DNS Service Discovery (DNS-SD)

DNS Service Discovery is a way of using standard DNS programming interfaces, servers, and packet formats to browse the network for services.

If you think the picture below looks a lot like the old Macintosh AppleTalk "Chooser", that's no coincidence. As we move away from AppleTalk to an all-IP world, we don't want to have to give up the convenience and ease of use that made AppleTalk popular, and made AppleTalk continue to be popular long after it should rightfully have been retired.

DNS Service Discovery is compatible with, but not dependent on, Multicast DNS.

Image of DNS-SD Network Browser


Setting up DNS for Zero-Configuration Wide-Area Service Discovery by Clients

One of easiest applications of Wide-Area DNS-SD is simply to add a few records to your DNS server, to automatically advertise selected services to clients, with zero configuration on the client side. When clients get a response packet from the local network's DHCP server, there's a domain in that packet, and clients running Mac OS X 10.4 (Tiger) or Bonjour for Windows automatically query that domain for advertised services. Therefore, as long as you have administrative access to the domain in question, you can easily add the necessary records so the clients will discover web pages, printers, and other network services of your choosing. If you don't have have administrative access to the domain currently being returned by your DHCP server, but you do control the DHCP server, then you can change the DHCP server to return a different domain — one that you do have control over. In many cases people set their home gateway's DHCP server to return their ISP's domain name in the DHCP packet, without giving it much thought. There's really no reason to do this, since you have no control over your ISP's domain. It makes a lot more sense and is a lot more useful to set the domain to be one that you do have control over.

There are two ways to do this. If you have your own name server already set up and running, you can just add the necessary records. If you don't already have your own name server, or you do but don't want to put the records there just yet, then you can also set up a test server to experiment with the technology.

If you're an end user and you don't have access to a DNS server to experiment with, you can still see Wide-Area Bonjour browsing in action just by entering an appropriate DNS search domain.

Setting up DNS to Allow Clients to Advertise their own Wide-Area Services

After advertising static services to clients, the next step you can take, if you choose, is to allow clients to advertise their own wide-area services.

Doing this is not zero configuration on the client side, for a couple of security reasons. One is that users of client machines on your network may not want their services advertised, potentially world-wide, without their knowledge or consent. For this reason, advertising of services into the global DNS is an option that has to be explicitly enabled by the client. In addition the client needs to specify the domain into which they want their services advertised. On the server side there's also a security concern. On the world wide Internet, you can't allow just anyone to update your DNS server. This means that the clients need to have cryptographic security credentials that establish their authority to update the domain in question. This means that clients need three pieces of configuration information:

  1. Whether or not dynamic update is enabled
  2. The name of the domain to update
  3. The security key to authorize those updates

Allowing clients to advertise services is a two-part task:

  1. You need to enable Dynamic Update on your DNS server.
  2. You need to install the Bonjour Preference Pane and configure the clients with the required information.

Further Information

Page maintained by Stuart Cheshire