• Stars
    star
    183
  • Rank 210,154 (Top 5 %)
  • Language
    C
  • License
    GNU Lesser Genera...
  • Created over 8 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

nss-mdns

Copyright 2004-2007 Lennart Poettering <mzaffzqaf (at) 0pointer (dot) de>

License

This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

Overview

nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local.

nss-mdns provides client functionality only, which means that you have to run a mDNS responder daemon seperately from nss-mdns if you want to register the local host name via mDNS. I recommend Avahi.

nss-mdns is very lightweight (9 KByte stripped binary .so compiled with -DNDEBUG=1 -Os on i386, gcc 4.0), has no dependencies besides the glibc and requires only minimal configuration.

nss-mdns tries to contact a running avahi-daemon for resolving host names and addresses and making use of its superior record cacheing. If Avahi is not available at lookup time, the lookups will fail.

Current Status

It works!

Documentation

Libraries

After compiling and installing nss-mdns you'll find six new NSS modules in /lib:

  • libnss_mdns.so.2
  • libnss_mdns4.so.2
  • libnss_mdns6.so.2
  • libnss_mdns_minimal.so.2
  • libnss_mdns4_minimal.so.2
  • libnss_mdns6_minimal.so.2

libnss_mdns.so.2 resolves both IPv6 and IPv4 addresses, libnss_mdns4.so.2 only IPv4 addresses and libnss_mdns6.so.2 only IPv6 addresses. Due to the fact that most mDNS responders only register local IPv4 addresses via mDNS, most people will want to use libnss_mdns4.so.2 exclusively. Using libnss_mdns.so.2 or libnss_mdns6.so.2 in such a situation causes long timeouts when resolving hosts since most modern Unix/Linux applications check for IPv6 addresses first, followed by a lookup for IPv4.

libnss_mdns{4,6,}_minimal.so (new in version 0.8) is mostly identical to the versions without _minimal. However, they differ in one way. The minimal versions will always deny to resolve host names that don't end in .local or addresses that aren't in the range 169.254.x.x (the range used by IPV4LL/APIPA/RFC3927.) Combining the _minimal and the normal NSS modules allows us to make mDNS authoritative for Zeroconf host names and addresses (and thus creating no extra burden on DNS servers with always failing requests) and use it as fallback for everything else.

Activation

To activate one of the NSS modules you have to edit /etc/nsswitch.conf and add mdns4 and mdns4_minimal (resp. mdns, mdns6) to the line starting with "hosts:". On Debian this looks like this:

# /etc/nsswitch.conf

passwd:         compat
group:          compat
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

That's it. You should now be able to resolve hosts from the .local domain with all your applications. For a quick check use glibc's getent tool:

$ getent hosts foo.local
192.168.50.4    foo.local

Replace foo whith a host name that has been registered with an mDNS responder. (Don't try to use the tools host or nslookup for these tests! They bypass the NSS and thus nss-mdns and issue their DNS queries directly.)

If you run a firewall, don't forget to allow UDP traffic to the the mDNS multicast address 224.0.0.251 on port 5353.

Please note: The line above makes nss-mdns authoritative for the .local domain, unless your unicast DNS server responds to SOA queries for the top level local name, or if the request has more than two labels. (X.local might be resolved with nss-mdns but X.Y.local will not be.) nss-mdns will check SOA before every request to resolve .local names, meaning that neither nss-mdns nor Avahi need to be disabled to allow .local queries to be served from unicast DNS. (These two checks are only enabled in minimal mode or if there is no /etc/mdns.allow file. Any domain, with any number of labels, (including .local) will still be served authoritatively from nss-mdns if specified in /etc/mdns.allow.)

/etc/mdns.allow

nss-mdns has a simple configuration file /etc/mdns.allow for enabling name lookups via mDNS in other domains than .local.

Note: The "minimal" version of nss-mdns does not read /etc/mdns.allow under any circumstances. It behaves as if the file does not exist.

In the recommended configuration, no /etc/mdns.allow file is present. In this case:

  • If the request does not end with .local or .local., it is rejected. Example: example.test is rejected.

  • If the request has more than two labels, it is rejected. Example: foo.bar.local is rejected. This is the two-label limit heuristic.

  • If, during a request, the system-configured unicast DNS (specified in /etc/resolv.conf) reports an SOA record for the top-level local name, the request is rejected. Example: host -t SOA local returns something other than Host local not found: 3(NXDOMAIN). This is the unicast SOA heuristic.

  • Otherwise, the request is processed.

If present, the file should contain valid domain suffixes, seperated by newlines. Empty lines are ignored as are comments starting with #.

To disable the two heuristics described above, and force all .local domains to be resolved regardless of label count or unicast SOA records, use this configuration file:

# /etc/mdns.allow
.local.
.local

To enable mDNS lookups of all names regardless of the domain suffix and disabling the two heuristics, add a line consisting of * only:

# /etc/mdns.allow
*

To complete disable mDNS name lookups, use an empty file:

# /etc/mdns.allow

Again, remember that changing this file has no effect on the "minimal" version of nss-mdns.

Requirements

Currently, nss-mdns is tested on Linux only. A fairly modern glibc installation with development headers (2.0 or newer) is required. Not suprisingly nss-mdns requires a kernel compiled with IPv4 multicasting support enabled. Avahi is a hard dependency when nss-mdns is used, however it is not a build-time requirement.

nss-mdns was developed and tested on Debian GNU/Linux "testing" from December 2004, it should work on most other Linux distributions (and maybe Unix versions) since it uses GNU autoconf and GNU libtool for source code configuration and shared library management.

Installation

As this package is made with the GNU autotools you should run ./configure inside the distribution directory for configuring the source tree. After that you should run make for compilation and make install (as root) for installation of nss-mdns.