Community discussions

MikroTik App
 
mafiosa
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

mDNS repeater feature

Mon Apr 12, 2021 12:02 am

Please bring mDNS repeater feature in Rosv7. It is a very important feature for home routers.
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.1
 
User avatar
jvanhambelgium
Long time Member
Long time Member
Posts: 677
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: mDNS repeater feature

Mon Apr 12, 2021 12:16 am

Please bring mDNS repeater feature in Rosv7. It is a very important feature for home routers.
This is only an issue if you start fiddling around with multiple LAN / VLAN's
Guess what, like 0.00001% or something of "home users" is actually toying around with that in their home setup.

Don't get your hopes up to see it integrated into RouterOS. I think similar requests are echoing through the dungeons of this forum for many years now...
 
infabo
Member Candidate
Member Candidate
Posts: 295
Joined: Thu Nov 12, 2020 12:07 pm

Re: mDNS repeater feature

Mon Apr 12, 2021 1:53 am

Made my day! :D
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: mDNS repeater feature

Mon Apr 12, 2021 9:27 am

A pretty neat feature and often required here. It's usually good for sharing printers in work environment, rather than for home. However, for home could be useful too, people are just lazy now to make some complicated setups of their networks. But Mikrotik is a complicated device, it's strange they still ignore mDNS repeater. Who need "plug-and-play" device will not go Mikrotik way. Look at OpenWRT-enabled devices, there you could install any package you want. Or use your home NAS/RPi/etc. for this feature.
Research & development - www.Emelchenkov.pro
 
infabo
Member Candidate
Member Candidate
Posts: 295
Joined: Thu Nov 12, 2020 12:07 pm

Re: mDNS repeater feature

Mon Apr 12, 2021 7:49 pm

OpenWrt has relayd and a dedicated interface type for this task. But relayd is limited to IPv4. I once had such a setup running.
 
benoitc
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Jul 08, 2020 12:33 am

Re: mDNS repeater feature

Wed Jul 07, 2021 4:26 pm

even the edgerouter has a mdns repeater..
 
mafiosa
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: mDNS repeater feature

Wed Jul 07, 2021 5:18 pm

even the edgerouter has a mdns repeater..
Ever home user needs mDNS. Don't know why mikrotik keeps ignoring this.
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.1
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Wed Jul 07, 2021 5:20 pm

Ever home user needs mDNS.
I am a home user and do not need it.
Why is your assumption so absolute?
It is absolute-ly false.

My 4,000 contracts (home and business), corresponding to more than 16,000 people,
do not have it and no one has ever complained about it.

Please explain which critical part of the home network does not work without mDNS.

Thanks.
 
mafiosa
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: mDNS repeater feature

Wed Jul 07, 2021 5:29 pm

Ever home user needs mDNS.
I'm a home user, and I do not neet that.
Why you assumption is so absolute?
Is absolute false.

My 4000 contracts (home and business), corresponding to more than 16000 person do not have that, no one single complain about that.

Please explain what critical part of home network do not function without mDNS.

Thanks.
I keep my IoT on a separate vlan, I have my smart tv and google home devices on the same IoT vlan. How do I connect the smart tv and google home from my Wifi that is on a separate vlan?
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.1
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Wed Jul 07, 2021 5:35 pm

(please do not quote on useless way, use "post reply" instead)

>>>I keep my IoT on a separate vlan = VLAN of IoT devices
>>>I have my smart tv and google home devices on the same IoT vlan = TV and Google Home on same VLAN of IoT devices

>>>How do I connect the smart tv and google home from my Wifi that is on a separate vlan?
But on previous description do not are already on same VLAN of IoT devices ???
The mDNS is not the tool for do that...
Solution is extremely simple:
Create one virual wlan for other IoT devices, TV and Google Home, than work on same VLAN of IoT devices...

Do not have any sense make separate VLAN of IoT devices and then set Google and Smart TV on "main" Wi-Fi
Last edited by rextended on Wed Jul 07, 2021 6:08 pm, edited 1 time in total.
 
mafiosa
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: mDNS repeater feature

Wed Jul 07, 2021 5:50 pm

Hege muchechilen sokale? na orom bhabhei chole esheychen dalali korte?
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.1
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Wed Jul 07, 2021 6:13 pm

traduction:
You touch the wrong cable...
 
benoitc
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Jul 08, 2020 12:33 am

Re: mDNS repeater feature

Wed Jul 07, 2021 10:56 pm

(please do not quote on useless way, use "post reply" instead)

>>>I keep my IoT on a separate vlan = VLAN of IoT devices
>>>I have my smart tv and google home devices on the same IoT vlan = TV and Google Home on same VLAN of IoT devices

>>>How do I connect the smart tv and google home from my Wifi that is on a separate vlan?
But on previous description do not are already on same VLAN of IoT devices ???
The mDNS is not the tool for do that...
Solution is extremely simple:
Create one virual wlan for other IoT devices, TV and Google Home, than work on same VLAN of IoT devices...

