Zero-configuration networking: Difference between revisions

Similarly to telephones being labeled with their telephone number, it was a common practice in early networks to attach an address label to networked devices. The dynamic nature of modern networks, especially residential networks in which devices are powered up only when needed, desire dynamic address assignment mechanisms that do not require user involvement for initialization and management. These systems automatically give themselves common names chosen either by the equipment manufacturer, such as a brand and model number, or chosen by users for identifying their equipment. The names and addresses are then automatically entered into a [[directory service]].

Both IPv4 and IPv6 hosts may randomly generate the host-specific part of an autoconfigured address. IPv6 hosts generally combine a prefix of up to 64 bits with a 64-bit EUI-64 derived from the factory-assigned 48-bit [[IEEE]] [[MAC address]]. The MAC address has the advantage of being globally unique, a basic property of the EUI-64. The IPv6 protocol stack also includes duplicate address detection to avoid conflicts with other hosts. In IPv4, the method is called ''link-local address autoconfiguration''.{{Ref<ref RFC|3927}}name="rfc3927" /> However, [[Microsoft]] refers to this as ''[[Automatic Private IP Addressing]]'' (APIPA)<ref>{{Citation | url = http://msdn.microsoft.com/en-us/library/aa505918.aspx | publisher = Microsoft | title = MS Developer Network | contribution = Apipa | access-date = 2008-07-05 | archive-url = https://web.archive.org/web/20170318001826/https://msdn.microsoft.com/en-us/library/aa505918.aspx | archive-date = 2017-03-18 | url-status = dead }}</ref> or '''''Internet Protocol Automatic Configuration''''' ('''IPAC'''). The feature is supported in Windows since at least [[Windows 98]].<ref>{{Citation | url = http://support.microsoft.com/kb/220874 | title = Knowledge base | date = 6 January 2021 | contribution = How to use automatic TCP/IP addressing without a DHCP server | publisher = Microsoft}}</ref>

In 2000, Bill Manning and [[Bill Woodcock]] described the ''Multicast Domain Name Service''<ref>{{Citation | url = https://datatracker.ietf.org/doc/html/draft-manning-dnsext-mdns-00.txt | title = Multicast Domain Name Service |last1 = Manning |first1=Bill |last2= Woodcock |first2= Bill | newspaper = Ietf Datatracker |publisher = [[IETF]] |date= August 2000}}</ref> which spawned the implementations by Apple and Microsoft. Both implementations are very similar. Apple's [[Multicast DNS]] (mDNS) is published as a standards track proposal {{IETF RFC|6762}}, while Microsoft's [[Link-local Multicast Name Resolution]] (LLMNR) is published as informational {{IETF RFC|4795}}. LLMNR is included in every Windows version from Windows Vista onwards<ref>{{Citation | publisher = Microsoft | type = webpage | url = https://technet.microsoft.com/library/bb878128 | title = Microsoft TechNet Library Link-Local Multicast Name Resolution | date = 5 May 2010 }}</ref> and acts as a side-by-side alternative for Microsoft's NetBIOS Name Service over IPv4 and as a replacement over IPv6, since NetBIOS is not available over IPv6. Apple's implementation is available as the [[Bonjour (software)|Bonjour service]] since 2002 in Mac OS X v10.2. The Bonjour implementation (mDNSResponder) is available under the [[Apache License|Apache 2 Open Source License]]<ref>{{Citation | publisher = Apple | type = webpage | url = https://developer.apple.com/softwarelicensing/agreements/bonjour.php | title = Bonjour Licensing and Trademarks }}</ref> and is included in [[Android Jelly Bean]] and later<ref>{{Citation | type = webpage | url = http://developer.android.com/about/versions/android-4.1.html | title = Android 4.1 APIs }}</ref> under the same license.

The mDNS and LLMNR protocols have minor differences in their approach to name resolution. mDNS allows a network device to choose a ___domain name in the [[.local|local]] DNS [[namespace]] and announce it using a special multicast IP address. This introduces special semantics for the [[top-level ___domain]] ''local'',<ref>{{Citation | publisher = IETF | type = electronic mail message | url = http://www1.ietf.org/mail-archive/web/ietf/current/msg37126.html | title = Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' to Proposed Standard | access-date = 2006-02-10 | archive-url = https://web.archive.org/web/20081207202354/http://www.ietf.org/mail-archive/web/ietf/current/msg37126.html | archive-date = 2008-12-07 | url-status = dead }}</ref> which is considered a problem by some members of the IETF.<ref>{{Citation | publisher = IETF | type = electronic mail message | url = http://www1.ietf.org/mail-archive/web/ietf/current/msg37773.html | title = Re: Summary of the LLMNR Last Call | access-date = 2006-02-10 | archive-url = https://web.archive.org/web/20081207202402/http://www.ietf.org/mail-archive/web/ietf/current/msg37773.html | archive-date = 2008-12-07 | url-status = dead }}</ref> The current LLMNR draft allows a network device to choose any ___domain name, which is considered a security risk by some members of the IETF.<ref>{{Citation | publisher = IETF | type = electronic mail message | url = http://www1.ietf.org/mail-archive/web/ietf/current/msg37740.html | title = Summary of the LLMNR Last Call | access-date = 2005-11-11 | archive-url = https://web.archive.org/web/20081207202357/http://www.ietf.org/mail-archive/web/ietf/current/msg37740.html | archive-date = 2008-12-07 | url-status = dead }}</ref> mDNS is compatible with DNS-SD as described in the next section, while LLMNR is not.<ref>{{Citation | publisher = IETF | type = electronic mail message | url = http://www.mhonarc.org/archive/html/ietf/2005-08/msg00494.html | title = More details on the differences}}</ref>

