VPN + DNS-Enabler + Wide Area Bonjour = no success

Similar Messages

• Leopard Wide-Area Bonjour DNS Issue

  Hi, all. Got an issue with Leopard's domain name resolver. A while back, I was experimenting with the "use dynamic global hostname" panel in Sharing. I wasn't able to get it to do anything useful (and I don't want help with that; I know what went wrong, and how to fix it, but haven't gotten to do so yet), but here's the thing - after returning the settings to the defaults (unchecking the "use dynamic global hostname" box), it seems to have left something behind in my system configuration.
  In particular, when I run "scutil --dns", I see the following two entries in addition to my normal DNS server and the "local" Bonjour resolver (domain names censored):
  resolver #3
  domain : bonjour.mydomain.com.
  options : pdns
  timeout : 5
  order : 150000
  resolver #4
  domain : mydomain.com.
  options : pdns
  timeout : 5
  order : 150200
  The type of these is "pdns" - "private DNS", or wide-area Bonjour. They look harmless - but the fact that they're there is somehow preventing my machine from being able to resolve any hostname in "mydomain.com" that is a CNAME.
  I can get rid of them temporarily by running scutil and removing the key "State:/Network/PrivateDNS" from the database... and then name resolution works normally again. But a reboot, or a change in Bonjour settings (such as enabling or disabling "Back to My Mac"), causes them to come back. I can't figure out how to purge them from the actual system configuration database. Any suggestions?

  Here's the fix. Open Keychain Utility in the Utilities folder and choose "System" in the Keychains list in the sidebar. Now you'll probably see two entries of type "DNS Key" with the names "bonjour.mydomain.com" and "mydomain.com". Just delete those Keychain items and you should be back to normal.

• Wide area bonjour for mac

  I know this is not an exclusive forum for "bonjour for macbook" but I could not find any category explicitly catering issues with this so I thought this could be the place to ask my query.
  So here is my problem.
  To enable wide area bonjour on my laptops I have configured my own local dns sever by following details on this document http://www.dns-sd.org/ServerSetup.html and then configured my clients i.e. laptops by following http://www.dns-sd.org/ClientSetup.html page.

  I'm trying to do the same thing and found a couple helpful threads and links.
  http://blog.inig-services.com/wp-content/uploads/2010/03/WAB.pdf
  http://discussions.apple.com/message.jspa?messageID=5959986
  Unfortunately, following the above PDF guide, one key step fails. After enabling bonjour registrations using the serveradmin settings command and restarting DNS, I can see that the dnsextd proxy fails to start:
  dnsextd starting
  main: setrlimit - Invalid argument
  Using default file descriptor resource limit
  startedvialaunchd
  ConnectToServer: connect - Socket is not connected
  ConnectToServer: retrying connection
  I verified via netstat -na that BIND is listening on 5030 and I can use nslookup to run queries against it. There appears to be no good reason why dnsextd can't connect to it @ 127.0.0.1#5030 as far as I can tell.
  Is this feature broken in the latest Snow Leopard Server 10.6 release?

• How to setup Wide Area Bonjour across multiple Subnets?

  Hi Gents,
  It's been painful trying to get this up and i feel i am almost there, but can seem to complete the last bit
  I have this network i am helping to manage
  OS X Lion Server running
       DNS
       RADIUS
       Open Directory
  So the wifi network is in a seperate subsnet from the LAN on which the Mac Server is connected to which posses the problem of Bonjour not routed between the two subnets. So i decided to enable Wide-Area bonjour browsing and create a Service record for afp share folders. So i have got to the point where it's coming up on devices on the seperate subnet under the network icon, however when i try to connect to the service it just says connection failed. Authentication is occuring because if i use wrong credentials it doesn't attempt to connect.
  I believe it might be the way i am defining TXT. I have little experience here, any assistance would be appreciated
  This is the configruation in DNS Settings on Server Admin
  Service Name: Work\03****\03\you
  Service Type: _afpovertcp._tcp.
  Host: work.damnyou.org.
  Port: 548
  Priority: 1
  Weigth: 0
  TXT: "path=PUBLIC/"
  Anytime i attempt to connect, it just says Connection Failed
  Thanks,
  DeeBeeMac

  DeeBeeMac,
  Did you get things working good for you?  I also have a wired VLAN and a WiFi VLAN that I have a implementation with Aruba network for my WiFi,  they have an option called airgroup and printers seem to come and go.   I really don't want to use the Aerohive solution,  so I was thinking of a Mac mini with an interface on both VLANS.   Do you need to setup anything to get os x to announce services it see's on both networks?   I also tried avahi and turned on reflector, however it seems spotty as well.