Do not have any sense make separate VLAN of IoT devices and then set Google and Smart TV on "main" Wi-Fi
you may want to put your TV or your dishwasher on an IOT VLAN so it can access to internet but not other vlans, and still want make it discoverable for the familly vlan so they can start the dishwasher or lookt at the TV from their devices?

Another example is to put your printer on a vlan for the same reason, you want it upgradable/maintainable remotely . But you want also to make it discoverable easily.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 1:01 am

@benoitc why you write that quoting my post?
 
benoitc
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Jul 08, 2020 12:33 am

Re: mDNS repeater feature

Thu Jul 08, 2021 11:09 am

@benoitc why you write that quoting my post?
to reply to your "Do not have any sense make separate VLAN of IoT devices and then set Google and Smart TV on "main" Wi-Fi" . I may have misunderstood. But as I understand the principle, devices were on IOT vlan but accessed from others. And then you need an MDNS repeater
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: mDNS repeater feature

Thu Jul 08, 2021 11:22 am

To those people asking for mDNS, can you give examples where it will be useful?
Rextended provided solutions for the given examples. Maybe there are more examples?
No answer to your question? How to write posts
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: mDNS repeater feature

Thu Jul 08, 2021 12:14 pm

To those people asking for mDNS, can you give examples where it will be useful?
I.e. network printers in wired network shared with VLAN of wireless clients. Connections to printers are allowed by firewall, but mDNS are not routed so users must enter IP addresses rather than use auto-discovery feature.
Research & development - www.Emelchenkov.pro
 
afuchs
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Wed Jul 03, 2019 11:10 am

Re: mDNS repeater feature

Thu Jul 08, 2021 12:17 pm

Hello,

it would be useful because of apple.
One of our customers had the problem, that some of his hotspot users log in and close the status site.
After some time, they want to log out and they find it to complicated to use a url with an IP in it,
so I set up a static dns entry like 'router.customer.local' and it worked for all PCs and Laptops, but the iPhone couldn't resolve it.
After some sniffing I found only mDNS requests. Google found me an article that says, that Apple devices uses mDNS by local domains.

So mDNS would be helpful in his setting.
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 2:10 pm

To those people asking for mDNS, can you give examples where it will be useful?
Rextended provided solutions for the given examples. Maybe there are more examples?
Hello normis,
Actually, he did not provide any solution.
mDNS repeater is needed in the case that you have an IoT vlan and you need to interact to those devices from your main vlan.
For e.g. A phone connected to the main vlan needs to "cast" content to a smart tv on the restricted IoT vlan. and just to avoid any "why you connect your phone to the IoT vlan?" because it is not the solution.
in 2021 mDNS Repeater is a must.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 2:16 pm

You do not catch the point, (ignore mDNS) why make separate IoT VLAN if than must be continuosly on contact with "MAIN" VLAN?
True nonsense!!!
Last edited by rextended on Thu Jul 08, 2021 2:26 pm, edited 2 times in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: mDNS repeater feature

Thu Jul 08, 2021 2:22 pm

Yes, the question is, why separate the IoT, if you don't really need to separate ?
No answer to your question? How to write posts
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 2:26 pm

mDNS repeater is needed in the case that you have an IoT vlan and you need to interact to those devices from your main vlan.
mDNS is not a NAT or Routing, it simply supplies an address
for work already the two VLAN must communicate to eachother and...
why formerly separated VLAN, but effectively not?

The device also MUST be compatible whit mDNS

mDNS devices do not need any mDNS "proxy" if already are on same broadcast domain


...A phone connected to the main vlan needs to "cast" content to a smart tv on the restricted IoT vlan....
All these devices are studied to be all on same wired/wireless network, not to different VLAN.
Just some users on this forum or very advanced users use VLAN in house,
99,9% do not matter if are VLAN or not, 99,8% also do not know what ia a VLAN.
 
mkx
Forum Guru
Forum Guru
Posts: 7679
Joined: Thu Mar 03, 2016 10:23 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 2:32 pm

It's not entire nonsense, sometimes it's not possible to do it differently.

Here's example: you have an IoT gadget. It might not need internet, so you want to block internet access for it. Fine, you can use IP firewall filter if you know gadget's IP address. The later part can be tricky with IPv6 and dynamic addresses (constructed with aide of SLAAC), but you can still filter that according to gadget's MAC address. But even that is not fail safe, Apple in particular (and others as well) started to "anonymize" MAC address ... good luck catching that.
But even if you successfully block access to internet: user might want to restrict access of device to LAN services. And that's not easy to do if all devices belong to same L2 network.

Having separate L2 network for IoT devices solves all above mentioned problems without too much fuss. But then there comes auto-discovery where many (probably most) vendors simply expect that everything attaches to same L2 network (hence need for mDNS proxying) unless gadget registers directly to some cloud. Which is probably how network looks like for 99% of home users, but those mostly are not interested in running Mikrotik gear.

