Dyn is currently conducting a beta of Wide Area Bonjour and DNS Service Discovery support for Dyn Standard DNS. Learn more about Bonjour and how to use it below.
Note: Because this is an experimental feature, we cannot provide technical support for this setup. If you need assistance, check out the Dyn Community.
What is Bonjour?
Bonjour is an Apple technology enabling Zero Configuration Networking.
Have you ever noticed that your Mac OS X laptop could automatically discover available printers on a new wireless network you connected to, or how iTunes could magically see other iTunes music libraries on the network and let you stream music instantly? Bonjour makes this all possible.
Remote Access via manual port forwarding and dynamic DNS update clients
For several years, users have been able to use this “plug and play” technology on the local area network, automatically connecting devices together and having them discover each other. If you wanted to access your services and devices from outside of your LAN, you had a few more steps to follow:
- Setting up a reserved DHCP lease or static internal IP address for your internal device or service
- Configuring port forwarding on your home gateway, wireless access point, or broadband router, effectively punching a static hole so that your port 80 on your external WAN IP maps to port 80 for the internal IP address of your device
- Configuring Dynamic DNS in your home gateway or using one of our update clients to keep your dynamic DNS hostname up to date with your latest WAN IP
- Cross your fingers…
- Send the URL for your device or service to your friends or family, or hope to remember it yourself (sometimes, these can get quite ugly, like http://my-hostname.dyndns.org:8081/login.app. Try remembering that!).
This is a complicated process, and there has to be a better way.
Remote Access with Bonjour and Dyn
Wouldn’t it be great if when we plugged in a new network camera on our LAN, it was automatically discoverable and ready for access? Not just from the LAN, but from the Internet as well? Granted, we would still want to enter our username and password in order to see the video from the camera, but it should be able to FIND the camera so we can enter in the username and password to see the video!
The trick to making automatic service discovery and sharing work over the Internet is a Bonjour-capable DNS server. The Dyn Standard DNS service is also a Wide Area Bonjour-capable DNS server, allowing you to remotely access your dynamic global hostname and all of your shared services automatically from anywhere on the Internet.
With Bonjour and Dyn, we can configure remote access for our LAN services and devices as follows:
- Tell your service or device how to authenticate with your account on Dyn to access your Dyn Standard DNS service
- That’s it!
Thanks to ZeroConf, Bonjour, NAT-PMP, and DNS-SD, your device or service will automatically configure its internal IP address, enable port forwarding in your home gateway, register a hostname in your account at Dyn, and configure your service for automatic discovery with Wide Area Bonjour. Users need only know your Dyn Standard DNS zone name to successfully browse for your services.
First, let’s make sure you have all of the requirements for Wide Area Bonjour in place:
- A domain name of your own (e.g., example.com)… if you don’t have one, register one now.
- Dyn Standard DNS service, fully configured for your domain… if you don’t have it, purchase now.
- A computer running Mac OS X 10.5 (Leopard) or later
Note on the Apple AirPort: If you’re just looking to make dynamic DNS work with your Apple AirPort Extreme or Apple AirPort Express device, you may be interested in a shorter tutorial that does not involve automatic service discovery.
Note on DynDNS Free and DynDNS Pro: We currently do not support Wide Area Bonjour on our DynDNS Free and Pro services. You must use Dyn Standard DNS with your own domain name for this to work properly.
Setup Your Dyn Standard DNS Zone for updates
Software and devices enabled with Bonjour do NOT use the DynDNS HTTP Update API [IETF Draft] to dynamically update DNS servers. Instead, they use the DNS Update [RFC 2136] protocol combined with TSIG security [RFC 2845].
Your Dyn Standard DNS zone requires a couple of special records to enable these devices to find where and how to update Dyn with your information.
- Enable the Expert Interface in Dyn Standard DNS
- Under Zone Level Services, select the Dyn Standard DNS zone for which you wish to enable for updates.
- In the upper-right corner of the zone page, you will see a button labeled Preferences. Please click this to view your zone’s settings.
- On the Preferences page, you will see a button labeled Enable Expert Interface in the lower-right hand corner. Please click this to change your interface type from Standard to Expert (you can change this back at any time).
- You should be returned to the configuration page for your Dyn Standard DNS service. Your records will be displayed as shown at left, in a format closer to the layout of records in BIND.
- Create a SRV record within the Dyn Standard DNS zone so that your Apple devices can discover where to send their updates. Set the values to the following:
Host TTL Type Data
0 5 53 update.dyndns.com.
This record instructs Apple dynamic update devices where to find the target host and port for Dyn’s update services. The record is required because the devices by default will attempt to perform their dynamic updates at your zone’s name server (e.g., ns1.mydyndns.org) on port 53, but Dyn operates its TSIG server at update.dyndns.com on port 53. Further details are available at the registry of DNS-SD service types.