• Wide area bonjour - windows dns

  Hi,
  I have been trying to setup wide area bonjour using ms dns server for serveral days and come up against a dead end.  In most examples on the internet BIND is used as the DNS server and all configuration is shown for BIND (except one PDF "www.grouplogic.com/Knowledge/PDFUpload/.../WanBonjour_1.pdf" which has examples for MS dns but it doesnt work).
  So I have managed to configure the MS dns server as far as advertising available services but when I try to resolve a service it fails.  I think its a problem with the srv record but have tried so many different configurations for this record I have lost count.  config below.
  Has any one set this up? could really do with a good example of it working on windows dns.

  thanks for the quick reply AndrewTJ - I did notice the typo after posting and corrected however the problems remains.  below is the contents of my up.com.dns file - i can see nothing out of place but cannot get a resolution
  ;  Database file up.com.dns for up.com zone.
  ;      Zone version:  22
  @                       IN  SOA dns1.up.com.  hostmaster.up.com. (
                           22           ; serial number
                           900          ; refresh
                           600          ; retry
                           86400        ; expire
                           3600       ) ; default TTL
  ;  Zone NS records
  @                       NS dns1.up.com.
  ;  Zone records
  _http._tcp.up.com.              PTR website._http._tcp.up.com.
  website._http._tcp.up.com.      TXT ( "txt path=/" )
                           SRV 0 0 80 dns1.up.com.
  _services._dns-sd._udp.up.com.  PTR _http._tcp.up.com.
  b._dns-sd._udp.up.com.          PTR @
  lb._dns-sd._udp.up.com.         PTR @
  dns1.up.com.                    A 192.168.1.153
  Any ideas?

