I'm looking into wide area service discovery and bonjur / avahi seem to be really good.
However, I'm a bit confused about how all this works?
So:
I have a bunch of services running in a cloud.
I have clients which can be located anywhere in the world.
I want the clients to automatically discover the services in the cloud.
I need the clients to be absolutely zero conf, so they don't know IPs, ports, nothing.
If I understand it correctly, this can be done using the above mentioned dns-sd libs. I have full access to a DNS server, so I suppose, the services can register themselves on startup using these libs and then the data can be spread through DNS servers world wide.
The clients can obtain the advertised info by querying the DNS record of my domain using bonjur / avahi tech, right?
All I need to do is to link the client with bonjur / avahi libs, and tell it which domain it should use (query).
Is this correct?
Am I missing something here or is it how this works?
Thanks in advance!
Avahi does not currently support publishing to a wide-area server, though it can browse wide-area. So if you can dynamically update a DNS server somewhere with the appropriate records Avahi would be able to see it.
You do however potentially have more problems to solve here including port mapping/nat traversal which Avahi does not address at all.
Related
A little bit of context. I have developped a webapp on node.js (and a glamourous set of extensions). It has been approved for testing with true users at my company and i am supposed to deploy it now. Problem is that basically i have no idea unto how attack this problem. I have so many questions.
For the moment i have created a virtual machine on the local server. I have installed ubuntu server unto it and i have the intuition about how to deploy the app in this part (i suppose following the same steps as when i started to work on this project). I do not know however if i can have remote access from the outside of my network to this virtual machine. I also dont know if additional configuration in ubuntu's side is needed to make such an idea work (for example: in the installation there was a part about proxies that at the moment i decided to ignore)
From the few documents i have read about it since i was assigned this, a solution may lie in using nginx. The logic behind it if i am not mistaken (and please correct me if i am) is that nginx can help linking the HTTP requests (through the port 80 which is normally opened for access in most machines) and link it to a specific port on the machine (The sexy app i have developped).
In a more early stage, what ressources would i need to start this off? Would i need a domain name? IS it necessary? Do i need a different virtual server to link the apps or can they be on the same machine?
If you have additional comments or tips for someone that is learning to do this kind of thing, please do.
For remote access, you will need a couple of things. First of all, you will need to make sure that your virtual machine is on a bridged adapter. I'm not sure what virtual machine you are on, or I'd give you more detail on how to do this. Second, you will need to make sure that your router has port 80 (or whatever port you chose to use) setup via port forwarding so that requests coming in map to the server (a request comes to the router on the port, the router must then know where to send those requests to). Finally, if you want to use a port other than port 80, you should be able to configure this in the nodejs configuration. This may also be configurable in the router so that requests coming in on port 80 are mapped to, say 8080, but, given that this is a company, it's probably easier to reconfigure the nodejs server than have it set up special mapping.
This experience comes from personal experience with hosting web servers at home. Corporate routers should need similar configuration unless each system has a public IP address on the internet, which is unlikely.
I have a slight problem bit of the back story. recently ive been trying to test out univention which is a linux distribution with the goal of being able to replace Microsoft active directory.
I tested it locally and all went reasonably well after a few minor issues i then decided to test it remotely as the company wants to allow remote users to access this so i used myhyve.com to host it and its now been setup successfully and works reasonably well.
however
my main problem is DNS based as when trying to connect to the domain the only way windows will recognize it is by editing the network adapter and setting ip v4 dns server address to the ip address of the server hosting the univention active directory replacement. although this does allow every thing to work its not ideal and dns look up on the internet are considerably longer. i was wondering if any one had any ideas or have done something similar and encountered this problems before and know a work around. i want to avoid setting up a vpn if possible.
after initially registering the computer on the domain i am able to remove the dns server address and just use a couple of amendments to the HOST file to keep it running but this still leads to having issues connecting to the domain controller sometimes and is not ideal. any ideas and suggestions would be greatly received.
.Michael
For the HOST entries, the most likely issue is, that there are several service records a computer in the domain needs. I'm not sure, whether these can be provided via the HOST file or not but you'll definitely have authentication issues if they are missing. To see the records your domain is using issue the following commands on the UCS system.
/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
For the slow resolution of the DNS records there are several points where you could start looking. My first test would be whether or not you are using a forwarder for the web DNS requests and whether or not the forwarder is having a decent speed. To check if you are using one, type
ucr search dns/forwarder
If you get a valid IP for either of the UCR Variables, dns/forwarder1, dns/forwarder2 or dns/forwarder3, you are forwarding your DNS requests to a different Server. If all of them are empty or not valid IPs then your server is doing the resolution itself.