Personally I couldn't care less about mDNS and all that automagical stuff. But I still find problematic attitude of Mikrotik about not implementing service, which is enforced by major players and used by home users more and more. If MT wants to stay alive in SOHO segment, then they'll have to implement those features whether they like them or not.
BR,
Metod
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 2:45 pm

>>>you have an IoT gadget It might not need internet so you want to block internet access for it
Simply do not provide a gateway and DNS on lease

>>>you can use IP firewall filter if you know gadget's IP address
...no...

>>>The later part can be tricky with IPv6 and dynamic addresses...
...no... go out only know/allowed devices, if anonymize MAC, never go out

>>>but you can still filter that according to gadget's MAC address
...ok....

>>>But even that is not fail safe, Apple in particular (and others as well) started to "anonymize" MAC address...
do not buy Apple devices... or filter device with "2nd lower bit set" (000000!0) .. I do not know if is legal to change randomly the MAC (how much random?)

>>> good luck catching that.
...but on this way you still have MAC allowed to out, not a list of blocked MAC....

>>>user might want to restrict access of device to LAN services
why? what can do a device without internet to a light bulb, to a PC? etc.?.

>>>And that's not easy to do if all devices belong to same L2 network.
...really... is easy....

>>>Having separate L2 network for IoT devices solves all above mentioned problems
...yes but... still no see any problem with IoT devices on same L2 network of my PC...
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 2:47 pm

Why a separate IoT vlan? because I want it, and why have a Mikrotik router at home and use it as a stupid ISP HG(aka router)?

I want to have control of devices that I don't fully trust, those "black boxes", and having a vlan for it, I isolate it from the L2 domain.

The main reason that I have a Mikrotik at home is to do things that I cannot do using the ISP's Home Gateway, like having a separate, untrusted IoT vlan and a guest vlan.

mDNS Repeater is needed to make some services work across vlans, like printing, casting and etc.
 
TonyJr
Member Candidate
Member Candidate
Posts: 206
Joined: Sat Nov 12, 2011 1:30 am
Location: UK
Contact:

Re: mDNS repeater feature

Thu Jul 08, 2021 2:48 pm

To those people asking for mDNS, can you give examples where it will be useful?
Rextended provided solutions for the given examples. Maybe there are more examples?
In a business environment, wired printers can often be on their own VLAN, or one separate from Wireless devices. Without mDNS between the networks, the built in discovery tools for printing in a lot of mobile and wireless devices does not work. It prevents printing from some mobile devices to another network. Manual setup of DNS for this is long-winded and does not always work correctly (possibly wide-area bonjour).

There is also streaming to projectors and smart tvs/sticks that rely on the devices being on the same network for discovery, which is not always true in a business environment.

That is what I have seen in my experience.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 2:55 pm

mDNS Repeater is needed to make some services work across vlans, like printing, casting and etc.
You understand than mDNS do not do NAT, routing, firewall, etc. but just resolve address?
If you can comunicate between VLANs... the VLANs for this do not have any sense!
Understand?
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 2:59 pm

You do not catch the point, (ignore mDNS) why make separate IoT VLAN if than must be continuosly on contact with "MAIN" VLAN?
True nonsense!!!
nonsense is your posts, if you don't see a reason to use it, does not mean that no one can have a reason to need it.
Want a example? I want to all devices not be able to access/scan devices on my main "trusted" vlan, but still my devices on the trusted vlan be able to talk with those IoT, not backwards. Any connection started on trusted side is permitted, not the ones started on the untrusted that are not to the internet.

Ps. if you dont have a reason to post something useful, don't post, people here is just making a reasonable request for a thing that is used by all big players.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 3:00 pm

>removed, useless, see post #41<
Last edited by rextended on Thu Jul 08, 2021 6:55 pm, edited 3 times in total.
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 3:01 pm

mDNS Repeater is needed to make some services work across vlans, like printing, casting and etc.
You understand than mDNS do not do NAT, routing, firewall, etc. but just resolve address?
If you can comunicate between VLANs... the VLANs for this do not have any sense!
Understand?
of course, I know that. I've FW rules to allow the connections in the way that I do.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 3:03 pm

Ooooh, you understand now!
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 3:04 pm

Yes, the question is, why separate the IoT, if you don't really need to separate ?
@normis, basically some users, like me, want to isolate IoT devices by the L2 domain. but still allowing some connections to start from the trusted side.
some times all this Ch***** crap you will never know...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 3:08 pm

Ok, you deserve one solution until mDNS is officially supported?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 3:23 pm

>removed, useless, see post #41<
Last edited by rextended on Thu Jul 08, 2021 6:47 pm, edited 3 times in total.
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1244
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: mDNS repeater feature

