Set-up goal:
————
I have a laptop, whose IP address changes often. So I want it to be
reachable on “mbp-freek.macfreek.nl”. To do so, it must be able to sent
a messages to my DNS server to update the A record for
“mbp-freek.macfreek.nl”. Since I don’t want any computer in the world to
change it, I use a shared secret. My DNS server is mickey.macfreek.nl,
or 145.99.148.35 (IPv4) and 2002:9163:9423::1 (IPv6).Configuration:
————–
I implemented mbp-freek.macfreek.nl as a subdomain of macfreek.nl;
that’s easier to maintain.1. First, I need my DNS machine, mickey.macfreek.nl to be the
authoritive domain for the mbp-freek.macfreek.nl subdomain. The
authorative nameservers for macfreek.nl are:
% host -t NS macfreek.nl
macfreek.nl name server ns3.xel.nl.
macfreek.nl name server ns1.xel.nl.
macfreek.nl name server ns2.xel.nl.To delegate the mbp-freek.macfreek.nl subdomain to mickey.macfreek.nl, I
make sure that the above name server have the following configuration:
mbp-freek IN NS mickey.macfreek.nl.
mickey IN A 145.99.148.35
mickey IN AAAA 2002:9163:9423::1
(Feel free to ignore the AAAA record — that’s only important if you
care about IPv6).2. The second step is to configure the mbp-freek.macfreek.nl subdomain
at mickey.macfreek.nl. here is the relevant part of my BIND
configuration, found in named.conf:
// service discovery domain
zone “mbp-freek.macfreek.nl” {
type master;
file “mbp-freek.macfreek.nl.zone”;
// allow-update { any; };
allow-update { key mbp-freek.macfreek.nl.; };
};Note that the “allow-update { any; };” can be useful for testing: it
would allow anyone in the world to change the DNS configuration, without
a password. That is fine for testing. Obviously, I now commented it out.I recommend to first set “allow-update { any; };” and later add the key
if the basics work fine.3. As a start, you need to create the zone file
(“mbp-freek.macfreek.nl.zone” in my configuration.) Be sure to create it
in the correct directory. If you use BIND, it is typically set with
“directory “/etc/bind”;” or “directory “/var/cache/bind”;”Here is the contents of my zone file:
% cat mbp-freek.macfreek.nl.zone
$ORIGIN .
$TTL 3600 ; 1 hour
mbp-freek.macfreek.nl IN SOA mickey.macfreek.nl.
hostmaster.macfreek.nl. (
3203 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
NS mickey.macfreek.nl.
$TTL 1 ; 1 second
A 146.50.22.53
AAAA 2002:3516:3292:1::1
$ORIGIN _dns-sd._udp.mbp-freek.macfreek.nl.
$TTL 3600 ; 1 hour
b PTR mbp-freek.macfreek.nl.
lb PTR mbp-freek.macfreek.nl.
r PTR mbp-freek.macfreek.nl.Again, create this file with a sensible content. It will be changed on
the fly, but a good start helps a lot. Make sure the file and directory
are writable by your bind daemon.4. Now, (re)start your bind server:
# /etc/init.d/bind9 restart
(or whatever you use to restart it)5. Now I have to configure my laptop to tell mickey.macfreek.nl it’s IP
address every time that changes. I use the Bonjour preference pane for
that. You can download it from http://www.dns-sd.org/ClientSetup.html.See the attached screenshot bonjour-config.tiff for my set-up. Note that
I only filled in the “Hostname” tab with “mbp-freek.macfreek.nl”.
