macbroadcast´s blog

wide area bonjour server setup
May 25, 2009, 1:48 pm
Filed under: zeroconfiguration | Tags:

Set-up goal:
I have a laptop, whose IP address changes often. So I want it to be
reachable on “”. To do so, it must be able to sent
a messages to my DNS server to update the A record for
“”. Since I don’t want any computer in the world to
change it, I use a shared secret. My DNS server is,
or (IPv4) and 2002:9163:9423::1 (IPv6).

I implemented as a subdomain of;
that’s easier to maintain.

1. First, I need my DNS machine, to be the
authoritive domain for the subdomain. The
authorative nameservers for are:
% host -t NS name server name server name server

To delegate the subdomain to, I
make sure that the above name server have the following configuration:
mbp-freek IN NS
mickey IN A
mickey IN AAAA 2002:9163:9423::1
(Feel free to ignore the AAAA record — that’s only important if you
care about IPv6).

2. The second step is to configure the subdomain
at here is the relevant part of my BIND
configuration, found in named.conf:
// service discovery domain
zone “” {
type master;
file “”;
// allow-update { any; };
allow-update { key; };

Note that the “allow-update { any; };” can be useful for testing: it
would allow anyone in the world to change the DNS configuration, without
a password. That is fine for testing. Obviously, I now commented it out.

I recommend to first set “allow-update { any; };” and later add the key
if the basics work fine.

3. As a start, you need to create the zone file
(“” in my configuration.) Be sure to create it
in the correct directory. If you use BIND, it is typically set with
“directory “/etc/bind”;” or “directory “/var/cache/bind”;”

Here is the contents of my zone file:
% cat
$TTL 3600 ; 1 hour IN SOA (
3203 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
60 ; minimum (1 minute)
$TTL 1 ; 1 second
AAAA 2002:3516:3292:1::1
$TTL 3600 ; 1 hour
lb PTR

Again, create this file with a sensible content. It will be changed on
the fly, but a good start helps a lot. Make sure the file and directory
are writable by your bind daemon.

4. Now, (re)start your bind server:
# /etc/init.d/bind9 restart
(or whatever you use to restart it)

5. Now I have to configure my laptop to tell it’s IP
address every time that changes. I use the Bonjour preference pane for
that. You can download it from

See the attached screenshot bonjour-config.tiff for my set-up. Note that
I only filled in the “Hostname” tab with “”.
The other tab are unchecked and empty! Also, note that I did not fill in
the name of my DNS server ( that is not necessary,
since the Bonjour preference pane finds it by simply querying for the NS
record of “”. So for my set-up it really is
important that the public reachable DNS server point to my own server,
as explained in set 1.

6. Test if it works. Look in the log of your DNS server. Does the IP
address gets updated. For example, my BIND log reports:
updating zone: deleting rrset at ‘’ AAAA
updating zone: adding an RR at ‘’ AAAA
updating zone: deleting rrset at ‘’ A
updating zone: adding an RR at ‘’ A
updating zone: deleting an RR
(Note: I trimmed the log lines a bit for readability, and had to
increase the log verbosity for them to show up).

7. If it works fine, create a shared secret.
dnssec-keygen -a HMAC-MD5 -b 128 -n host

Copy the key (which looks like “”)
And add it to your named.conf file:
key {
algorithm hmac-md5;
secret “i94NgCObg/1t0NtauLB+QQ==”;
Also make sure the key is required to update the zone file:
zone “” {
type master;
file “”;
allow-update { key; };
(remove the “allow-update {any;};” if it’s still there.
finally, add the key to the Bonjour preference pane. You can do so by
clicking the “Password…” button in the “Hostname” tab.