nss-mdns
Copyright 2004-2007 Lennart Poettering <mzaffzqaf (at) 0pointer (dot) de>
License
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Overview
nss-mdns
is a plugin for the GNU Name Service Switch (NSS)
functionality of the GNU C Library (glibc
) providing host name
resolution via Multicast DNS (aka
Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively
allowing name resolution by common Unix/Linux programs in the ad-hoc
mDNS domain .local
.
nss-mdns
provides client functionality only, which
means that you have to run a mDNS responder daemon seperately
from nss-mdns
if you want to register the local host name via
mDNS. I recommend Avahi.
nss-mdns
is very lightweight (9 KByte stripped binary
.so
compiled with -DNDEBUG=1 -Os
on i386, gcc
4.0), has no dependencies besides the glibc
and requires only
minimal configuration.
nss-mdns
tries to contact a running
avahi-daemon for resolving host names and
addresses and making use of its superior record cacheing. If
Avahi is not available at lookup time, the lookups will fail.
Current Status
It works!
Documentation
Libraries
After compiling and installing nss-mdns
you'll find six
new NSS modules in /lib
:
libnss_mdns.so.2
libnss_mdns4.so.2
libnss_mdns6.so.2
libnss_mdns_minimal.so.2
libnss_mdns4_minimal.so.2
libnss_mdns6_minimal.so.2
libnss_mdns.so.2
resolves both IPv6 and IPv4 addresses, libnss_mdns4.so.2
only
IPv4 addresses and libnss_mdns6.so.2
only IPv6 addresses. Due
to the fact that most mDNS responders only register local IPv4
addresses via mDNS, most people will want to use
libnss_mdns4.so.2
exclusively. Using
libnss_mdns.so.2
or libnss_mdns6.so.2
in such a
situation causes long timeouts when resolving hosts since most modern
Unix/Linux applications check for IPv6 addresses first, followed by a
lookup for IPv4.
libnss_mdns{4,6,}_minimal.so
(new in version 0.8) is mostly
identical to the versions without _minimal
. However, they differ in
one way. The minimal versions will always deny to resolve host names
that don't end in .local
or addresses that aren't in the range
169.254.x.x
(the range used by
IPV4LL/APIPA/RFC3927.)
Combining the _minimal
and the normal NSS modules allows us to make
mDNS authoritative for Zeroconf host names and addresses (and thus
creating no extra burden on DNS servers with always failing requests)
and use it as fallback for everything else.
Activation
To activate one of the NSS modules you have to edit
/etc/nsswitch.conf
and add mdns4
and
mdns4_minimal
(resp. mdns
, mdns6
) to the
line starting with "hosts:
". On Debian this looks like
this:
# /etc/nsswitch.conf passwd: compat group: compat shadow: compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
That's it. You should now be able to resolve hosts from the
.local
domain with all your applications. For a quick check
use glibc
's getent
tool:
$ getent hosts foo.local 192.168.50.4 foo.local
Replace foo whith a host name that has been registered with
an mDNS responder. (Don't try to use the tools host
or
nslookup
for these tests! They bypass the NSS and thus
nss-mdns
and issue their DNS queries directly.)
If you run a firewall, don't forget to allow UDP traffic to the the
mDNS multicast address 224.0.0.251
on port 5353.
Please note: The line above makes nss-mdns
authoritative for the
.local
domain, unless your unicast DNS server responds to SOA
queries for the top level local
name, or if the request has more
than two labels. (X.local
might be resolved with nss-mdns
but
X.Y.local
will not be.) nss-mdns
will check SOA
before every
request to resolve .local
names, meaning that neither nss-mdns
nor
Avahi
need to be disabled to allow .local
queries to be served
from unicast DNS. (These two checks are only enabled in minimal mode
or if there is no /etc/mdns.allow
file. Any domain, with any number
of labels, (including .local
) will still be served authoritatively
from nss-mdns
if specified in /etc/mdns.allow
.)
/etc/mdns.allow
nss-mdns
has a simple configuration file /etc/mdns.allow
for
enabling name lookups via mDNS in other domains than .local
.
Note: The "minimal" version of
nss-mdns
does not read/etc/mdns.allow
under any circumstances. It behaves as if the file does not exist.
In the recommended configuration, no /etc/mdns.allow
file is
present. In this case:
-
If the request does not end with
.local
or.local.
, it is rejected. Example:example.test
is rejected. -
If the request has more than two labels, it is rejected. Example:
foo.bar.local
is rejected. This is the two-label limit heuristic. -
If, during a request, the system-configured unicast DNS (specified in
/etc/resolv.conf
) reports anSOA
record for the top-levellocal
name, the request is rejected. Example:host -t SOA local
returns something other thanHost local not found: 3(NXDOMAIN)
. This is the unicast SOA heuristic. -
Otherwise, the request is processed.
If present, the file should contain valid domain suffixes, seperated
by newlines. Empty lines are ignored as are comments starting with
#
.
To disable the two heuristics described above, and force all .local
domains to be resolved regardless of label count or unicast SOA
records, use this configuration file:
# /etc/mdns.allow
.local.
.local
To enable mDNS lookups of all names regardless of the domain suffix
and disabling the two heuristics, add a line consisting of *
only:
# /etc/mdns.allow
*
To complete disable mDNS name lookups, use an empty file:
# /etc/mdns.allow
Again, remember that changing this file has no effect on the "minimal"
version of nss-mdns
.
Requirements
Currently, nss-mdns
is tested on Linux only. A fairly modern glibc
installation with development headers (2.0 or newer) is required. Not
suprisingly nss-mdns
requires a kernel compiled with IPv4
multicasting support enabled. Avahi is a hard
dependency when nss-mdns
is used, however it is not a build-time
requirement.
nss-mdns
was developed and tested on Debian GNU/Linux
"testing" from December 2004, it should work on most other Linux
distributions (and maybe Unix versions) since it uses GNU autoconf and
GNU libtool for source code configuration and shared library
management.
Installation
As this package is made with the GNU autotools you should run
./configure
inside the distribution directory for configuring
the source tree. After that you should run make
for
compilation and make install
(as root) for installation of
nss-mdns
.