The other tab are unchecked and empty! Also, note that I did not fill in
the name of my DNS server (mickey.macfreek.nl): that is not necessary,
since the Bonjour preference pane finds it by simply querying for the NS
record of “mbp-freek.macfreek.nl”. So for my set-up it really is
important that the public reachable DNS server point to my own server,
as explained in set 1.6. Test if it works. Look in the log of your DNS server. Does the IP
address gets updated. For example, my BIND log reports:
updating zone: deleting rrset at ‘mbp-freek.macfreek.nl’ AAAA
updating zone: adding an RR at ‘mbp-freek.macfreek.nl’ AAAA
updating zone: deleting rrset at ‘mbp-freek.macfreek.nl’ A
updating zone: adding an RR at ‘mbp-freek.macfreek.nl’ A
updating zone: deleting an RR
(Note: I trimmed the log lines a bit for readability, and had to
increase the log verbosity for them to show up).7. If it works fine, create a shared secret.
dnssec-keygen -a HMAC-MD5 -b 128 -n host mbp-freek.macfreek.nl.Copy the key (which looks like “”)
And add it to your named.conf file:
key mbp-freek.macfreek.nl. {
algorithm hmac-md5;
secret “i94NgCObg/1t0NtauLB+QQ==”;
};
Also make sure the key is required to update the zone file:
zone “mbp-freek.macfreek.nl” {
type master;
file “mbp-freek.macfreek.nl.zone”;
allow-update { key mbp-freek.macfreek.nl.; };
};
(remove the “allow-update {any;};” if it’s still there.
finally, add the key to the Bonjour preference pane. You can do so by
clicking the “Password…” button in the “Hostname” tab.
Filed under: Uncategorized
The Internet is great, instead of just TV and newspapers we have a “back channel” – so we are able to “respond” immediately and “interact” in an entire network, It’s like a democratic network, anybody who can connect , may participate.
( First LIVE speech over cuseeme of an american democratic president , Audio1.aif, Audio2.aif , Audio3.aif)
How can I meet people that I don´t know ?
The idea of “ip based realtime group communication” , beside of amateur radio ,
started 1988 with IRC (internet relay chat ), but there is no video or audio capabilitys, so we are following an older concept calledCU-SeeMe a multiconferencing solution , developed in the early 90’s.
a bit history , what was the problem ?
However; in the past years things changed and all instant messengers using the internet, regardless of their entry method ( jabber and voip applications using SIP or H323, skype and even e-mail) need to know the “adress”, “ID” or Nickname of a “user” to get in contact with him/her. Even then, communication is mostly a one-to-one connection, and does not provide for broad community interaction and NASA NAT broke the rest.
For further understanding the “connectivity” problems, we would suggest reading The Edge Network Management Crisis
But even microsofts desperate attempts to get a foot into the door with Netmeeting , whitch never had multiconferencing abilitys, ended up in a netmeeting porn desaster and gave videoconferencing on the net a bad name.
openCU employs a conference control protocol that has proven to be quite robust and allows for the expression of detailed state regarding the relations of each conference participant to each other participant. In conjunction with a reflector software it allows for customized distribution of conference media, so that nothing is transmitted unless it is used. The protocol is limited in the size of the conference it can serve, but our investigations have shown that this can be extended. The video is encoded in an ad hoc format that was designed for a particular family of desktop machines that were widespread in the past. What it lacks in mathematical elegance, it makes up for in quickness.
Interactive mutimedia streaming
openCU, an de_central opensource cross-platform protocol implementation of cuseeme. For room based multivideo conferencing up to 70 people (right now ). It currently Supports speex and xvid codecs for video. More specific information soon.How it works
Download openCU ( only XP packages available right now ) and connect . (camera required and port 7648 has to be open), After connecting ,on your left side you will see a list with partizipants . If you klick on a “username” , his video stream will appear in ouropenCU application and on his end , an “eye ” will open and shows that he is been watched and vice versa.
Roadmap and Milestones
- setting up a development enviroment
- register rendezvous / bonjour service type
- register port 7648 at iana.org ( 2006 )
- Roozbeh Zabihollahi joined me (September 2008 )
- First openCU “Alpha” experimental test client OpenCu-V0.01, available under Downloads
- register IPv6 ULA (Unique Local Address) RFC4193 Registration
- version 0.09 of openCU released , with help menu.
- setting up a openCU blog at sourceforge with laconica support