Thu Jul 08, 2021 3:27 pm

@normis, basically some users, like me, want to isolate IoT devices by the L2 domain. but still allowing some connections to start from the trusted side.
some times all this Ch***** crap you will never know...
Perfectly valid point.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 3:39 pm

>removed, useless, see post #41<
Last edited by rextended on Thu Jul 08, 2021 6:48 pm, edited 1 time in total.
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 3:54 pm

With that settings I give some clue & hint for someone...
Simply "copy" broadcasted mDNS/SSDP between VLANs.
No something named "mDNS proxy" required...
not in the case of using a Routerboard without a switch chip or with a limited one (like RB4011).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 3:59 pm

I do not have one 4011 to do some test, sorry :(
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 4:40 pm

I think the real problem is Wireless: be always on another switch, not on RTL8367
Last edited by rextended on Thu Jul 08, 2021 6:47 pm, edited 1 time in total.
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 5:01 pm

I don't have the wireless version. the problem is the RTL8367, it does not support anything besides the same as a $10 switch. anyway, I don't use it, just the SFP+ port.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Thu Jul 08, 2021 6:31 pm

Ok, "solved"
Install multicast separate package and configure PIM:
https://wiki.mikrotik.com/wiki/Manual:R ... _.28PIM.29

The Protocol independent multicast (PIM) can receive cast from one vlan and re-cast to another,
this forward mDNS (Apple) / SSDP (all the Others) multicast packet between VLANs and you do not need other things,
except for next step on firewall rules between VLANs connections.

mDNS: UDP packet with source as device IP, standard random port for source, destination multicast 224.0.0.251 port 5353
mDNS Query: UDP packet with source as device IP, port 10101, destination multicast 239.255.255.251 port 10101
SSDP / UPnP: UDP packet with source as device IP, standard random port for source, destination multicast 239.255.255.250 port 1900
WS-Discovery: UDP packet with source as device IP, standard random port for source, destination multicast 239.255.255.250 port 3702

All this do not change my disbelief on need separation from IoT and home private network.
(On home point of view, business/work is another thing...)
 
LaSepp
just joined
Posts: 4
Joined: Tue Feb 23, 2016 10:20 pm

Re: mDNS repeater feature

Thu Jul 08, 2021 7:03 pm

I'm also in the same boat, having to get mDNS accross different interfaces (not just VLANs!).

In my use case I'm running Apple Airport as audio streaming receiver at a dance studio.

Audio needs to be sent from the wired devices that are inside the office VLAN (they need to be to get access to the internal systems) and also from the teacher devices that are joined into the network via wireless. At the moment both are in the same network, but I would prefer to move the teachers that are partly contractors into an isolated network where they can get internet and do streaming but cannot connect to the other internal systems.

As a bonus it would be great to be able to use AirPrint (mDNS) enabled Printers via the VPN connection from the home office site from the iPhone / iPad of the owner.

At the moment there is a linux VM connected to multiple VLANs and bridged to the remote site via EOIP running mDNS Repeater to get this functionality. Would be great if it could just be enabled on the MT Routers.

It's by no means a must feature, but as more and more devices are switched to mobile and automagical configuration it could keep some admins sane trying not to just put everything into one big network and hope for the best....


Also about PIM:
I tried setting it up, but mDNS requests are marked as not routable, so PIM simply ignores them....
If there is a simple workaround I would like to hear it, would save me a ton of work.
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 184
Joined: Mon Apr 27, 2020 10:14 am

Re: mDNS repeater feature

Thu Jul 08, 2021 7:55 pm

By the looks of it, L2 segregation for the mentioned above cases is an illusion of safety.

I understand the reason why you would want to put IoT devices under a separate VLAN. For instance, you bought a no-name smart light bulb on eBay and you don't want it to access your NAS and upload its content to the internet. But you want to be able to turn on/off the bulb from your PC/smartphone. Then why not put your PC/smartphone under both IoT and NAS VLANs? Then PC will be able to access both IoT and NAS devices, but IoT cannot access NAS.

What you are trying to do, is to segregate the network on L2 (via VLAN), but then combine it together on L3 (via inter-VLAN routing). Without a firewall, there is no safety here, only an illusion of it. Yes, IoT devices on one VLAN cannot do neighbor discovery, but with inter-VLAN routing, nobody prevents them to scan the routed network (unless a properly configured firewall). For example, your PC VLAN 10 IP 192.168.10.1/24 accesses a spyware light bulb on VLAN 20 IP 192.168.20.31/24, then the bulb scans the source network (e.g.
nmap -sn 192.168.10.0/24
), finds a NAS at 192.168.10.75 and does nasty things with that.

Of course, you can configure the firewall to allow traffic only from VLAN ID 10 to 20, but backward - only within the established connections (btw, it won't work in case of mDNS due to multicast), but IMHO that's overcomplicated.

