internet) is automatically forwarded to a client on the Internal network.
 +
This can be useful for applications like BitTorrent clients which need to accept traffic from the External network.
 +
 
 +
'''Warning:''' While NAT-PMP can be useful, it also permits a rogue client or application on the internal network to compromise the security of the whole network. It should only be used when the implications of the possible security vulnerabilities are understood.
 +
 
 +
===NAT-PMP Software Candidates===
 +
There are two main candidate software packages for implementing NAT-PMP functionality on Linux:
 +
* [http://tedp.id.au/stallone/ Stallone], a small, secure, standalone NAT-PMP demon
 +
* [http://miniupnp.free.fr/ MiniUPnPd] which implements NAT-PMP as well as uPnP
 +
After reviewing both packages, [[User:Davidmbrooke|davidMbrooke]] concluded that Stallone was the better choice for deployment as part of [[Bering-uClibc 4.x]], mainly because it is designed to work alongside Avahi.
 +
 
 +
===Installing the Stallone Package===
 +
The main Package required is <code class="filename">stallone.lrp</code>.
 +
 
 +
===Configuring the Stallone Package===
 +
TODO
 +
 
 +
===Troubleshooting the Stallone Package===
 +
TODO
 +
Check the log messages in <code class="filename">/var/log/debug.log</code>.
 +
 
 +
 
 +
==Testing and Diagnosis Tools==
 
Some systems have a utility called <tt>dns-sd</tt> which can be useful for testing Zeroconf implementations. This is installed as standard on Mac OS X and for other platforms the source code can be downloaded from [http://www.opensource.apple.com/source/mDNSResponder/mDNSResponder-87/Clients/dns-sd.c here].
 
Some systems have a utility called <tt>dns-sd</tt> which can be useful for testing Zeroconf implementations. This is installed as standard on Mac OS X and for other platforms the source code can be downloaded from [http://www.opensource.apple.com/source/mDNSResponder/mDNSResponder-87/Clients/dns-sd.c here].
  
  
 
==Further Reading==
 
==Further Reading==
* ''Zero Configuration Networking: The Definitive Guide'', by Stuart Cheshire and Daniel H. Steinberg. Copyright 2006 O'Reilly Media, Inc., 0-596-10100-7.
+
* ''Zero Configuration Networking: The Definitive Guide'', by Stuart Cheshire and Daniel H. Steinberg. Copyright 2006 O'Reilly Media, Inc. ISBN 0-596-10100-7.
  
  
 
----
 
----
 
{| summary="Navigation footer" width="100%"
 
{| summary="Navigation footer" width="100%"
| width="40%" align="left"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a File Server|Prev]]
+
| width="40%" align="left"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up a Network Emulator|Prev]]
 
| width="20%" align="center" | [[Bering-uClibc 4.x - User Guide - Advanced Topics|Up]]
 
| width="20%" align="center" | [[Bering-uClibc 4.x - User Guide - Advanced Topics|Up]]
 
| width="40%" align="right"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|Next]]
 
| width="40%" align="right"  | [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Universal Plug and Play|Next]]

Latest revision as of 16:54, 20 February 2012

Advanced Topics - Setting Up Zeroconf Networking
Prev Bering-uClibc 4.x - User Guide Next


Introduction

Zero Configuration Networking (or Zeroconf) refers to a set of standards for automatically configuring IP networks and for advertising services available to a particular network domain. Further information is available from the main Zeroconf web site.

Note that the Zeroconf standards are broadly similar to, but different from, the Universal Plug and Play (UPnP) standards which are managed by the UPnP Forum. For information about configuring Bering-uClibc 4.x for UPnP refer to the next section of this user guide.

Zeroconf can be confusing because a lot of different names are used to refer to the same or related things:

  • Bonjour, previously known as Rendezvous, is Apple's implementation of Zeroconf.
  • Avahi is an alternative implementation of Zeroconf for Linux and BSD.
  • mDNS or Multicast DNS is technology used for Zeroconf where regular (Unicast) DNS services are not available.
  • DNS-SD or DNS Service Discovery is technology used for Zeroconf where Unicast DNS services are available.
  • IPv4LL or IPv4 Link-Local Addressing (those 169.254.0.0/16 addresses you sometimes see when DHCP is not working properly) can be used to support mDNS.
  • NAT-PMP or NAT Port Mapping Protocol can help to reduce the impact of a NAT router between a host and the Internet.


Implementing DNS-SD using Dnsmasq

DNS-SD (DNS Service Discovery) is a way of using a standard DNS server to advertise services which are available on a particular LAN or DNS domain. Dnsmasq, the DNS server used for Bering-uClibc 4.x can be configured to advertise such services. While the necessary configuration changes are relatively minor (just a few lines in /etc/dnsmasq.conf the syntax is somewhat cryptic. Most of the examples elsewhere on the Internet are for alternative DNS servers (mainly BIND) rather than Dnsmasq.

Configuring Static DNS-SD

The simplest case of DNS-SD is configuring Dnsmasq to advertise the details for services available on the local LAN. A DNS-SD client sends a number of standard DNS queries to the DNS server specified in its DHCP lease, so by configuring that DNS server (Dnsmasq) we can arrange for a list of services to be advertised.

In this example we advertise the Webconf HTTP service running on the Bering-uClibc 4.x machine itself but it must be emphasized that a service running anywhere on the local network can be advertised instead (or as well).

Service Definition

The first step is to define the service which will be advertised. The service definition is not actually specific to DNS-SD but a DNS SRV record as defined in RFC 2782 is required as the "target" of the DNS-SD configuration.