Not using a forwarder is often slow, as the DNS servers caching is optimized for the AD operations, like the round robin load balancing. Likewise a number of ISPs require you to use a forwarder to minimize the DNS traffic. You can simply define a forwarder using ucr, I use Google on IPv4 for the example
ucr set dns/forwarder1='8.8.8.8'
The other scenario might be a slow forwarder. To check it try to query the forwarder directly using the following command
dig univention.com #(ucr get dns/forwarder1)
If it takes long, then there is nothing the UCS server can do, you'll simply have to choose a different forwarder from the ucr command above.
If neither of the above helps, the next step would be to check whether there are error messages for the named daemon in the syslog file. Normally these come when you are trying to manually remove software or if the firewall configuration got changed.
Kevin
Sponsored post, as I work for Univention North America, Inc.
I currently have one .local address (Bonjour) pointing to my mac in my intranet, mbp.local, configured in system preferences with the computer name. I use this to send my boss links to demos on my local server (he sits in a chair behind me : >).
I'd like to be able to create new .local addresses to send different demos to my boss (demo1.local, demo2.local, etc) so that I can switch to different working copies to do other work while the demos are still live.
I'd know how to setup Apache to route these requests to the right places, but am unsure if it's possible to make new addresses that point to my mac (I think this has to do with multicasting?).
I have a dynamic IP in my intranet but would be able to setup a static IP if required.
Are you talking about web site demos? I'm not sure I understand the problem. If they're web sites, I'm sure you already know you can simply use a single address with different urls, eg, http://mbp.local/demo1, http://mbp.local/demo2, etc. If it is something else entirely, you can use the Mac's local host file to point multiple fqdns to a single IP address on your local network, but it would be best to have a static IP. Alternatively, you could edit your DNS or WINS server to do the address translation.
I haven't done this myself, but I wonder if you could use what's documented here to start. The difference would be that you'll send your boss links to http://demo1.mbp.local and so on.
I found more about this on this thread on SuperUser.
i have a linux client which uses pppoe to connect to the internet and
everytime this client comes online I wanna bind his ipadress to a subdomain.
dyndns is not an option due to their TTL.
It looks like i have to setup my own nameserver on my root server to accomplish this task because I cannot create the keys needed to run an nsupdate on the client with a provider nameserver... am I correct?
If so is there a good Howto for setting up a bind server for this specific task?
I havent ever maintained pppoe but if it uses dhcp to provide the ip address to the client, you could do updates from the dhcp to the dns.
Instructions on how to do this for debian here: http://www.debian-administration.org/article/Configuring_Dynamic_DNS__DHCP_on_Debian_Stable
Do not thou that you can adapt these to other distros too. You can find the same software atleast on fedora and ubuntu, difference is only how you install the required software.
One posibility is to set their machine to register with somebody like DynDNS. They have all the software you need to automatically notify them when they come online/go offline. This will give them a domain name of something like whatever.homelinux.org (it does not really matter). You then put static CNAME entries in your DNS to point your nice domain names eg southern.company.com to point to whatever.homelinux.org.
When they come online the domain will start to resolve and stop when they go off line since DynDNS have low TTL for this very reason. You can use large TTL in your zone file since the CNAMEs will not change.
Well dont you just need to create an A-Record for this IP on your DNS Server?
If your domain is 'google.com' and you wanted your host to be called 'server1'. Create an A-Record for 'server1' and point it to your machines IP.
Unless I am misunderstanding what you are asking for help with.
I whant to make a web interface on a server that will manage a few dns servers on another servers.
How can i remotely manage a bind dns server programmaticly ?
I would like to add/edit/delete zones.
I see that there is rndc but that only allows reloading of zones and not adding/deleting.
I could NFS mount zones from dns servers and edit them but is there a better way?
If there isn't a hard requirement on writing something like this from scratch, why not simply use an already existing interface without having to reinvent the wheel? A simple Google search for the keywords bind dns web interface yields an entire list of good open source projects in the very first result link.
There is work at the IETF to define a standard for remote control of name servers based on the Netconf framework. See:
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-name-server-management-reqs
https://datatracker.ietf.org/doc/html/draft-dickinson-dnsop-nameserver-control-00.txt
The requirements include the ability to add/remove zones, etc.
You could set up something that does remote SSH commands? That may be a bit insecure, though, unless the server running the commands themselves is pre-authenticated with an SSH key, and that's the only way you can access the server.