Multicast DNS

Last updated April 15, 2024

In computer networking, the multicast DNS (mDNS) protocol resolves hostnames to IP addresses within small networks that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as unicast Domain Name System (DNS). It was designed to work as either a stand-alone protocol or compatible with standard DNS servers.^[1] It uses IP multicast User Datagram Protocol (UDP) packets and is implemented by the Apple Bonjour and open-source Avahi software packages, included in most Linux distributions. Although the Windows 10 implementation was limited to discovering networked printers, subsequent releases resolved hostnames as well.^[2] mDNS can work in conjunction with DNS Service Discovery (DNS-SD), a companion zero-configuration networking technique specified separately in RFC 6763.^[3]

History

Multicast DNS was first proposed by Bill Woodcock and Bill Manning in the IETF in 2000, and was eventually published as standards-track RFC 6762 by Stuart Cheshire and Marc Krochmal thirteen years later.^[1]^[4]

Protocol overview

When an mDNS client needs to resolve a hostname, it sends an IP multicast query message that asks the host having that name to identify itself. That target machine then multicasts a message that includes its IP address. All machines in that subnet can then use that information to update their mDNS caches. Any host can relinquish its claim to a name by sending a response packet with a time to live (TTL) equal to zero.

By default, mDNS exclusively resolves hostnames ending with the .local top-level domain. This can cause problems if .local includes hosts that do not implement mDNS but that can be found via a conventional unicast DNS server. Resolving such conflicts requires network-configuration changes that mDNS was designed to avoid.

Packet structure

An mDNS message is a multicast UDP packet sent using the following addressing:

IPv4 address 224.0.0.251 or IPv6 address ff02::fb
UDP port 5353
When using Ethernet frames, the standard IP multicast MAC address 01:00:5E:00:00:FB (for IPv4) or 33:33:00:00:00:FB (for IPv6)

The payload structure is based on the unicast DNS packet format, consisting of two parts—the header and the data.^[5]

The header is identical to that found in unicast DNS, as are the sub-sections in the data part: queries, answers, authoritative-nameservers, and additional records. The number of records in each sub-section matches the value of the corresponding *COUNT field in the header.

Queries

The wire format for records in the query section is slightly modified from that in unicast DNS, adding the single-bit UNICAST-RESPONSE field.^[1]

mDNS Query section fields
Field	Description	Length bits
QNAME	Name of the node to which the query pertains	Variable
QTYPE	The type of the query, i.e. the type of Resource Record which should be returned in responses.	16
UNICAST-RESPONSE	Boolean flag indicating whether a unicast-response is desired	1
QCLASS	Class code, 1 a.k.a. "IN" for the Internet and IP networks	15

As in unicast DNS, the QNAME field consists of a series of length/value sub-fields called labels. Each label represents one of the dot-separated substrings in a fully qualified domain name (FQDN). The list is terminated by either a single null-byte representing the root of the DNS, or by a byte with the two high-order bits set (value 192) to signal an indirect pointer to another location in the message. This is known as name compression in RFC 6762.

The UNICAST-RESPONSE field is used to minimize unnecessary broadcasts on the network: if the bit is set, responders SHOULD send a directed-unicast response directly to the inquiring node rather than broadcasting the response to the entire network.

The QCLASS field is identical to that found in unicast DNS.

Resource Records

All records in the answers, authoritative-nameservers, and additional records sections have the same format and are collectively known as Resource Records (RR).

Resource Records in mDNS also have a slightly modified general format compared to unicast DNS:

mDNS Resource Record fields
Field	Description	Length bits
RRNAME	Name of the node to which the record pertains	Variable
RRTYPE	The type of the Resource Record	16
CACHE-FLUSH	Boolean flag indicating whether outdated cached records should be purged	1
RRCLASS	Class code, 1 a.k.a. "IN" for the Internet and IP networks	15
TTL	Time interval (in seconds) that the RR should be cached	32
RDLENGTH	Integer representing the length (in octets) of the RDATA field	16
RDATA	Resource data; internal structure varies by RRTYPE	Variable

The CACHE-FLUSH bit is used to instruct neighbor nodes that the record should overwrite, rather than be appended onto, any existing cached entries for this RRNAME and RRTYPE.

