NST Avahi (mDNS) FAQ

From NST Wiki
Revision as of 18:27, 12 February 2023 by Paul Blankenbaker (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Avahi/mDNS General

What Services Need to Be Running?

The avahi-daemon.service needs to be running. You can check its status via:

 systemctl status avahi-daemon.service

You can start it via:

 sudo systemctl start avahi-daemon.service

You can enable it so it is started at boot time via:

 sudo systemctl enable avahi-daemon.service

How Do I enable the resolving of Avahi (mDNS) addresses when using systemd-resolved?

The systemd-resolved service can be used to handle the "resolve" entry in /etc/nsswitch.conf (this is typically just before dns is invoked).

 hosts:      files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns

If you choose to enabled systemd-resolved, you can leave /etc/nsswitch.conf alone. However, if you'd like to reduce it, you can simplify the hosts entry to:

 hosts:      myhostname resolve

To enable and start the systemd-resolved service:

 sudo systemctl enable --now systemd-resolved

The default configuration for systemd-resolved has the MulticastDNS option disabled. So, you won't be able to resolve Avahi (mDNS) entries by default. To enable, uncomment or add the following line to /etc/systemd/resolved.conf:

 MulticastDNS=yes

Then restart the systemd-resolved service:

 sudo systemctl restart systemd-resolved

Finally, you can use the systemd-resolve command to configure how systemd-resolved should resolve mDNS addresses, in particular what interfaces it should resolve (resolvectl can probably be used as well):

 sudo systemd-resolve --set-mdns=yes --interface=enp0s3

You can then use the systemd-resolve or getent hosts command to check that addresses can be resolved to host names and that host names can be resolved to addresses. Verify DNS, file and mDNS entries:

 systemd-resolve localhost
 systemd-resolve nas.local
 systemd-resolve 192.168.1.201
 systemd-resolve www.google.com
 getent hosts www.cnn.com

You can also use PHP or Python to make sure that the gethostbyname and gethostbyaddr functions are also able to resolve names and addresses. Here is a PHP example:

 echo "<?php echo(gethostbyname('www.google.com')) ?>" | php
 echo "<?php echo(gethostbyname('pollomocha.local')) ?>" | php
 echo "<?php echo(gethostbyaddr('192.168.1.201')) ?>" | php

NOTE: In my configuration, the gethostbyname for .local names seems to work much faster for C/PHP/Python that makes use of the glibc gethostbyname function. The "getent hosts NAME.local" command also works, but appears to be very slow in comparison when mDNS resolving is enabled.

How Do I enable the resolving of Avahi (mDNS) addresses when not using systemd-resolved?

The systemd-resolved service can be used to handle the "resolve" entry in /etc/nsswitch.conf (this is typically just before dns is invoked).

 hosts:      files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns

To be able to fully resolve MutlicastDNS names to IPv4 addresses (and vice versa), you can change the hosts line to the following to get the fully functional mDNS resolver that allows you to resolve names to addresses and vice versa:

 hosts:      files myhostname mdns4 [NOTFOUND=return] dns

Since resolve was removed, you can also disable the systemd-resolved service:

 sudo systemctl disable --now systemd-resolved

You can then use the getent command to check that addresses can be resolved to host names and that host names can be resolved to addresses. Verify DNS, file and mDNS entries:

 getent hosts localhost
 getent hosts nas.local
 getent hosts 192.168.1.201
 getent hosts www.google.com

You can also use PHP or Python to make sure that the gethostbyname and gethostbyaddr functions are also able to resolve names and addresses. Here is a PHP example:

 echo "<?php echo(gethostbyname('www.google.com')) ?>" | php
 echo "<?php echo(gethostbyname('pollomocha.local')) ?>" | php
 echo "<?php echo(gethostbyaddr('192.168.1.201')) ?>" | php

NOTE: Changing from mdns4_minimal to mdns4 in /etc/nsswitch.conf may come with a performance cost, see https://github.com/lathiat/nss-mdns.

How Do I Resolve Using Avahi (mDNS) by hand?

You can use the avahi-resolve command to verify that a host name resolves to an IPv4 or IPv6 address.

[root@nst-test ~]# avahi-resolve -4 -n nst-test.local
nst-test.local	192.168.1.221
[root@nst-test ~]# avahi-resolve -6 -n nst-test.local
nst-test.local	2600:1700:1850:e820:56a0:f48:d01f:86bd
[root@nst-test ~]# 

How Do I Add Avahi Resolving to nsswitch.conf?

You need to have the following packages installed:

 sudo dnf install avahi-daemon nss-mdns

You need to have the avahi-daemon service running:

 sudo systemctl start avahi-daemon.service
 sudo systemctl enable avahi-daemon.service

In order for normal commands (like ping, ssh, etc) to resolve Avahi host names, you need to have the following configuration line in your /etc/nsswitch.conf file:

hosts:      files mdns4_minimal [NOTFOUND=return] dns myhostname

This line is typically added automatically when you add the nss-mdns package.

What Happens If My Router Resolves .local Domains?

I have run into AT&T WIFI access points that resolve .local domains under the normal DNS protocol. This breaks normal Avahi lookups and was driving me crazy for several weeks. I finally came across an answer to this issue at Red Hat Bugzilla – Bug 1690078. Basically on an NST system, you need to:

  • Change the /etc/nsswitch.conf file to use the mdns4 library instead of the mdns4_minimal library:
# Work around to dang AT&T Access Point resolving .local domains
hosts:      files mdns4 [NOTFOUND=return] dns myhostname
  • Create a /etc/mdns.allow file with the following entries:
# Work around to dang AT&T Access Point resolving .local domains
.local.
.local

How Do I Scan My Network For Avahi Service?

The easy was is to use the NST Web Interface. From the menu bar, select Security -> Active Scanners -> NST Avahi (mDNS) Discovery. This will generate a table of available services and hosts with active links that allow further inspection.

Alternatively, you can run the following from the command line:

sudo avahi-browse --all