• CUPS queues don't work with Wide Area Bonjour

  I'm completely flummoxed!
  My school board is installing new switches in all our schools, and moving from a single flat VLAN to multiple - one for printers, one for server, one for client workstations. Printing queues advertised with Bonjour worked fine on the old network, but multiple VLANs breaks all that since Bonjour is in the unrouteable multicast range (which makes sense, since it's not meant to work outside of the local network). I have old Tiger servers at the schools, running on hardware that doesn't do VLANs (old G4 towers), so advertising queues with Bonjour using the school server can't get me by.
  I've set up BIND (DNS) to show my CUPS IPP print queues from a central Lion workstation (elemprtsrv01.example.com) in the school's subnet (10.159.40.0/22; academic-wrd.scd.example.com) as follows (my domain substituted with example.com for anonymity) - the relevant section snipped from the rest of the zone file:
  $ORIGIN academic-wrd.scd.example.com.
  ; Wide Area Bonjour Browsing
  b._dns-sd._udp                    IN PTR          @
  lb._dns-sd._udp                    IN PTR          @
  db._dns-sd._udp                    IN PTR          @
  ; Wide Area Bonjour Printing
  SCD-234-Q._printer._tcp          IN          SRV          0          0  631          elemprtsrv01.example.com.
  _printer._tcp                                         IN PTR          SCD-234-Q._printer._tcp
  _cups._sub._ipp._tcp                     IN PTR          SCD-234-Q._printer._tcp
  _ipp._tcp                                                   IN PTR          SCD-234-Q._printer._tcp
  _universal._sub._ipp._tcp           IN PTR          SCD-234-Q._printer._tcp
  SCD-234-Q._printer._tcp          IN TXT ( "txtvers=1" "qtotal=1" "rp=printers/SCD234Q" "note=2nd Floor Workroom" "ty=Xerox WorkCentre 5755, EXAMPLE Student 2.2" "product=(EXAMPLE-22STUD-XeroxWC5775)" "printer-state=3" "printer-type=0x80B0F6" "Transparent=T" "Binary=T" "Fax=F" "Punch=T" "Bind=F" "Sort=T" "Scan=F" "Duplex=T" "Staple=T" "Copies=T" "Collate=T" "Color=F" "pdl=application/pdf,application/postscript,application/octet-stream,image/jpeg ,image/png" )
  The relevant section of the /etc/cupsd.conf file on elemprtsrv01 (10.100.1.73) looks like this:
  ServerAlias elemprtsrv01.example.com
  ServerAlias printerserver.academic-wrd.scd.example.com
  MaxLogSize 20m
  MaxCopies 100
  LogLevel debug2
  SystemGroup admin
  SystemGroupAuthKey system.print.admin
  # Allow remote access
  #Port 631
  Listen 10.100.1.73:631
  Listen 127.0.0.1:631
  Browsing On
  BrowseOrder deny,allow
  BrowseRemoteProtocols cups
  BrowseLocalProtocols cups dnssd
  DefaultEncryption Never
  DefaultAuthType Basic
  WebInterface Yes
  BrowseWebIF No
  MaxClients 1000
  RootCertDuration 300
  <Location />
    # Allow remote access...
    Order deny,allow
    Allow all
    AuthType None
  </Location>
  <Location /rss>
    Order deny,allow
    Allow all
  </Location>
  <Location /printers>
    Order deny,allow
    Allow all
    AuthType None
    Encryption Never
  </Location>
  <Location /jobs>
    Order deny,allow
    Allow all
    AuthType None
    Encryption Never
  </Location>
  If I use Bonjour Browser on the print server network and on the school's academic-wrd.scd.example.com subnet, I see identical info to that provided by my DNS records - in other words, Wide Area Bonjour (WAB) appears to be working and providing the necessary details.
  When I try to add a printer on a school workstation, the WAB printer appears...though the PPD ("(EXAMPLE-22STUD-XeroxWC5775)" should match SCD234Q.ppd from the server queue) doesn't get imported from the server and I get a Generic Printer Description instead. When I try to print on the client, I see promising notes about connecting to the print server, but then it always pauses the queue. Here's the relevant section from /etc/cups/ppd/SCD234Q.ppd:
  *Manufacturer: "Xerox"
  *ModelName: "Xerox WorkCentre 5775"
  *ShortNickName: "Xerox WorkCentre 5775"
  *NickName: "Xerox WorkCentre 5755, EXAMPLE Student 2.2"
  *PCFileName: "XRWC5775EXAMPLESTUD22.PPD"
  *Product: "(EXAMPLE-22STUD-XeroxWC5775)"
  *PSVersion: "(3010.106) 3000"
  In the CUPS error log, I get this annoying encryption error, which no else appears to have had, according to the usual search engines:
  d [04/Jan/2012:21:47:41 -0500] cupsdAcceptClient(lis=0x7fc585200470(13)) Clients=0
  D [04/Jan/2012:21:47:41 -0500] cupsdAcceptClient: 20 from 10.159.40.174:631 (IPv4)
  d [04/Jan/2012:21:47:41 -0500] cupsdAddSelect(fd=20, read_cb=0x102d74b81, write_cb=0x0, data=0x7fc584034400)
  d [04/Jan/2012:21:47:41 -0500] cupsdReadClient(con=0x7fc584034400(20)) con->http.error=0 con->http.used=0, con->http.state=0 con->data_encoding=HTTP_ENCODE_LENGTH, con->data_remaining=0, con->file=-1
  d [04/Jan/2012:21:47:41 -0500] cupsdReadClient: Saw first byte 02, auto-negotiating SSL/TLS session...
  d [04/Jan/2012:21:47:41 -0500] encrypt_client(con=0x7fc584034400(20))
  D [04/Jan/2012:21:47:41 -0500] get_cdsa_certificate: Looking for certs for "elemprtsrv01.example.com"...
  E [04/Jan/2012:21:47:51 -0500] Unable to encrypt connection from 10.159.40.174 - unknown error -1=ffffffffffffffff (-1)
  D [04/Jan/2012:21:47:51 -0500] cupsdCloseClient: 20
  D [04/Jan/2012:21:47:51 -0500] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  d [04/Jan/2012:21:47:51 -0500] cupsdRemoveSelect(fd=20)
  d [04/Jan/2012:21:47:51 -0500] cupsdCheckJobs: 0 active jobs, sleeping=0, reload=0
  OK, so here's the annoying bit: if I manually configure the queue on a Snow Leopard (or higher) client by going into System Preferences, adding an IP printer with IPP protocol (elemprtsrv01.example.com, queue name /printers/SCD234Q) then it works. With Leopard or Tiger, the PPD doesn't load from the server, and the generic PPD is substituted automatically.
  If I manually add "ServerName elemprtsrv01.example.com" to /etc/cups/client.conf on the client machine, then it shows all the server queues and magically works too - even on Leopard and Tiger.
  The problem is that I DON'T want to have all the server queues appearing on every workstation, since it'll cause mahem when the students discover all the queues and print to other schools for kicks. WAB was supposed to solve that for me by advertising only the queues that were meant to be accessed by that subnet (they'd all be there on the server, but only a real techie would know how to access them, since they weren't advertised).
  Why don't the WAB queues work? Why do I get an encryption error with them?
  How do I get the server's PPD to download automatically to the client? (this is especially useful for printers with customized PPDs set up with the proper settings for that printer...and for the Xerox copiers that are using accounting codes present in the server's PPD)
  Any help would be very much appreciated!