In summary, the service definition consists of a SRV record which specifies:

  • The service Name, e.g. "Bering-uClibc Webconf"
  • The service Type, e.g. HTTP (actually specified as "_http")
  • The service Protocol, e.g. TCP (actually specified as "_tcp")
  • The service Host, e.g. "firewall.private.network"
  • The service Port on that Host, e.g. "80"
  • The service Priority (optional)
  • The service Weight (optional)

In addition to the SRV record there is a TXT record with additional information. In this example it is just the path component of the HTTP URL. The content of the TXT record varies considerably for different service Types.

The /etc/dnsmasq.conf syntax for this is:

srv-host=Bering-uClibc Webconf._http._tcp.private.network,firewall.private.network,80
txt-record=Bering-uClibc Webconf._http._tcp.private.network,"path=/"

If multiple host machines offer the same service there can be repeated srv-host lines, with the same service Name but different service Host values. Refer to the comments in /etc/dnsmasq.conf for details of the Priority and Weight syntax if you need to specify these.

Now for the actual DNS-SD configuration...

Domain Enumeration

A DNS-SD client asks for a list of domains to Browse for service advertisements by sending a PTR query for b._dns-sd._udp.private.network. In principle we could specify a completely different domain to browse (such as example.com) but it is customary to specify the "same" domain, private.network. The /etc/dnsmasq.conf syntax for this is:

ptr-record=b._dns-sd._udp.private.network,private.network

Additional similar lines could be added if required.

Default Browse Domain

In the case that multiple Browse domains are specified the DNS-SD client needs to know which one to pick as the default. This is achieved by specifying a Default Browse domain. The /etc/dnsmasq.conf syntax for this is:

ptr-record=db._dns-sd._udp.private.network,private.network

This is optional if only a single Browse domain is specified.

Legacy Browse Domain

For maximum compatibility, also specify a single domain that Legacy DNS-SD clients should Browse for services. The /etc/dnsmasq.conf syntax for this is:

ptr-record=lb._dns-sd._udp.private.network,private.network

Service Pointers

The main "glue" in the DNS-SD configuration is another PTR record which enumerates the Services by service Type. The /etc/dnsmasq.conf syntax for this is:

ptr-record=_http._tcp.private.network,Bering-uClibc Webconf._http._tcp.private.network

Additional similar lines can be added if required.

Service Types List

While not required for normal DNS-SD operation, a DNS-SD client sometimes wants to query for a list of all the service Types available on the domain. It does this by sending a PTR query for _services._dns-sd._udp.private.network. The /etc/dnsmasq.conf syntax for this is:

ptr-record=_services._dns-sd._udp.private.network,_http._tcp.

Note that this correctly omits the private.network suffix, as per the standard. Additional similar lines can be added if further service types are available.


Configuring Dynamic DNS-SD

TODO

  • Register domain list: PTR r._dns-sd._udp.private.network
  • Default Register domain: PTR dr._dns-sd._udp.private.network


Implementing mDNS using Avahi

Some applications / devices only support mDNS, to query the .local DNS domain, and do not support full DNS-SD. For these an mDNS implementation like Avahi can be useful.

An implementation of Avahi will be added to the standard Bering-uClibc 4.x distribution beginning with v4.2.

Installing the Packages

The main Package required is avahid.lrp which installs the avahi-daemon executable. This in turn depends on libavahi.lrp, libdaemon.lrp and libexpat.lrp. These all need to be added to the LRP= line in leaf.cfg.

Configuring Shorewall

mDNS operates using UDP port 5353 as the destination for mDNS queries. In principle this can be on top of IPv4, IPv6 or both, though IPv4 is obviously more common at the moment. Both Shorewall and Shorewall6 have mDNS macros defined, which should be used.

Entries should therefore be added to the Shorewall{6}.rules file similar to the following:

mDNS(ACCEPT)        loc        fw

Implementing NAT-PMP

Network Address Translation - Port Mapping Protocol, described here, is the component of Zeroconf which allows client machines to dynamically create NAT iptables entries so that traffic arriving from the External network (e.g. the Internet) is automatically forwarded to a client on the Internal network. This can be useful for applications like BitTorrent clients which need to accept traffic from the External network.

Warning: While NAT-PMP can be useful, it also permits a rogue client or application on the internal network to compromise the security of the whole network. It should only be used when the implications of the possible security vulnerabilities are understood.

NAT-PMP Software Candidates

There are two main candidate software packages for implementing NAT-PMP functionality on Linux:

  • Stallone, a small, secure, standalone NAT-PMP demon
  • MiniUPnPd which implements NAT-PMP as well as uPnP

After reviewing both packages, davidMbrooke concluded that Stallone was the better choice for deployment as part of Bering-uClibc 4.x, mainly because it is designed to work alongside Avahi.

Installing the Stallone Package

The main Package required is stallone.lrp.

Configuring the Stallone Package

TODO

Troubleshooting the Stallone Package

TODO Check the log messages in /var/log/debug.log.


Testing and Diagnosis Tools

Some systems have a utility called dns-sd which can be useful for testing Zeroconf implementations. This is installed as standard on Mac OS X and for other platforms the source code can be downloaded from here.


Further Reading

  • Zero Configuration Networking: The Definitive Guide, by Stuart Cheshire and Daniel H. Steinberg. Copyright 2006 O'Reilly Media, Inc. ISBN 0-596-10100-7.



Prev Up Next