[Samba] Multicast DNS required?

L.P.H. van Belle belle at bazuin.nl
Wed Sep 24 00:39:29 MDT 2014

and remember.. 

if you dont use it, turn it off...  
You wont be the first where the printer is "somehow" set to 99 copies per pages  ;-) 
or even worse... and then im not talking about printers.. 

keeping protocols enabled even when you dont use them is a big security leak. 


>-----Oorspronkelijk bericht-----
>Van: ryana at reachtechfp.com 
>[mailto:samba-bounces at lists.samba.org] Namens Ryan Ashley
>Verzonden: woensdag 24 september 2014 1:22
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Multicast DNS required?
>Bear in mind, it isn't just Apple products. HP and other printer 
>manufacturers are using ".local" for their wireless printers now also. 
>Generally speaking, these won't be in a corporate environment due to 
>nice big machines like a Xerox Fiery, but if they do make 
>their way into 
>the environment, they can cause trouble also. Good luck!
>On 09/23/2014 07:01 PM, James wrote:
>> Ryan,
>>     Thanks for the explanation and link. Will follow up and review. 
>> Looks like I may have trouble up ahead seeing as the powers that be 
>> want to introduce apple products into the domain.
>> On 9/23/2014 6:40 PM, Ryan Ashley wrote:
>>> mDNS is also called Bonjour on Apple systems (or Windows 
>system with 
>>> iTunes and such installed). This is used for something unrelated to 
>>> actual DNS. In Linux we have "avahi" that does the same thing. 
>>> However, a domain ending in ".local" can have issues due to 
>>> things (printers, wireless TV's, etc) use that domain. In other 
>>> words, never, ever end a domain name in ".local". I use 
>".lan" for my 
>>> domains. The issue is common on older domains that have 
>been upgraded 
>>> dozens of times. Even I had issues with it for a while. I do not 
>>> believe Samba needs mDNS/zeroconf support though.
>>> You can read more on the matter at the link below. One of 
>my clients 
>>> (I picked them up a few years ago) had a domain ending in ".local" 
>>> and they had begun using Apple devices (phones, iPads) and had all 
>>> kinds of issues due to the ".local" domain being used by them. Long 
>>> story short, I got lucky when their DC died and I got to do a new 
>>> domain. Now everything is as smooth as butter!
>>> http://en.wikipedia.org/wiki/.local
>>> On 09/23/2014 03:34 PM, James wrote:
>>>> Hello,
>>>>     I noticed all my DC's have port 5353 closed. I'm using the 
>>>> internal DNS and wasn't sure if multicast DNS must be 
>enabled? I do 
>>>> not appear to be having any DNS issues. My only concern is 
>with the 
>>>> wiki on Multicast DNS.
>>>> "By default, mDNS only and exclusively resolves host names ending 
>>>> with the |.local| top-level domain (TLD). This can cause 
>problems if 
>>>> that domain includes hosts that do not implement mDNS but can be 
>>>> found via a conventional unicast DNS server. Resolving such 
>>>> conflicts requires network configuration changes that violate the 
>>>> zero configuration 
>>>> <http://en.wikipedia.org/wiki/Zero_configuration_networking> goal."
>>>> Given my domain is 'domain.local'. I wasn't sure if I should find 
>>>> out why the port is closed.  Thanks.
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list