It is much easier to assign PC to both VLANs with IP 192.168.10.1/24 and 192.168.20.1/24 for VLAN 10 and 20 respectively and to prevent (by simply not creating) routing between 192.168.10.0/24 and 192.168.20.0/24 networks.
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1244
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: mDNS repeater feature

Thu Jul 08, 2021 8:36 pm

Of course, you can configure the firewall to allow traffic only from VLAN ID 10 to 20, but backward - only within the established connections (btw, it won't work in case of mDNS due to multicast), but IMHO that's overcomplicated.
Surely that is one of the necessary precautions.
And that's where mDNS repeater would come in handy - so you can easily make the router transparent for mDNS, leaving router's firewall to work the usual way - allowing new connections only from trusted networks to untrusted, but not vice versa.

But now I wonder if the approach with PIM that @rextended suggested will do the trick...
 
mafiosa
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: mDNS repeater feature

Thu Jul 08, 2021 10:39 pm

To those people asking for mDNS, can you give examples where it will be useful?
Rextended provided solutions for the given examples. Maybe there are more examples?
I have two VLANs one for LAN and one for WLAN. I want to cast my screen from the desktop in the LAN to my smart tv in WLAN. I use mikrotik because I need vlan segregation. Else would have gone with any other ASUS AC/AX router. Thats why I need MDNS.
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.1
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Fri Jul 09, 2021 6:19 pm

@rextended Thanks for the workaround idea, but, for now, there is no multicast package for the ROS 7.x.

@raimondsp I don't understand the resistance against mDNS repeater, yes could be complicated to have all of them correctly configured, but still, I don't get it. Also, putting the phone in the untrusted vlan is not an option, as, in my case, I need to use some services on it. Also, it is not only phones using mDNS, laptops too.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Fri Jul 09, 2021 6:23 pm

I do not consider RouterOS 7 until at least first stable version coming out (except 7.0.3 for Chateau LTE12 than I do not have)
 
benoitc
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Jul 08, 2020 12:33 am

Re: mDNS repeater feature

Fri Jul 09, 2021 6:44 pm

>>>you have an IoT gadget It might not need internet so you want to block internet access for it
Simply do not provide a gateway and DNS on lease

>>>you can use IP firewall filter if you know gadget's IP address
...no...

>>>The later part can be tricky with IPv6 and dynamic addresses...
...no... go out only know/allowed devices, if anonymize MAC, never go out

>>>but you can still filter that according to gadget's MAC address
...ok....

>>>But even that is not fail safe, Apple in particular (and others as well) started to "anonymize" MAC address...
do not buy Apple devices... or filter device with "2nd lower bit set" (000000!0) .. I do not know if is legal to change randomly the MAC (how much random?)

>>> good luck catching that.
...but on this way you still have MAC allowed to out, not a list of blocked MAC....

>>>user might want to restrict access of device to LAN services
why? what can do a device without internet to a light bulb, to a PC? etc.?.

>>>And that's not easy to do if all devices belong to same L2 network.
...really... is easy....

>>>Having separate L2 network for IoT devices solves all above mentioned problems
...yes but... still no see any problem with IoT devices on same L2 network of my PC...
You answer is a nonnse se as well. VLAN N allows different connections profile. Eg. You may not want to have IPV6 RA on a VLAN or use a different addressing for IOTs. You may want to only let 20Mbps throughtput to TVs. You also want IOT devices connected to the net but not allow them to discover other devices in the house. You may also want to only allows 2 VLAN to access to the same devices but let others vlans out.

There are plenty of uses cases afaik. You can't rely on mac addressing or even ips to make proper tules. In large networks this is near impossible.

As I understand you don't see any interrest to it and it may be useful you provide your own solutions to manages printers, some iot devices (like chromecast, apple tvs, ...) which can be useful for some. But afaik mDNS has some uses cases. A,nd it would be useful to have a package for it.
 
benoitc
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Jul 08, 2020 12:33 am

Re: mDNS repeater feature

Fri Jul 09, 2021 6:48 pm


It is much easier to assign PC to both VLANs with IP 192.168.10.1/24 and 192.168.20.1/24 for VLAN 10 and 20 respectively and to prevent (by simply not creating) routing between 192.168.10.0/24 and 192.168.20.0/24 networks.
I had to look, but this is apparently not something possible on an iPhone or an iPad :/
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Fri Jul 09, 2021 6:54 pm

@benoitc I think you misunderstood again.
That post is not addressed to you.
I don't want discuss about that.

I just try to help to find one alternative solution UNTIL mDNS is available.
 
benoitc
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Jul 08, 2020 12:33 am

Re: mDNS repeater feature

Fri Jul 09, 2021 9:43 pm

@benoitc I think you misunderstood again.
That post is not addressed to you.
I don't want discuss about that.

I just try to help to find one alternative solution UNTIL mDNS is available.
I was just describing the utility of segregating devices none vlan while wanting to access to them from others. (eg. controlling throughput or controlling who is there before anything).