- Create five PTR records within the Dyn Standard DNS zone. While these are not strictly required for dynamic updates, they are required if you wish to use the Wide Area Bonjour and DNS Service Discovery features built into Apple products in the future. Set the values as follows (example shown at left), but be sure to use your zone name as the value for Data:
Host TTL Type Data
These records tell Wide Area Bonjour clients how to browse your zone for services (‘b’ for browse, ‘lb’ for legacy browse, and ‘db’ for default browse) and register their own services (‘r’ for register and ‘dr’ for default register). For more details on the usage and meaning of each record, see the DNS Service Discovery web site.
- When you’re finished, you will have six additional records in your Dyn Standard DNS zone as shown below.
Setup Your Dynamic Global Hostname in Mac OS X
Now that your Dyn Standard DNS zone is configured to receive dynamic updates from Mac OS X, we can configure Mac OS X to send updates to Dyn.
- In System Preferences, open the Sharing panel.
- Under Computer Name, click Edit….
- Locate the Hostname, User, and Passwordfields. This is where we will populate the settings from Dyn, and enable your dynamic global hostname (just a fancy term for a hostname that supports dynamic DNS updates, and is visible to the global Internet).
- Populate the Hostnamefield with your full hostname from your Dyn Standard DNS service. This would typically be “your-computer-name.your-custom-dns-zone.com”.The User and Password fields are NOT the Dyn account username and password!Instead, they refer to a special type of authentication for dynamic DNS updates called Transaction Signature, or TSIG.Retrieve your TSIG information from your TSIG account settings page, and populate the information in the User and Password fields as shown in the diagram, and then click OK.
Verify Your Dynamic Global Hostname is Working
Your Dyn Standard DNS zone should now be updated to include the global dynamic hostname you selected. Verify this hostname is correctly created and has the correct IP address by refreshing your Dyn Standard DNS settings page.
Configuring Clients to Browse Your Services with Bonjour
There are several options available for configuring clients:
- Setup the DNS search domains on each client manually
- Configure your DHCP server to populate the DNS search domains
- Use the Apple Bonjour application to configure browse domains on each client manually
The best solution is to configure your Dyn Standard DNS zone as one of the “Search Domains” in DNS, either manually or by configuring your DHCP server appropriately. Simple instructions to configure your search domain on Mac OS X and Windows are included on the DNS Service Discovery web site. It is important to have completed the installation of the five PTR records in your Dyn Standard DNS zone as described above in “Setup Your Dyn Standard DNS Zone for updates” so your computer can browse for services within the zone.
An alternative solutions for Mac OS X and Windows is to use the Apple Bonjour utility and configure the Browsing tab. By adding your Dyn Standard DNS zone to the Browsing tab, your computer will discover services advertised in that zone.
Once you’ve configured your client(s) for browsing, you can now browse for services. The recommended way to get started with browsing services is with Bonjour Browser on Mac OS X. With this graphical utility, you can easily see all advertised services, and then double-click on any service to connect to it with the appropriate application.
- The Bonjour Browser allows you to graphically discover all service types in Mac OS X. To access any service, simply open that portion of the service tree, and double click on the instance name in bold.
DNS Service Discovery for SSH
Now that your computer can successfully register itself in your Dyn Standard DNS service and you’ve configured at least one client for browsing, let’s enable some services for discovery. We’ll demonstrate Remote Login via SSH.
Note: Be sure you have a strong password on your account, and are familiar with how to use SSH before enabling SSH service discovery.
- In the Sharing panel of System Preferences, turn on Remote Login, and select which usernames will be allowed access.If you wanted to login to your computer using SSH from inside the LAN, you can see that the panel tells you which username and internal 192.168.X.X IP address to use. Since we enabled Wide Area Bonjour with Dyn, we don’t have to remember any of the specifics, we just need to know our Dyn Standard DNS zone.
- To browse within Terminal, go to Shell -> New Remote Connection.
- Select the desired service instance to connect to, populate your username, and then connect. Note that Bonjour automatically populated the external port for this service, even if it was dynamically configured by NAT-PMP as a forwarded port on your home gateway device!
Additional Notes and Resources
Valid Characters Limited To Lowercase ASCII, Numerals and Hyphens
While local Bonjour and Wide Area Bonjour with BIND currently support uppercase, lowercase, and arbitrary UTF-8 encoded characters for their instance names, the current Dyn implementation does not. Only lowercase ASCII characters, numerals, and hyphens are allowed. To assist users with this limitation, the Dyn TSIG server will automatically transcode any characters it cannot process during each update.
For instance, if you advertise an HTTP service instance named “My Personal Web Site” with Dyn Standard DNS and Wide Area Bonjour, users will discover this as “my-personal-web-site”. We hope to overcome this data format limitation in the future.
Documentation, Mailing Lists, and FAQs
- Apple Bonjour Support Page
- DNS Service Discovery Overview
- Client Setup with Search Domains on dns-sd.org
Tools and Utilities
- dns-sd command line utility included in Mac OS X for testing Bonjour
- Bonjour Browser graphical Mac OS X utility for listing all discovered services
Once your setup is complete, your global dynamic hostname will start updating at Dyn. If you need further assistance, you can reach out to the experts in the Dyn Community.
Bonjour, the Bonjour logo, and the Bonjour symbol are trademarks of Apple Inc.