The formats of the RDATA fields are the same as those found in unicast DNS. However, DNS Service Discovery (DNS-SD), the most common use-case for mDNS, specifies slight modifications to some of their formats (notably TXT records).

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

An Internet Protocol address is a numerical label such as 192.0.2.1 that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface identification, and location addressing.

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded or revalidated. In computer networking, TTL prevents a data packet from circulating indefinitely. In computing applications, TTL is commonly used to improve the performance and manage the caching of data.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. Multicast addressing can be used in the link layer, such as Ethernet multicast, and at the internet layer for Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) multicast.

Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.

<span class="mw-page-title-main">Anycast</span> Network addressing and routing methodology

Anycast is a network addressing and routing methodology in which a single IP address is shared by devices in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops. Anycast routing is widely used by content delivery networks such as web and name servers, to bring their content closer to end users.

In computer networking, localhost is a hostname that refers to the current computer used to access it. The name localhost is reserved for loopback purposes. It is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses any local network interface hardware.

In computer networking, a hostname is a label that is assigned to a device connected to a computer network and that is used to identify the device in various forms of electronic communication, such as the World Wide Web. Hostnames may be simple names consisting of a single word or phrase, or they may be structured. Each hostname usually has at least one numeric network address associated with it for routing packets for performance and other reasons.

In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name. The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables. The reverse DNS database of the Internet is rooted in the .arpa top-level domain.

The Neighbor Discovery Protocol (NDP), or simply Neighbor Discovery (ND), is a protocol of the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the internet layer of the Internet model, and is responsible for gathering various information required for network communication, including the configuration of local connections and the domain name servers and gateways.

The name localhost is reserved by the Internet Engineering Task Force (IETF) as a domain name label that may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet.

IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is the IP-specific form of multicast and is used for streaming media and other network applications. It uses specially reserved multicast address blocks in IPv4 and IPv6.

The domain name .local is a special-use domain name reserved by the Internet Engineering Task Force (IETF) so that it may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet. As such it is similar to the other special domain names, such as .localhost. However, .local has since been designated for use in link-local networking, in applications of multicast DNS (mDNS) and zero-configuration networking (zeroconf) so that DNS service may be established without local installations of conventional DNS infrastructure on local area networks.

An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.

The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. It is included in Windows Vista, Windows Server 2008, Windows 7, Windows 8, Windows 10. It is also implemented by systemd-resolved on Linux. LLMNR is defined in RFC 4795 but was not adopted as an IETF standard.

An Internet Protocol version 6 address is a numeric label that is used to identify and locate a network interface of a computer or a network node participating in a computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks.

A TXT record is a type of resource record in the Domain Name System (DNS) used to provide the ability to associate arbitrary text with a host or other name, such as human readable information about a server, network, data center, or other accounting information.

References

1 2 3 Multicast DNS. Internet Engineering Task Force (IETF). doi: 10.17487/RFC6762 . RFC 6762.
↑ mDNS and DNS-SD slowly making their way into Windows 10, Ctrl blog, 21 October 2015, retrieved 2017-08-30
↑ DNS Service Discovery. IETF. doi: 10.17487/RFC6763 . RFC 6763.
↑ Manning, Bill; Woodcock, Bill (August 2000), "Multicast Domain Name Service", Ietf Datatracker, IETF
↑ P. Mockapetris (November 1987). DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION. Network Working Group, IETF. doi: 10.17487/RFC1035 . RFC 1035..

External links

Multicast DNS - information site maintained by mDNS designer, Stuart Cheshire
LLMNR, Multicast DNS and names on your LAN

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[rfc6762-1] 1 2 3 Multicast DNS. Internet Engineering Task Force (IETF). doi: 10.17487/RFC6762 . RFC 6762.

[mdnswin-2] mDNS and DNS-SD slowly making their way into Windows 10, Ctrl blog, 21 October 2015, retrieved 2017-08-30

[rfc6763-3] DNS Service Discovery. IETF. doi: 10.17487/RFC6763 . RFC 6763.

[4] Manning, Bill; Woodcock, Bill (August 2000), "Multicast Domain Name Service", Ietf Datatracker, IETF

[rfc1035-5] P. Mockapetris (November 1987). DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION. Network Working Group, IETF. doi: 10.17487/RFC1035 . RFC 1035..

[1]

[2]

[3]

[4]

[5]