Zero-configuration networking: Difference between revisions

In 1997 [[Stuart Cheshire]] proposed adapting Apple's mature [[Name Binding Protocol]] to IP networks to address the lack of service discovery capability.<ref>{{Citation | url = http://www.stuartcheshire.org/rants/NBPIP.html | title = Name Binding Protocol over IP | type = rant | first = Stuart | last = Cheshire | author-link = Stuart Cheshire}}{{self-published-inline|date=May 2013}}</ref> Cheshire subsequently joined Apple and authored [[IETF]] draft proposals for mDNS and DNS-based Service Discovery, supporting the transition from AppleTalk to IP networking. In 2002, Apple announced an implementation of both protocols under the name Rendezvous<ref>{{Citation | title = Zero conf | url = http://www.zeroconf.org/}}{{self-published-inline|date=March 2020}}</ref> (later renamed Bonjour). It was first included in [[Mac OS X 10.2]], replacing the [[Service Location Protocol]] (SLP) used in [[Mac OS X 10.1|10.1]].{{Citation needed|date=May 2013}} In 2013, the proposals were ratified as {{IETF RFC|6762}}<ref>{{cite IETF |author1=S. Cheshire |author2=M. Krochmal |publisher=[[IETF]] |title=Multicast DNS |rfc=6762 |date=February 2013}}</ref> and {{IETF RFC|6763}}.<ref>{{cite IETF |author1=S. Cheshire |author2=M. Krochmal |publisher=[[IETF]] |title=DNS-Based Service Discovery |rfc=6763 |date=February 2013}}</ref>

[[Service Location Protocol]] (SLP) is supported by [[Hewlett-Packard]]'s network [[Computer printer|printer]]s, [[Novell]], and [[Sun Microsystems]]. SLP is described in {{IETF RFC|2608}} and {{IETF RFC|3224}} and implementations are available for both [[Solaris (operating system)|Solaris]] and [[Linux]].

Because mDNS operates under a different trust model than unicast DNS—trusting the entire network rather than a designated DNS server, it is vulnerable to [[spoofing attack]]s by any system within the same [[broadcast ___domain]]. Like [[Simple Network Management Protocol|SNMP]] and many other network management protocols, it can also be used by attackers to quickly gain detailed knowledge of the network and its machines.<ref>{{Citation | url = http://www.gnucitizen.org/blog/name-mdns-poisoning-attacks-inside-the-lan/ | title = Name (MDNS) Poisoning Attacks Inside the LAN | publisher = GNU citizen | type = World Wide Web log | date = 23 January 2008}}</ref> Because of this, applications should still authenticate and encrypt traffic to remote hosts (e.g. via [[RSA (cryptosystem)|RSA]], [[Secure Shell|SSH]], etc.) after discovering and resolving them through DNS-SD/mDNS. LLMNR suffers from similar vulnerabilities.<ref>{{cite web |url=https://www.pentestpartners.com/security-blog/how-to-get-windows-to-give-you-credentials-through-llmnr/ |title=How to get Windows to give you credentials through LLMNR |first=David |last=Lodge |date=22 September 2015 |website=Pen Test Partners}}</ref><!--[[User:Kvng/RTH]]-->

Apple's mDNSResponder has interfaces for [[C (programming language)|C]] and [[Java (programming language)|Java]]<ref>{{Citation | url = http://www.macdevcenter.com/pub/a/mac/2004/08/31/osx_java.html | publisher = Mac Dev Center | title = A Rendezvous with Java | date = 2004-08-31}}</ref> and is available on BSD, Apple Mac OS X, Linux, other [[POSIX]] based operating systems and MS Windows. The Windows downloads are available from Apple's website.<ref>{{Citation | url = https://support.apple.com/downloads/bonjour_for_windows | publisher = Apple | title = Support | contribution = Bonjour for MS Windows 1.0.4}}</ref><!--[[User:Kvng/RTH]]-->