  Figured it out...stick with Lion (Client or Server) and use the web interface to add printers and customize the /etc/cups.conf file. If you use either System Preferences or the Print config in Server Admin on earlier versions of Mac OS X Server, you'll bugger up your cups.conf file (top part of which is reproduced here):
  ServerAlias *
  LogLevel debug2
  SystemGroup admin
  SystemGroupAuthKey system.print.admin
  # Allow remote access
  Port 631
  Listen elemprtsrv01.example.com
  Listen /private/var/run/cupsd
  Browsing On
  BrowseOrder allow,deny
  BrowseRemoteProtocols CUPS
  BrowseAddress @LOCAL
  BrowseLocalProtocols CUPS dnssd lpr
  DefaultAuthType Basic
  WebInterface Yes
  <Location />
    # Allow remote access...
    Order allow,deny
    Allow all
  </Location>
  <Location /rss>
    Order allow,deny
    Allow all
  </Location>
  <Location /classes>
    Order allow,deny
    Allow all
  </Location>
  <Location /printers>
    Order allow,deny
    Allow all
  </Location>
  <Location /admin>
  </Location>
  The key is to allow anything as a server name (ServerAlias *) and Allow All for / and /printers (though / by itself should be enough). If you want to listen for LPR (port 515) then I think it needs to be listed in BrowseLocalProtocols - it's not a valid option for BrowseRemoteProtocols.
  On the Wide Area Bonjour front, I created TWO different entries for each printer in my domain, because otherwise the queues would appear and instantly disappear in the Tiger browser - Tiger only shows the LPR queue. The queue name is preceded by "printers/" in the IPP queue, but not with the LPR queue. Here's an example from the top of my BIND student zone file:
  $ORIGIN academic-wrd.scd.example.com.
  ; Wide Area Bonjour Browsing
  b._dns-sd._udp                    IN PTR          @
  lb._dns-sd._udp                    IN PTR          @
  db._dns-sd._udp                    IN PTR          @
  ; Wide Area Bonjour Printing
  SCD-234\0322nd\032Floor\032Copier\032LPR\032Q._printer._tcp          IN          SRV          0          0  515          elemprtsrv01.example.com.
  _printer._tcp                                         IN PTR          SCD-234\0322nd\032Floor\032Copier\032LPR\032Q._printer._tcp
  SCD-234\0322nd\032Floor\032Copier\032LPR\032Q._printer._tcp          IN TXT ( "txtvers=1" "qtotal=1" "rp=SCD234Q" "note=2nd Floor Workroom" "Transparent=T" "Binary=T" "Fax=F" "Punch=3" "Bind=F" "Sort=T" "Scan=F" "Duplex=T" "Staple=T" "Copies=T" "Collate=T" "Color=F" "pdl=application/postscript" )
  SCD-234\0322nd\032Floor\032Copier\032IPP\032Q._ipp._tcp          IN          SRV          0          0  631          elemprtsrv01.example.com.
  _ipp._tcp                                                   IN PTR          SCD-234\0322nd\032Floor\032Copier\032IPP\032Q._ipp._tcp
  _cups._sub._ipp._tcp                     IN PTR          SCD-234\0322nd\032Floor\032Copier\032IPP\032Q._ipp._tcp
  _universal._sub._ipp._tcp           IN PTR          SCD-234\0322nd\032Floor\032Copier\032IPP\032Q._ipp._tcp
  SCD-234\0322nd\032Floor\032Copier\032IPP\032Q._ipp._tcp          IN TXT ( "txtvers=1" "qtotal=1" "rp=printers/SCD234Q" "note=2nd Floor Workroom" "ty=Xerox WorkCentre 5755 Student 2.2" "product=(Xerox WorkCentre 5775 Student22)" "printer-state=3" "printer-type=0x80B0F6" "Transparent=T" "Binary=T" "Fax=F" "Punch=3" "Bind=F" "Sort=T" "Scan=F" "Duplex=T" "Staple=T" "Copies=T" "Collate=T" "Color=F" "pdl=application/pdf,application/postscript,application/octet-stream,image/jpeg ,image/png" "URF=W8,SRGB24,CP1,RS600" )
  ;SCD-236\032Office\032LPR\032Q._printer._tcp          IN          SRV          0          0  515          elemprtsrv01.example.com.
  ;_printer._tcp                                         IN PTR          SCD-236\032Office\032LPR\032Q._printer._tcp
  ;SCD-236\032Office\032LPR\032Q._printer._tcp          IN TXT ( "txtvers=1" "qtotal=1" "rp=SCD236Q" "note=Main Office" "Transparent=F" "Binary=F" "Fax=F" "Punch=0" "Bind=F" "Sort=F" "Scan=F" "Duplex=F" "Staple=F" "Copies=T" "Collate=T" "Color=F" "pdl=application/postscript" )
  ;SCD-236\032Office\032IPP\032Q._ipp._tcp          IN          SRV          0          0  631          elemprtsrv01.example.com.
  ;_ipp._tcp                                                   IN PTR          SCD-236\032Office\032IPP\032Q._ipp._tcp
  ;_cups._sub._ipp._tcp                     IN PTR          SCD-236\032Office\032IPP\032Q._ipp._tcp
  ;_universal._sub._ipp._tcp           IN PTR          SCD-236\032Office\032IPP\032Q._ipp._tcp
  ;SCD-236\032Office\032IPP\032Q._ipp._tcp          IN TXT ( "txtvers=1" "qtotal=1" "rp=printers/SCD236Q" "note=Main Office" "ty=Lexmark T520" "product=(Lexmark T520 SCD)" "printer-state=3" "printer-type=0x8090C6" "Transparent=F" "Binary=F" "Fax=F" "Punch=0" "Bind=F" "Sort=F" "Scan=F" "Duplex=F" "Staple=F" "Copies=T" "Collate=T" "Color=F" "pdl=application/pdf,application/postscript,application/octet-stream,image/jpeg ,image/png" "URF=W8,SRGB24,CP1,RS600" )
  Note that the second queue is commented-out in the student zone file because it's the office queue and I didn't want it to appear in student workstation queue browsers. I customized the PPDs for these printers and thus changed the "product=" part of the TXT record to match the name in the altered PPD's "*PRODUCT:" line so that it wouldn't match with an already-installed PPD.
  The above zone file generates two different queues (IPP and LPR) for each printer on Leopard and higher queue browsers, but only one queue (LPR) on Tiger. We're still supporting Tiger and even the odd Mac OS 9 client (no browsing, but they can do a manual LPR queue). Windows does both or you can manually add the IPP queue (add a new network printer using the URL "http://elemprtsrv01.example.com:631/printers/SCD234Q" and make sure you're using the PostScript driver for the printer, or you'll get garbage). iOS devices browse for _universal._sub._ipp._tcp records and you need to add the URF= field in the TXT record or the queue won't show up...and add a file /usr/share/cups/mime/airprint.types with the single line "image/urf urf (0,UNIRAST<00>)".
  All my users from Mac OS 9 to Mac OS X to Windows can now print using a central print server that magically shows up in the print browser...yay!

