Re: DNS-SD, mDNS and dyn-DNS [was Re: Gnome VFS - plans for Gnome 2.8]

On Mar 27, 2004, at 4:39 AM, Mark McLoughlin wrote:

	Another possible mechanism for making remote desktop service
information available via DNS is to use Dynamic DNS Updates[20] to add
DNS-SD records to a conventional DNS server. However, the majority of
DNS server deployments restrict (for obvious security reasons) the
ability to update DNS records completely or to only a few known
hosts. Because using this mechanism would require installation sites
to change their DNS administration policies, this is obviously not an
attractive option.

To be honest, it's a lot better to just enable (and configure) dyn-dns than it is to learn, install, configure, and administrator an all new platform (SLP). Large installations would already have the DNS fail-over set up (I know we do at my organization) and so on. It makes a hell of a lot more sense to use dyn-dns than it does to install SLP.

Second, it is true that dyn-dns would limit which hosts can post/publish services. That's a *good* thing. We don't want someone to come in, plug in a laptop, publish an http service with a similar name as the company Intranet, and start stealing passphrases and such when users attempt to login to this rogue service. We *want* to be able to limit and control who can publish what. In fact, in a large organization, I would *expect* a responsible administrator to disable mDNS and rely solely on a well controlled central set of DNS servers.

Yes, SLP allows all of that, but then it requires new infrastructure to be in place. Plus it isn't *also* capable of handling no-administrator ad-hoc networks like Zeroconf (mDNS + DNS-SD + IP Autoconfiguration) is designed to be able to handle.

Leveraging existing infrastructure to a very large degree and being comprised of several small inter-dependent pieces makes Zeroconf one of the most UNIX-y network service protocols around. Simply amazing engineering. :)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]