Wide Area Bonjour and DNS Service Discovery

DynDNS.com is currently conducting a beta of Wide Area Bonjour and DNS Service Discovery support for Custom DNS. Learn more about Bonjour and how to use it below.

What is Bonjour?

Bonjour is an Apple technology enabling Zero Configuration Networking.

Have you ever noticed that your OSX laptop could automatically discover available printers on a new wireless network you connected to, or how iTunes could magically see other iTunes music libraries on the network and let you stream music instantly? Bonjour makes this all possible.

Remote Access via Manual Port Forwarding and DDNS Update Clients

For several years, users have been able to use this "plug and play" technology on the local area network, automatically connecting devices together and having them discover each other. If you wanted to access your services and devices from outside of your LAN, you had a few more steps to follow:

  1. Setting up a reserved DHCP lease or static internal IP address for your internal device or service
  2. Configuring port forwarding on your home gateway, wireless access point, or broadband router, effectively punching a static hole so that your port 80 on your external WAN IP maps to port 80 for the internal IP address of your device
  3. Configuring Dynamic DNS in your home gateway or using one of our update clients to keep your DDNS hostname up to date with your latest WAN IP
  4. Cross your fingers...
  5. Send the URL for your device or service to your friends or family, or hope to remember it yourself (sometimes, these can get quite ugly, like http://my-hostname.dyndns.org:8081/login.app. Have fun remembering that!).

This is a complicated process, and there has to be a better way.

Remote Access with Bonjour and DynDNS.com

Wouldn't it be great if when we plugged in a new network camera on our LAN, it was automatically discoverable and ready for access? Not just from the LAN, but from the Internet as well? Granted, we would still want to enter our username and password in order to see the video from the camera, but it should be FIND the camera and get to the place where we want to enter in the username and password to see the video!

The trick to making automatic service discovery and sharing work over the Internet is a Bonjour-capable DNS server. The DynDNS.com Custom DNS service is also a Wide Area Bonjour-capable DNS server, allowing you to remotely access your dynamic global hostname and all of your shared services automatically from anywhere on the Internet.

With Bonjour and DynDNS.com, we can configure remote access for our LAN services and devices as follows:

  1. Tell your service or device how to authenticate with your account on DynDNS.com to access your Custom DNS service
  2. That's it!

Thanks to ZeroConf, Bonjour, NAT-PMP, and DNS-SD, your device or service will automatically configure its internal IP address, enable port forwarding in your home gateway, register a hostname in your account at DynDNS.com, and configure your service for automatic discovery with Wide Area Bonjour. Users need only know your Custom DNS zone name to successfully browse for your services.

Getting Started

First, let's make sure you have all of the requirements for Wide Area Bonjour in place:

  1. A domain name of your own (e.g., example.com)... if you don't have one, register one now
  2. Custom DNS service from DynDNS.com fully configured for your domain... if you don't have one, purchase one now
  3. A computer running Apple OSX Leopard or Apple OSX Snow Leopard

Note on the Apple AirPort: If you're just looking to make Dynamic DNS work with your Apple AirPort Extreme or Apple AirPort Express device, you may be interested in a shorter tutorial that does not involve automatic service discovery.

Note on DynDNS Free and DynDNS Pro: We currently do not support Wide Area Bonjour on our Free and Pro Dynamic DNS services. You must use Custom DNS with your own domain name for this to work properly.

Setup Your Custom DNS Zone for Updates

Software and devices enabled with Bonjour do NOT use the DynDNS HTTP Update API [IETF Draft] to dynamically update DNS servers. Instead, they use the DNS Update [RFC 2136] protocol combined with TSIG security [RFC 2845].

Your Custom DNS zone requires a couple of special records to enable these devices to find where and how to update DynDNS.com with your information.

Enable the Expert Interface in Custom DNS
  • Under Zone Level Services, select the Custom DNS zone for which you wish to enable for updates.
  • In the upper-right corner of the zone page, you will see a button labeled Preferences. Please click this to view your zone's settings.
  • On the Preferences page, you will see a button labeled Enable Expert Interface in the lower-right hand corner. Please click this to change your interface type from Standard to Expert (you can change this back at any time).
  • You should be returned to the configuration page for your Custom DNS service. Your records will be displayed as shown at left, in a format closer to the layout of records in BIND.

Create a SRV record within the Custom DNS zone so that your devices can discover where to send their updates. Set the values as follows (example shown at left):

HostTTLTypeData
_dns-update._udp
60
SRV
0 5 53 update.dyndns.com.

This record instructs dynamic update devices where to find the target host and port for DynDNS.com's update services. The record is required because the devices by default will attempt to perform their dynamic updates at your zone's name server (e.g., ns1.mydyndns.org) on port 53, but DynDNS.com operates its TSIG server at update.dyndns.com on port 53. Further details are available at the registry of DNS-SD service types.