• Wide-Area Bonjour / Dynamic Global Hostname

  Hello everyone
  I have a very specific problem, My AEBS is not sending UPDATE requests to my own DNS server when my DSL IP address changes over time.
  I have my own DNS server and run a dynamic zone with TSIG aututhentication.
  If I configure the "Dynamic global hostname" on my Macs behind my AEBS acting as a NAT gateway, they will register themselves withe the correctly natted address.
  In fact, this is amazing and works very well:
  sftp-ssh.tcp.dyn.secret.domain domain name pointer MacPro.sftp-ssh.tcp.dyn.secret.domain.
  smb.tcp.dyn.secret.domain domain name pointer MacPro.smb.tcp.dyn.secret.domain.
  ssh.tcp.dyn.secret.domain domain name pointer MacPro.ssh.tcp.dyn.secret.domain.
  macpro.dyn.secret.domain has address xx.yy.169.96
  But my AEBS itelf has an older address:
  airport.tcp.dyn.secret.domain domain name pointer Airport.airport.tcp.dyn.secret.domain.
  smb.tcp.dyn.secret.domain domain name pointer Airport.smb.tcp.dyn.secret.domain.
  airport.dyn.secret.domain has address xx.yy.177.175
  I can force the update by restarting my AEBS, but this is not a good workaround.
  Has anyone else experience running a wide-area bonjour DNS server?
  Thanks