'''{{vanchor|DNS-SD}}''' (DNS Service Discovery<ref name="dotorg">{{Citation | url = http://www.dns-sd.org/ | title = DNS-SD}}</ref>) allows clients to discover a named list of service instances and to resolve those services to hostnames using standard DNS queries. The specification is compatible with existing unicast DNS server and client software, but works equally well with mDNS in a zero-configuration environment. Each service instance is described using a DNS SRV<ref>{{IETF RFC|2782}}</ref> and DNS TXT<ref name="IETF RFC|1035">{{IETF RFC|1035}}</ref> record. A client discovers the list of available instances for a given service type by querying the DNS PTR<ref name="IETF RFC|1035"/> record of that service type's name; the server returns zero or more names of the form &lt;Service&gt;.&lt;Domain&gt;, each corresponding to a SRV/TXT record pair. The [[SRV record]] resolves to the ___domain name providing the instance, while the TXT can contain service-specific configuration parameters. A client can then resolve the A/AAAA record for the ___domain name and connect to the service.

Service types are given on a first-come-first-serve basis. A service type registry was originally maintained by DNS-SD.org,<ref>{{Citation | url = http://www.dns-sd.org/ | title name="dotorg" DNS-SD}}</ref> but has since been merged into IANA's registry for DNS SRV records.<ref>{{Citation | url = http://www.dns-sd.org/ServiceTypes.html | publisher = DNS-SD | title = Service types}}</ref>

mDNS uses packets similar to [[Domain Name System#DNS message format|unicast DNS]] to resolve hostnames except they are sent over a multicast link. Each host listens on the mDNS port, 5353, transmitted to a well-known multicast address and resolves requests for the [[resource record|DNS record]] of its ''.local'' hostname (e.g. the [[List of DNS record types#A|A]], [[List of DNS record types#AAAA|AAAA]], [[CNAME record|CNAME]]) to its IP address. When an mDNS client needs to resolve a local hostname to an IP address, it sends a DNS request for that name to the well-known multicast address; the computer with the corresponding A/AAAA record replies with its IP address. The mDNS multicast address is {{IPaddr|224.0.0.251}} for IPv4 and {{IPaddr|ff02::fb}} for IPv6 link-local addressing.

DNS Service Discovery (aka [[DNS-SD)]] requests can also be sent using mDNS to yield zero-configuration DNS-SD.{{Ref RFC|6763}} This uses DNS [[PTR record|PTR]], SRV, [[TXT record|TXT]] records to advertise instances of service types, ___domain names for those instances, and optional configuration parameters for connecting to those instances. But SRV records can now resolve to ''.local'' ___domain names, which mDNS can resolve to local IP addresses.

DNS-SD is used by Apple products, most network printers, many Linux distributions including [[Debian]] and [[Ubuntu (operating system)|Ubuntu]],<ref>{{cite web|title=Ubuntu 15.10 desktop manifest|url=http://releases.ubuntu.com/wily/ubuntu-15.10-desktop-amd64.manifest|publisher=Ubuntu|access-date=23 October 2015}}</ref> and a number of third-party products for various operating systems. For example, many [[OS X]] network applications written by Apple, including [[Safari (web browser)|Safari]], [[iChat]], and [[Messages (Apple)|Messages]], can use DNS-SD to locate nearby servers and peer-to-peer clients. Windows 10 includes support for DNS-SD for applications written using JavaScript.<ref name="WindowsDnssdNamespace">{{cite web|title=Windows.Networking.ServiceDiscovery.Dnssd namespace|url=https://msdn.microsoft.com/en-us/library/windows/desktop/bb870632(v=vs.85).aspx|website=Windows Dev Center|publisher=Microsoft|access-date=1 November 2015}}</ref> Individual applications may include their own support in older versions of the operating system, such that most instant messaging and [[VoIP]] clients on Windows support DNS-SD. Some [[Unix]], [[BSD]], and Linux distributions also include DNS-SD. For example, Ubuntu ships [[Avahi (software)|Avahi]], an mDNS/DNS-SD implementation, in its base distribution.