Create five PTR records within the Custom DNS zone. Set the values as follows (example shown at left), but be sure to use your zone name as the value for Data:

HostTTLTypeData
b._dns-sd._udp
60
PTR
your-custom-zone.com.
lb._dns-sd._udp
60
PTR
your-custom-zone.com.
db._dns-sd._udp
60
PTR
your-custom-zone.com.
r._dns-sd._udp
60
PTR
your-custom-zone.com.
dr._dns-sd._udp
60
PTR
your-custom-zone.com.

These records tell Wide Area Bonjour clients how to browse your zone for services ('b' for browse, 'lb' for legacy browse, and 'db' for default browse) and register their own services ('r' for register and 'dr' for default register). For more details on the usage and meaning of each record, see the DNS Service Discovery web site.

When you're finished, you will have six additional records in your Custom DNS zone as shown to the left.

Setup Your Dynamic Global Hostname in OSX

Now that your Custom DNS zone is configured to receive dynamic updates from OSX, we can configure OSX to send updates to DynDNS.com.

In System Preferences, open the Sharing panel.

Under Computer Name, click Edit....

Locate the Hostname, User, and Password fields. This is where we will populate the settings from DynDNS.com, and enable your dynamic global hostname (just a fancy term for a hostname that supports Dynamic DNS updates, and is visible to the global Internet).

Populate the Hostname field with your full hostname from your Custom DNS service. This would typically be:
your-computer-name.your-custom-dns-zone.com.

The User and Password fields are NOT the DynDNS.com account username and password! Instead, they refer to a special type of authentication for Dynamic DNS updates called Transaction Signature, or TSIG.

Retrieve your TSIG information from your TSIG account settings page, and populate the information in the User and Password fields as shown in the diagram, and then click OK.

Verify Your Dynamic Global Hostname is Working

Your Custom DNS zone should now be updated to include the global dynamic hostname you selected. Verify this hostname is correctly created and has the correct IP address by refreshing your Custom DNS settings page.

Configuring Clients to Browse Your Services with Bonjour

There are several options available for configuring clients:

  • Setup the DNS search domains on each client manually
  • Configure your DHCP server to populate the DNS search domains
  • Use the Apple Bonjour application to configure browse domains on each client manually

The best solution is to configure your Custom DNS zone as one of the "Search Domains" in DNS, either manually or by configuring your DHCP server appropriately. Simple instructions to configure your search domain on OSX and Windows are included on the DNS Service Discovery web site. It is important to have completed the installation of the five PTR records in your Custom DNS zone as described under Setup Your Custom DNS Zone for Updates so your computer can browse for services within the zone.

An alternative solutions for OSX and Windows is to use the Apple Bonjour utility and configure the Browsing tab. By adding your Custom DNS zone to the Browsing tab, your computer will discover services advertised in that zone.

Once you've configured your client(s) for browsing, you can now browse for services. The recommended way to get started with browsing services is with Bonjour Browser on OSX. With this graphical utility, you can easily see all advertised services, and then double-click on any service to connect to it with the appropriate application.

The Bonjour Browser allows you to graphically discover all service types in OSX. To access any service, simply open that portion of the service tree, and double click on the instance name in bold.

DNS Service Discovery for SSH

Now that your computer can successfully register itself in your Custom DNS service and you've configured at least one client for browsing, let's enable some services for discovery. We'll demonstrate Remote Login via SSH.

Note: Be sure you have a strong password on your account, and are familiar with how to use SSH before enabling SSH service discovery.

In the Sharing panel of System Preferences, turn on Remote Login, and select which usernames will be allowed access.

If you wanted to login to your computer using SSH from inside the LAN, you can see that the panel tells you which username and internal 192.168.X.X IP address to use. Since we enabled Wide Area Bonjour with DynDNS.com, we don't have to remember any of the specifics, we just need to know our Custom DNS zone.

To browse within Terminal, go to Shell -> New Remote Connection.

Select the desired service instance to connect to, populate your username, and then connect. Note that Bonjour automatically populated the external port for this service, even if it was dynamically configured by NAT-PMP as a forwarded port on your home gateway device!

Additional Notes and Resources

Valid Characters Limited To Lowercase ASCII, Numerals and Hyphens

While local Bonjour and Wide Area Bonjour with BIND currently support uppercase, lowercase, and arbitrary UTF-8 encoded characters for their instance names, the current DynDNS.com implementation does not. Only lowercase ASCII characters, numerals, and hyphens are allowed. To assist users with this limitation, the DynDNS.com TSIG server will automatically transcode any characters it cannot process during each update.

For instance, if you advertise an HTTP service with the instance name "My Personal Web Site" with DynDNS.com Custom DNS and Wide Area Bonjour, users will discover this as "my-personal-web-site". We hope to overcome this data format limitation in the future.

Documentation, Mailing Lists, and FAQs

Tools and Utilities

Community Support

Once your setup is complete, your global dynamic hostname will start updating at DynDNS.com. If you need further assistance, you can reach out to the experts in the DynDNS.com Community.

Bonjour, the Bonjour logo, and the Bonjour symbol are trademarks of Apple Computer, Inc.