  Hi Patrick,
  I suggest you bring this up on the bonjour-dev[1] mailing list. You're much more likely to reach people with the right knowledge there.
  Andrew
  [1] http://lists.apple.com/mailman/listinfo/bonjour-dev

• Wide - Area Bonjour / Back to my Mac:  Simple Setup Discussion | Tutorial

  Looking to start a new thread for SIMPLE setup of wide-area bonjour / Back to my Mac setup across multiple geo locations
  Objectives
  1. develop tutorial/instructions for mainstream setup of WAB across multiple greographcal locations
  2. Goal is for complete discovery in Leopard Finder of each computer setup across seperate locations
  3. Ability to file share/browse file structure of each local and remote computer
  4. Ability to use Screen Sharing across geographical locations to control/observe remote computers (alternatively use Apple Remote Desktop app)
  5. Appropriate listing of services in Bonjour Browser (local and global)
  6. (Wide) Access to airport disk
  7. Consistency. Many solution like back to my mac solo sometimes work sometimes does not depending on unidentifiable variables (across reboots with no material change)
  Setup
  1. Multiple LAN (local area networks) in different geographical locations (LAN1, LAN2, LAN3,...)
  2. Dynamic IP setup from ISP in each geographic locations (cable / DSL)
  3. Airport Extreme router in each location (perhaps later we can explore UPNP and other routers which complicate setup)
  Tools
  1. Leopard running on all machines
  2. Use of .mac (dot mac) account allowing for "back to my mac", xxxx.members.mac.com setup
  3. Bonjour preference Pane, with setup of Hostname, Registration and Browsing panes
  http://www.dns-sd.org/ClientSetup.html
  4. Bonjour Browser
  http://www.tildesoft.com/Programs.html
  5. Finder
  To show remote and local LAN computers in SHARED in left browsing pane
  6. Dyn DNS service line zoneedit or dyndns, if necessary
  7. Airport Configuration - Wide area bonjour -> config of Advanced/Bonjour ; Hostname, Domain, Name, Password
  Restrictions
  1. No Leopard Server
  2. no direct configuration of a DNS server. No line edits. Use of third party services (non paying if possible) if necessary but rather avoid detailed editing of server setup and maintenance. The idea is to create a fairly simple setup for individual/family/small business/SOHO across work/family/home environment not IT professional setup

  I have been trying on my own to achieve this, and although I am an advanced user I am not a Programmer/Developer. Sadly I have been utterly unsuccessful. It would be so wonderful if the proposed step-by-step guide would come to fruition...

• How to use wide-area Bonjour?

  My understanding of Wide-Area Bonjour is that I can access Bonjour services while outside the local network. So for example while at the office I would think I could access the iPhoto library of a computer at home, at least that's what it seems to me.
  Am I right? If so, how is this used? I can find no instructions.

  I'm interested in this as well; documentation is minimal. Please post back here if you learn anything...
  I was hoping to see support for DynDNS or similar, but no...

• Wide Area Bonjour and making it *NOT* use a NAT

  Does anyone know if there's a way to stop Wide Area Bonjour from using the NAT gateway when it detects it's on a private network? This seems to be the default behavior and I wondered if it was possible to disable it.

  Well for what it's worth, I moved my network onto 192.0.2.X which is a section of IP addresses reserved for testing - so while not strictly private (though they never appear on the Internet) it means that Bonjour doesnt try to use the NAT.
  Can we say hack?