[[Simple Service Discovery Protocol]] (SSDP) is a UPnP protocol, used in [[Windows XP]] and later. SSDP uses HTTP notification announcements that give a service-type [[Uniform Resource Identifier|URI]] and a Unique Service Name (USN). Service types are regulated by the Universal Plug and Play Steering Committee. SSDP is supported by many printer, NAS and appliance manufacturers such as Brother. It is supported by certain brands of network equipment, and in many [[SOHO network|SOHO]] firewall appliances, where host computers behind it may pierce holes for applications. It is also used in [[home theater PC]] systems to facilitate media exchange between host computers and the media center.

[[AllJoyn]] is an open-source software stack for a myriad of devices, ranging from IoT devices to full-size computers, for discovery and control of devices on networks (Wifi, Ethernet) and other links (Bluetooth, ZigBee, etc.). It uses mDNS and [[HTTP]] over UDP and other protocols. The project has however not been active since 2016, and is not recommended to use for new projects.<ref>{{ Citation | title = Error compiling with modern gcc | url = https://github.com/alljoyn/core-alljoyn/issues/1 | access-date = 2025-01-31 }}</ref>

Because mDNS operates under a different trust model than unicast DNS—trusting the entire network rather than a designated DNS server, it is vulnerable to [[spoofing attack]]s by any system within the same [[broadcast ___domain]]. Like [[Simple Network Management Protocol|SNMP]] and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines.<ref>{{Citation | url = http://www.gnucitizen.org/blog/name-mdns-poisoning-attacks-inside-the-lan/ | title = Name (MDNS) Poisoning Attacks Inside the LAN | publisher = GNU citizen | type = World Wide Web log | date = 23 January 2008}}</ref> Because of this, applications should still authenticate and encrypt traffic to remote hosts (e.g. via [[RSA (cryptosystem)|RSA]], [[Secure Shell|SSH]], etc.) after discovering and resolving them through DNS-SD/mDNS. LLMNR suffers from similar vulnerabilities.<ref>{{cite web |url=https://www.pentestpartners.com/security-blog/how-to-get-windows-to-give-you-credentials-through-llmnr/ |title=How to get Windows to give you credentials through LLMNR |first=David |last=Lodge |date=22 September 2015 |website=Pen Test Partners}}</ref>

[[Avahi (software)|Avahi]] is a Zeroconf implementation for [[Linux]] and [[Berkeley Software Distribution|BSD]]s. It implements [[IPv4LL]], mDNS and DNS-SD. It is part of most Linux distributions, and is installed by default on some. If run in conjunction with nss-mdns, it also offers host name resolution.<ref>{{Citation | url = http://0pointer.de/lennart/projects/nss-mdns | title = nss-mdns 0.10 | last = Lennart | publisher = 0 pointer | place = [[Germany|DE]]}}</ref>

* Apple Mac OS and MS Windows have supported link-local addresses since [[Windows 98]] and [[Mac OS 8#Mac OS 8.5|Mac OS 8.5]] (both released in 1998).<ref>{{cite journal |lastname=Cheshire |first=S. |last2=Aboba |first2=B. |last3=Guttman |first3=E. |date=May 2005 |title=Dynamic Configuration of IPv4 Link-Local Addresses |url=https://www.rfc-editor.org/rfc/"rfc3927" |language=en |doi=10.17487/RFC3927 |issn=2070-1721}}</ref> Apple released its open-source implementation in the [[Darwin (operating system)|Darwin]] bootp package.

* Zero-Conf IP (zcip)<ref>{{Citation | url = httphttps://zeroconf.sourceforge.net/ | title = zcip | publisher = Source forge}}</ref>

* {{Citation | url = httphttps://jmdns.sourceforge.net/ | publisher = Source forge | title = JmDNS}}, a pure Java implementation of mDNS/DNS-SD.

* {{Citation | url = httphttps://sourceforge.net/projects/pyzeroconf/ | publisher = Source forge | title = pyZeroConf| date = 11 July 2015 }}, a pure [[Python (programming language)|Python]] implementation of mDNS/DNS-SD.

* {{Citation | url = httphttps://sourceforge.net/projects/wxservdisc/ | publisher = Source forge | title = WxServDisc| date = 13 June 2013 }}, a cross-platform wxWidgets-based service discovery module without external dependencies.

* {{Citation | url = http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt | publisher = DNS‐SDDNS-SD | title = DNS-Based Service Discovery Specification | last = Cheshire | first = Stuart | type = draft}}.