I will try your solution with PIM. The thing is that normally mDNS multicast is scoped to its subnet. so unsure how it will work when the ip is announced to the other subnet. mdns repeater are acting as proxy or such thing.
 
Xelanc
just joined
Posts: 1
Joined: Sun Aug 01, 2021 2:18 am

Re: mDNS repeater feature

Sun Aug 01, 2021 2:32 am

To those people asking for mDNS, can you give examples where it will be useful?
Rextended provided solutions for the given examples. Maybe there are more examples?
Hi Thanks for asking examples , I bought the MikroTik as extra router behind the router of my provider and defined 2 subnets on it. One for IOT and one for my Home PC's. I moved the IOT devices to the IOT subnet including the Philips HUE. This is not working anymore behind the MikroTIk router. I spend ours googling and wondering why it's traffic was not routed upstreams. Then I found HUE is generating MDNS traffic, I captured some of these packets. I tried to install the igmp-proxy package and see if that would help but no success. Hopfully there can be a solution for this.

192.168.100.51 is the Hue, connected to Ether2 , Ether1 sits on the upstream router network 192.168.2.X, the upstream router 192.168.2.254 seems not to get the MDNS and Multicast packets so it cant futher route them to the internet.

(screenshot link will stop working after 14 days no view)
Image
 
dgm
just joined
Posts: 1
Joined: Wed Aug 04, 2021 11:07 am

Re: mDNS repeater feature

Fri Aug 06, 2021 10:43 am

To those people asking for mDNS, can you give examples where it will be useful?
Rextended provided solutions for the given examples. Maybe there are more examples?
On a hotspot network with 100 to 1000 or more devices on a network, one usually blocks multicast traffic, and adds client isolation. It would be handy to be able to reach AppleTV's or Chromecasts on a different VLAN, MDNS would be useful for this. This way we can still ensure proper efficiency and security on the main hotspot user VLAN, as well as give them access to the needed media services, without hotspot users being able to access each other.
 
User avatar
kiler129
Member
Member
Posts: 330
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Re: mDNS repeater feature

Fri Aug 06, 2021 9:09 pm

Yes, mDNS is really a needed feature. Also, it's a VERY small and lightweight userland daemon. I run a VM with avahi and it doesn't really use any CPU while sitting in low single digits for memory usage. Additionally, it will literally need interfaces assignment and no other complex configuration.
 
DarkNate
Member
Member
Posts: 397
Joined: Fri Jun 26, 2020 4:37 pm

Re: mDNS repeater feature

Sat Aug 07, 2021 12:13 pm

Allow inter-VLAN routing, allow multi-cast routing on LAN, don't block Multicast subnets. Problem solved.

https://en.wikipedia.org/wiki/Multicast_address
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Sat Aug 07, 2021 12:24 pm

@DarkNate, if for some reason you read my posts, you can notice I never suggest to use "drop bogon", except for prevent IP spoofing on WAN,
but this forum, the web, and also some mikrotik guide put 224.0.0.0/4 as bad_ipv4, like must be dropped, IGNORING THE SOURCE, or someone dies...
https://help.mikrotik.com/docs/display/ ... d+Firewall

Toom much copy&paste without know what is doing

from ros guide:

ROS HELP code

/ip firewall address-list
[...]
  add address=224.0.0.0/4 comment="defconf: multicast" list=no_forward_ipv4
[...]
/ip firewall filter
[...]
  add action=drop chain=forward src-address-list=no_forward_ipv4 comment="defconf: drop bad forward IPs"
  add action=drop chain=forward dst-address-list=no_forward_ipv4 comment="defconf: drop bad forward IPs"
[...]

But on page, you also linked:
224.0.0.251 Multicast DNS (mDNS) address, Routers must not forward these messages outside the subnet from which they originate
The IANA has reserved the range 224.0.0.0 to 224.0.0.255 for use by network protocols on a local network segment.
Packets with an address in this range are local in scope and are not forwarded by IP routers.
Packets with link local destination addresses are typically sent with a time-to-live (TTL) value of 1 and are not forwarded by a router.
Within this range, reserved link-local addresses provide network protocol functions for which they are reserved.
Network protocols use these addresses for automatic router discovery and to communicate important routing information.
For example, Open Shortest Path First (OSPF) uses the IP addresses 224.0.0.5 and 224.0.0.6 to exchange link-state information.
IANA assigns single multicast address requests for network protocols or network applications out of the 224.0.1.xxx address range.
Multicast routers forward these multicast addresses.
 