• Wide-Area Bonjour error in the logs

  I took a look at the logs, and noticed the following line repeated MANY times:
  Apr 11 11:59:53 Severity:3 Wide-Area Bonjour error for "TC.mymobilemename.members.mac.com." (-65537).
  futher down, I see this:
  Apr 11 12:00:01 Severity:3 Wide-Area Bonjour error for "Wireless\032Capsule.smb.tcp.mymobilemename.members.mac.com." (-65537).
  Apr 11 12:00:01 Severity:3 Wide-Area Bonjour error for "Wireless\032Capsule.adisk.tcp.mymobilemename.members.mac.com." (-65537).
  Apr 11 12:00:01 Severity:3 Wide-Area Bonjour error for "Wireless\032Capsule.afpovertcp.tcp.mymobilemename.members.mac.com." (-65537).
  I removed my real mobile me name and replaced it with mymobilemename.
  What is this error? Yes, I have entered my Mobile Me credentials into the Time Capsule, and obviously this is related to that.
  I can't ever seem to hit my TC when I am outside my home network, so clearly it's related.
  I am running the latest updates of the Airport Utility and the latest firmware on the device.
  How to do fix this?
  thanks.

  I have same error and don't know what to do.
  Thanks

• Problem with dnsextd when creating Wide-Area-Bonjour

  Hello,
  I've been struggling for some time trying to create a WAB test environment but without success and would appreciate some help.
  Im using a mac mini (later 2014) running Yosemite to run bind (9.10) and ISC for a testing zone with DDNS enabled. This setup is running perfectly with or without TSIG (both ways run perfectly).
  When I try to include dnsextd in this setup for LLQ is where the problem start. No more DDNS updates. When I run dnsextd in debug mode, it shows the following message:
  "Rejecting Update Request with 2 additions but no lease".
  The dhcp logs report RCODE 5 (from dnsextd), which means REFUSED.
  Any ideias?
  I see a lot of website (including DNS-SD.org) with very simple cookbooks explaining how to create the WAB environment, but I cant make it work. Even if I configure the zone keys in dnsextd, it wont work. The error change to a new one (dnsextd responds without TSIG, which is not accepted by the DHCP server) and it wont work also.
  Any idea of fix would be appreciated.

  thanks for the quick reply AndrewTJ - I did notice the typo after posting and corrected however the problems remains.  below is the contents of my up.com.dns file - i can see nothing out of place but cannot get a resolution
  ;  Database file up.com.dns for up.com zone.
  ;      Zone version:  22
  @                       IN  SOA dns1.up.com.  hostmaster.up.com. (
                           22           ; serial number
                           900          ; refresh
                           600          ; retry
                           86400        ; expire
                           3600       ) ; default TTL
  ;  Zone NS records
  @                       NS dns1.up.com.
  ;  Zone records
  _http._tcp.up.com.              PTR website._http._tcp.up.com.
  website._http._tcp.up.com.      TXT ( "txt path=/" )
                           SRV 0 0 80 dns1.up.com.
  _services._dns-sd._udp.up.com.  PTR _http._tcp.up.com.
  b._dns-sd._udp.up.com.          PTR @
  lb._dns-sd._udp.up.com.         PTR @
  dns1.up.com.                    A 192.168.1.153
  Any ideas?

• Need Help Setting Up Wide Area Bonjour

  The subject says it all.
  Please assume I am a newbie.
  I need step by step procedure.
  Do I need a registered domain?
  Is there a web page with simple instructions.
  I want to be able to share files with family across the web - so they can download full resolution photos etc. I want to host these locally as there are many photos and it is not practical to put them on a server.
  I have tried setting up ftp on my computer and cannot access it from outside my LAN - previous question on this has not come up with any answers.
  Please help

  I don't think there is an all encompassing single source or information for you to go to. There are too many variables and choices for any one solution.
  Unless you have a static IP number from your ISP, your IP address will change on occasion. Your guests won't be able to find your machine without knowing what your IP number is. I get around this by using the service at dyndns.com. The service is free and you can get a domain name that doesn't change. You run a program on your machine that updates the ip number for your server automatically (there are a couple of consumer level routers that provide for this kind of service and you don't have to run a program on your computer).
  You will need to have an FTP server program running. You can probably do it with the OS, but I never bothered to figure out how. I just use a program named Crushftp which is a standalone FTP server with a fairly simple setup and full controls over users and groups. Ben at CrushFTP has pretty good support and keeps his software up to date.
  In addition, you will need to setup port forwarding in your router. Almost every router used in the home environment has a NAT firewall that blocks incoming connections on most ports. FTP uses port 21 TCP and the service or port must be forwarded to the Lan IP number of the machine that's hosting the FTP server.
  There are several skills you will need to learn to make this all come together and work right. You will need to install a couple of programs, learn to setup your router, create user accounts and passwords on your FTP server, and then teach your users how to use an FTP client program like YummyFTP. The machine that runs the FTP server will need to be running 24/7 so that it can answer users when required.
  Or, just use a hosting service for this kind of activity, like .Mac - give them the $100 a year, unload your pictures, build a couple of web pages that are based on their fairly simple templates, and get on with using your Mac. Using a solution like this means you only have to learn how to use one service, and you don't have to dedicate a machine for the task. You will still have to read their help menu's and understand the system, but you don't have to setup, maintain, and backup the server.

