June 24, 2011

Weekend Project: Setting up DNS Service Discovery

DNS Service Discovery (DNS-SD) is a component of Zeroconf networking, which allows servers and clients on an IP network to exchange their location and access details around the LAN without requiring any central configuration. Most Linux distributions supply the Avahi library for Zeroconf support, but not nearly as many users take advantage of it. Let's look at an easy-to-set-up use for DNS-SD: providing automatic bookmarks to services. All it takes is an Apache module and a Firefox extension.


The essence of DNS-SD is that Zeroconf-supporting applications or hardware devices broadcast a DNS SRV record (of the kind typically used in static DNS to point to a host and port number combo) advertising themselves, and everyone else on the network hears it and takes note. They make the broadcast over multicast-DNS (mDNS), which is a protocol derived from normal DNS, but using special, local-only "multicast" addresses and the reserved .local pseudo-domain.

The system is akin to Universal Plug-and-Play (UPnP), except that it handles more types of services, and builds more directly on top of DNS. The mDNS/DNS-SD pair's major backer is Apple, and UPnP's is Microsoft, so as you might guess, neither is likely to give up and start supporting the other. There is hope for a unifying IETF protocol in the future, but at the moment mDNS/DNS-SD is well-supported enough by the open source Avahi library that Linux users can start working with it today.

In the Apple world, printers and chat clients commonly use mDNS to advertise their availability. But there is a long list of application types that can advertise over the system, including VoIP clients and servers (such as Asterisk), closed-circuit video devices, even collaborative editors (such as Gobby). Essentially, any service that can be described in a SRV record can be advertised; it just needs to provide a service name, a transport protocol (TCP or UDP), and the port and hostname of the server where it can be reached. The mDNS .local domain allows participating devices to assign themselves reachable hostnames.

With the server properly configured, the DNS-SD stack on any client machines will catch and catalog the local services automatically, for use by applications on the system. On a Linux box, Avahi hears and notes the mDNS messages, and an interested client (say, a chat app) asks Avahi if there are any XMPP servers nearby to talk to. The connection is made, and voilĂ , you start chatting.

Discovering Some Services

It's easy to imagine how DNS-SD could take the pain out of some typically hard-to-configure applications like VoIP, but if you are new to DNS-SD there are simpler places to start, such as with good old-fashioned HTTP web servers. If you're like me, your main Linux box is running a variety of web interfaces for local services: phpMyAdmin, CUPS administration, Webmin or another config tool (in my case, I also have an X10 home automation front-end and the MythWeb MythTV interface running). You may also have work-related services running, such as a Bugzilla instance or network administration workspace, or even a straightforward Intranet site.

The unifying principle is that these are all web services you might like to access from more than one machine on the LAN. You can manually enter the bookmarks on every machine, or use a synchronization tool like Firefox Sync or XMarks, but these strategies make you choose between repetitive work and potential security risks -- not to mention they require updating all of the client machines whenever there is a change. That is precisely the problem Zeroconf networking was designed to solve.

Developer Andrew Tunnell-Jones has written a small but highly useful extension that adds DNS-SD support to Firefox. The code is hosted at Github, but you can install the extension itself, "DNSSD for Firefox," through the addons.mozilla.org site. It requires Firefox 4.0 or later (no word yet on the just-released Firefox 5; it doesn't appear that anything relevant has changed in Firefox itself, but the add-ons system is notoriously pedantic about version numbers), and a working Zeroconf implementation. For Linux, Avahi works just fine, and Mac OS X users will already have Apple's Bonjour installed. Windows users can install the Apple-provided Bonjour-for-Windows package, which Tunnell-Jones links to from the extension page.

After you restart Firefox, the extension adds a menu labeled DNSSD to the Navigation toolbar (between the forward/back buttons and the URL bar) and to the Bookmarks menu. Click on it, and you will see a list of all of the local HTTP servers detected by your Avahi or Bonjour service: no configuration necessary. If you want to double-check the extension's list, you can run avahi-browse --all from the command line.

If you are running GNOME, you should also see a desktop notification pop up whenever the extension notices a new service (although for most services, this will just be at start-up time). That option is configurable in the preferences, which you can get to through the Add-ons Manager.

