[Samba] Multicast DNS required?

Ryan Ashley ryana at reachtechfp.com
Wed Sep 24 15:39:38 MDT 2014

I know they're reserved. But my point is that .local is used already. 
Let me put it another way. You have a hundred devices using 
Bonjour/mDNS/Avahi on the .local domain, then you create 
"mydomain.local". Now do you see what I was trying to state? The .local 
domain may not exist in Internet-land, but if it exists on your LAN, it 
still exists.

On 09/24/2014 02:39 AM, L.P.H. van Belle wrote:
> and remember..
> if you dont use it, turn it off...
> You wont be the first where the printer is "somehow" set to 99 copies per pages  ;-)
> or even worse... and then im not talking about printers..
> keeping protocols enabled even when you dont use them is a big security leak.
> Louis
>> -----Oorspronkelijk bericht-----
>> Van: ryana at reachtechfp.com
>> [mailto:samba-bounces at lists.samba.org] Namens Ryan Ashley
>> Verzonden: woensdag 24 september 2014 1:22
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Multicast DNS required?
>> Bear in mind, it isn't just Apple products. HP and other printer
>> manufacturers are using ".local" for their wireless printers now also.
>> Generally speaking, these won't be in a corporate environment due to
>> nice big machines like a Xerox Fiery, but if they do make
>> their way into
>> the environment, they can cause trouble also. Good luck!
>> On 09/23/2014 07:01 PM, James wrote:
>>> Ryan,
>>>      Thanks for the explanation and link. Will follow up and review.
>>> Looks like I may have trouble up ahead seeing as the powers that be
>>> want to introduce apple products into the domain.
>>> On 9/23/2014 6:40 PM, Ryan Ashley wrote:
>>>> mDNS is also called Bonjour on Apple systems (or Windows
>> system with
>>>> iTunes and such installed). This is used for something unrelated to
>>>> actual DNS. In Linux we have "avahi" that does the same thing.
>>>> However, a domain ending in ".local" can have issues due to
>> zeroconf
>>>> things (printers, wireless TV's, etc) use that domain. In other
>>>> words, never, ever end a domain name in ".local". I use
>> ".lan" for my
>>>> domains. The issue is common on older domains that have
>> been upgraded
>>>> dozens of times. Even I had issues with it for a while. I do not
>>>> believe Samba needs mDNS/zeroconf support though.
>>>> You can read more on the matter at the link below. One of
>> my clients
>>>> (I picked them up a few years ago) had a domain ending in ".local"
>>>> and they had begun using Apple devices (phones, iPads) and had all
>>>> kinds of issues due to the ".local" domain being used by them. Long
>>>> story short, I got lucky when their DC died and I got to do a new
>>>> domain. Now everything is as smooth as butter!
>>>> http://en.wikipedia.org/wiki/.local
>>>> On 09/23/2014 03:34 PM, James wrote:
>>>>> Hello,
>>>>>      I noticed all my DC's have port 5353 closed. I'm using the
>>>>> internal DNS and wasn't sure if multicast DNS must be
>> enabled? I do
>>>>> not appear to be having any DNS issues. My only concern is
>> with the
>>>>> wiki on Multicast DNS.
>>>>> "By default, mDNS only and exclusively resolves host names ending
>>>>> with the |.local| top-level domain (TLD). This can cause
>> problems if
>>>>> that domain includes hosts that do not implement mDNS but can be
>>>>> found via a conventional unicast DNS server. Resolving such
>>>>> conflicts requires network configuration changes that violate the
>>>>> zero configuration
>>>>> <http://en.wikipedia.org/wiki/Zero_configuration_networking> goal."
>>>>> Given my domain is 'domain.local'. I wasn't sure if I should find
>>>>> out why the port is closed.  Thanks.
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list