• Help configure DNS Enabler for Bonjour discovery

  Hi!
  I have a MacBook with Snow Leopard acting as a VPN server configured by the iVPN software.
  The shares on the local network can I connect to using Command-K, but I would like to have Bonjour to have it advertise all the shares.
  Then I heard about the program DNS Enabler which can advertise Bonjour services on wide area
  network.
  In DNS Enabler I have created a domain as they said in the manual and then added the AFP shares in the Bonjour tab.
  For a AFP share I must add: afpovertcp.tcp, example.domain.com, 548.
  I did this for my local shares and then tried to connect through the VPN I was very happy to see that
  the AFP shares show up in Finder sidebar under the "All..." icon.
  But now to the problem:
  I thought I could do the same for my iTunes server I have on the local network. I added; daap.tcp, example.domain.com, 3689.
  But why won't it show up in iTunes when all other Bonjour services working in Finder?
  Thanks for your help!

  Hi,
  have you figured it out yet? Otherwise you might want to try the Home-Sharing service home-sharing.tcp, which to my knowledge also runs through port 3689?
  I am still in the first stage of your post. I am trying to get AFP to work through VPN with DNS-Enabler. No success so far. Could you be so kind to post your exact settings?
  Thank you!

• Enabling Firewall breaks Bonjour name resolution (and other problems)

  Hi there, I thought I had a simple setup but trying to enable VPN & Firewall has shown me there are some issues I need help with:
  Setup: MacOS X Server 10.5.8 on MacPro
  - Machine is Mobile Account Server for 5 other machines connected to network
  - DHCP is obtained from Router in 10.1.10.x range. Server hardcodes its IP in that range (outside of DHCP addressable range)
  - Services running are: AFP, Open Directory, SMB, Software Update
  - All client workstations connect to server using "servername.local"
  This has all been working fine. However over the weekend I tried enabling VPN as we have a public IP address we can use. VPN works fine except:
  a) Plugging an additional ethernet cable into port 2, and configuring that port to have the external "public" IP information caused the "license in use issue" that has been reported here (http://discussions.apple.com/thread.jspa?messageID=9958588&tstart=0) so I had to use the solution of duplicating the existing ethernet config and entering the additional external IP to run both off the same port.
  b) I can't get L2TP working, but I can get P2PP. Seems like other people are having similar issues (http://discussions.apple.com/click.jspa?searchID=-1&messageID=9704644)
  But anyway, so I have P2PP VPN working and without a firewall previous functionality hasn't been impacted. Now of course, I'd be silly to leave this machine with the Firewall turned off as it is now a sitting duck out on the inter-tubes.
  I thus enabled the Firewall service with these settings:
  - Any service: Allow only traffic from "any" to these ports: (I enabled the ports for P2PP and L2TP)
  - 10-net: Allow all traffic from "10-net"
  This I assume would restrict access from the external interface, but let all internal subnet communication be unrestricted (like it was before I enabled the firewall). However this doesn't seem to be the case. I noticed that simple non-VPN connections to AFP service took a long time to happen using "afp://servername.local", several minutes before the authentication dialog appeared.
  Furthermore if I brought up "Software Update" on a managed client set to pull from "servername.local:8088", the connection would fail.
  If I disabled the firewall service, the slowdown and local Software Update would work fine.
  But if I try setting: "Allow all traffic from 'any'" on the Firewall (which should be almost like turning it of) it doesn't have a positive effect and slowdown of name resolution and failure to connect to local software update still occurred.
  Is there something in the Firewall being enabled that breaks Bonjour name resolution? Anyway to enable the Firewall and still keep Bonjour .local name resolution? Does this problem have anything to do with issue (a) we have to work-around?
  Thanks for any recommendations,
  Matt

  Hi Flanjman,
  Additional this article may give you more tips.
  https://connect.microsoft.com/SQLServer/feedback/details/674454/name-resolution-not-yet-available
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]