It works, and it is automatic, but there are a few quirks to be aware of. First, you don't (yet) have the option to choose where the DNSSD menu is displayed. Placing it in the navigation toolbar makes sense because that is the one toolbar almost guaranteed to be present, but putting it in the Bookmarks toolbar would seem to make more sense to me -- it seems like a natural complement to Firefox's automatic "Most Visited" and "Recently Added" bookmark folders. Second, although you can access the DNSSD menu through the Bookmarks menu, you cannot move it around in your bookmarks to a more convenient location. I asked Tunnell-Jones about both of these options, however, and it sounds like they are possibilities for future releases.

You can probably think of a handful of local web services you would like to automatically advertise around your office or home network, but the odds are that most of them do not advertise over mDNS out-of-the-box. In my case, the only running server that did provide a web interface over DNS-SD was the MT-DAAP audio server. To get your other services to announce themselves, you'll need mod_dnssd.

Location, Location, Location

Mod_dnssd is an Apache module that adds simple mDNS/DNS-SD support to your Apache-hosted sites, with a minimum of configuration fuss. The latest release is 0.6, which supports Apache 2.2, although there are older releases for those still running Apache 2.0 for some reason.

Firefox DNSSD MenuThe author, Lennart Poettering, is best know as the maintainer of PulseAudio (which, yes, uses mDNS/DNS-SD to locate other networked PulseAudio sources on the LAN). The docs on the site are a nice introduction, but Poettering has written a more extensive how-to on his blog. To get it working, you'll need to install the module (packages are available on the site, but most distributions offer it as well), and make sure that Apache loads it at startup (check your distro's documentation for details, or edit your /etc/apache2/apache2.conf if installing from source).

To use the module, you must first activate it by placing the DNSSDEnable on directive in the Global Environment section of apache2.conf. With that configuration alone, Apache will advertise all of the VirtualHosts over mDNS/DNS-SD -- however, clients will have trouble connecting to them if you do not label your VirtualHosts with fully-qualified domain names.

For a little more fine-grained control, you can add a DNSSDServiceName "Whatever You Want To Advertise It As" directive to each VirtualHost or Location block. The ServiceName you assign will be the user-visible label seen in the DNSSD menu offered by the Firefox extension, so you can give easy-to-remember, LAN-wide labels to your bug tracker, Apt-CacherNG control panel, or any other site. But remember to include the server's name if you are running multiple web servers on the LAN, lest your users get confused.

By default, mod_dnssd advertises Apache resources as HTTP services (i.e., using the _http._tcp SRV record). That makes sense for most web services, but you can also alter it to properly advertise other applications, such as WebDAV or RSS feeds. Simply add the DNSSDServiceTypes directive to your Apache configuration, followed by a space-separated list of the service types you wish to advertise -- either for the server as a whole, the VirtualHost, or the Location, depending on where you put the directive.

That's What I Call Service

Obviously, the Apache plus Firefox combination only scratches the surface of what DNS-SD as a whole is capable of, but as an increasing number of services use HTTP, it is at least a useful place to start. You can save yourself some trouble by DNS-SD-enabling your Intranet sites and letting your users find them automatically. Of course, you do still need to take precautions to protect your services. The DNS-SD services will only be visible to LAN clients, but if you do not want that to include WiFi visitors, you should partition them off into a different subnet altogether -- and it goes without saying that your admin panels ought to be password-protected.

But there is another subtle condition imposed by this scheme: it requires changing Firefox, the client application. So although it's easy to imagine DNS-SD-advertised bookmarks being useful in a public environment (say, an Internet cafe), you still cannot expect visitors wandering in off the street to have the right extension installed. In my mind, DNS-SD, like Microformats, is a technology that Firefox really ought to support off-the-shelf. There is no reason not to, unless you make the security argument -- but honestly, a service at risk is not any better-protected just because it is un-advertised. Maybe Tunnell-Jones's extension will have a hand in raising awareness of the convenience offered by DNS-SD. At the very least, you can leverage that convenience yourself, and that's a pretty good start.

Click Here!