DarkNate
Member
Member
Posts: 397
Joined: Fri Jun 26, 2020 4:37 pm

Re: mDNS repeater feature

Sun Aug 08, 2021 2:03 am

@DarkNate, if for some reason you read my posts, you can notice I never suggest to use "drop bogon", except for prevent IP spoofing on WAN,
but this forum, the web, and also some mikrotik guide put 224.0.0.0/4 as bad_ipv4, like must be dropped, IGNORING THE SOURCE, or someone dies...
https://help.mikrotik.com/docs/display/ ... d+Firewall

Toom much copy&paste without know what is doing

from ros guide:

ROS HELP code

/ip firewall address-list
[...]
  add address=224.0.0.0/4 comment="defconf: multicast" list=no_forward_ipv4
[...]
/ip firewall filter
[...]
  add action=drop chain=forward src-address-list=no_forward_ipv4 comment="defconf: drop bad forward IPs"
  add action=drop chain=forward dst-address-list=no_forward_ipv4 comment="defconf: drop bad forward IPs"
[...]

But on page, you also linked:
224.0.0.251 Multicast DNS (mDNS) address, Routers must not forward these messages outside the subnet from which they originate
The IANA has reserved the range 224.0.0.0 to 224.0.0.255 for use by network protocols on a local network segment.
Packets with an address in this range are local in scope and are not forwarded by IP routers.
Packets with link local destination addresses are typically sent with a time-to-live (TTL) value of 1 and are not forwarded by a router.
Within this range, reserved link-local addresses provide network protocol functions for which they are reserved.
Network protocols use these addresses for automatic router discovery and to communicate important routing information.
For example, Open Shortest Path First (OSPF) uses the IP addresses 224.0.0.5 and 224.0.0.6 to exchange link-state information.
IANA assigns single multicast address requests for network protocols or network applications out of the 224.0.1.xxx address range.
Multicast routers forward these multicast addresses.
224.0.0.0/4 should be dropped from WAN not LAN
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Sun Aug 08, 2021 2:52 am

That's the point: the MikroTik help and other "guides" incorrectly drop all regardless if are needed on LANs...
 
DarkNate
Member
Member
Posts: 397
Joined: Fri Jun 26, 2020 4:37 pm

Re: mDNS repeater feature

Sun Aug 08, 2021 11:15 am

That's the point: the MikroTik help and other "guides" incorrectly drop all regardless if are needed on LANs...
Don't know, I review every rule/config line by line from guides, no blind copy/paste, so never had broken problems before.
 
User avatar
kiler129
Member
Member
Posts: 330
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Re: mDNS repeater feature

Mon Aug 09, 2021 9:28 pm

Allow inter-VLAN routing, allow multi-cast routing on LAN, don't block Multicast subnets. Problem solved.

https://en.wikipedia.org/wiki/Multicast_address
Have you actually tested it or just blindly linked the wikipedia page? mDNS traffic is marked to never cross the subnet and so that even if you forcefully forward it devices which support the protocol properly will simply ignore it. You need an mDNS proxy/router which is responsible for handling mDNS announcements between subnets.

https://networkengineering.stackexchange.com/a/72933 see that for good summary
Even IETF had a document about the issue: https://tools.ietf.org/id/draft-bhandar ... ay-00.html
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Tue Aug 10, 2021 10:42 am

Lets just remember that there is a open source implementation of it called avahi (that is actually what runs under the hood on EdgeMax routers for mDNS).

Most people here against, never used mDNS, so they didn't test it. also, there is no multicast package on 7.1 yet.
most people here for it, have used before and can't believe that this is not present on RouterOS.
 
vio2fi
just joined
Posts: 3
Joined: Fri Jul 30, 2021 2:05 am

Re: mDNS repeater feature

Sun Aug 15, 2021 1:05 am

Yes, the question is, why separate the IoT, if you don't really need to separate ?
I just wanted my guest network to be able to connect to the chromecast on the main network while being able to rate limit the whole guest network by simple queues, this might not be the right way but it was the easiest way for me to do it, I also wanted to setup a network only for IoT devices with no internet access, but further diving into this has only brought me across jank solutions.

I am perplexed by the hesitation to have mDNS by mikrotik (just looking on the forums there are multiple threads of such discussions)

Frankly I can't comprehend the replies by the staff on this thread, and some of the replies are just fear-based rather than factual, and no examples given based on real-world scenarios.
FE;
How will having an mDNS server make these devices be able to access the internet? Unless your devices have already been compromised that doesn't sound right! Actually it sounds very paranoid, being scared of something on the small chance that it might happen? Then why connect to the internet at all?

And let's say even if the IoT devices were able to query local devices through mDNS how will they get internet access if the network they're on is unable to?

So far the only solution I could find was having to buy a pi just to be able to run an mDNS server, as chronicled here,
viewtopic.php?t=160966
This actually hurt reading, the poor guy spending months on what should be plug and play tbh.
Anyway, it has been a tiring day and I'm just more frustrated that the solution to such a simple problem has not been implemented despite so many threads on the forum about this very issue
 
OlofL
Member Candidate
Member Candidate
Posts: 102
Joined: Mon Oct 12, 2015 2:37 pm

Re: mDNS repeater feature

Mon Aug 16, 2021 11:56 am

Yes, the question is, why separate the IoT, if you don't really need to separate ?


Because the IOT device might have more than one service that its broadcasting. And with a mDNS repeater function, you could chose which services to rebroadcast on another network. And then firewall to only allow the specific features you want. My device broadcasts file server, ssh server, vnc server functionality. It would be great to filter those.

I use mDNS repeaters a lot, for instance for guest access to internal apple-tv airmirror, for printer functions etc...

It is easier to separate the network functions IOT/printer/client/server etc. It is cleaner. It is easier creating firewall rules.

Also, you might want to deny internet access from the IOT LAN.
IOT might have different security policies compared to enterprise LAN...

Do I need to go on?

I dont understand why this needs to be "explained" to mikrotik staff... lol

Right now I do this in my Aerohive AP's instead.
 
User avatar
archerious
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: mDNS repeater feature

Wed Aug 25, 2021 2:08 am

Yes, the question is, why separate the IoT, if you don't really need to separate ?


Because the IOT device might have more than one service that its broadcasting. And with a mDNS repeater function, you could chose which services to rebroadcast on another network. And then firewall to only allow the specific features you want. My device broadcasts file server, ssh server, vnc server functionality. It would be great to filter those.

I use mDNS repeaters a lot, for instance for guest access to internal apple-tv airmirror, for printer functions etc...

It is easier to separate the network functions IOT/printer/client/server etc. It is cleaner. It is easier creating firewall rules.

Also, you might want to deny internet access from the IOT LAN.
IOT might have different security policies compared to enterprise LAN...

Do I need to go on?

I dont understand why this needs to be "explained" to mikrotik staff... lol

Right now I do this in my Aerohive AP's instead.
Couldn't agree more, the fact that Ubiquiti has had this feature for years is embarrassing. MikroTik is superior in routing, software,e and hardware, so I don't understand why they are allowing Ubiquiti to have an advantage over them. Mdns is extremely important for pro-sumers, the exact crowd that buys MikroTik for SOHO.

I've had several customers upset that their guest wifi cannot use airplay from the regular wifi, leading them to give their main wifi password to guests.....and regret it.

Stupid, stupid, stupid.

Just use Avahi or something else @MikroTik!
CCR2116 Former: RB4011, UDM-Pro, CCR2004, hEX, ER4
USW-24-Poe, USW Aggregation Switch, and Cisco Catalyst 1000-24P-4X-L Former: Ubiquiti XG-16 & ES-10X
Wireless Wire
 
infabo
Member Candidate
Member Candidate
Posts: 295
Joined: Thu Nov 12, 2020 12:07 pm

Re: mDNS repeater feature

Wed Aug 25, 2021 10:10 am

But why do you not just put the printer to guest wifi instead? This is the recommended way to do it - according to discussion. No need to "hide" the printer in a "regular wifi". :lol:

But just kidding. I do not get it either, why people argue so much against mdns repeater.
 
onnoossendrijver
Member
Member
Posts: 459
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: mDNS repeater feature

Wed Aug 25, 2021 1:31 pm

In a network where I need mDNS repeater I placed a small linux box running avahi (could be a Raspberry PI) with interfaces in both vlans.
This works really great.
Offcourse disable routing and/or configure the local firewall correctly...
Linux/network engineer: ITIL, LPI1, CCNA R+S, CCNP R+S, JNCIA, JNCIS-SEC
 
carabila
just joined
Posts: 1
Joined: Sat Aug 21, 2021 2:18 pm

Re: mDNS repeater feature

Fri Aug 27, 2021 1:13 am

+1 to have mDNS in RouterOS.
 
CyBuzz
just joined
Posts: 23
Joined: Wed Sep 09, 2020 11:51 pm

Re: mDNS repeater feature

Mon Aug 30, 2021 2:23 am

Another example is to put your printer on a vlan for the same reason, you want it upgradable/maintainable remotely . But you want also to make it discoverable easily.


Exactly my use case
 
mjbnz
just joined
Posts: 13
Joined: Thu Aug 06, 2020 3:05 pm

Re: mDNS repeater feature

Wed Sep 01, 2021 7:32 am

Yes, the question is, why separate the IoT, if you don't really need to separate ?
The biggest reason I can think of, is that you might have ethernet connected IoT devices in publicly accessible locations - you don't want your trusted network to be on the end of that cable. (CCTV is more likely than IoT, but the point is still the same)
 
marine88
newbie
Posts: 31
Joined: Wed Mar 20, 2019 6:33 pm

Re: mDNS repeater feature

Mon Sep 06, 2021 2:32 am

+1 to have mDNS in RouterOS.
 
RhoAius
just joined
Posts: 9
Joined: Fri Jul 12, 2019 10:47 pm

Re: mDNS repeater feature

Mon Sep 06, 2021 11:03 am

A good practice for IOT on their own vlan is for limiting broadcasts.
You may want L3 connectivity to the devices but you may not like their "chatty" nature on L2.
With the rise of IOT devices it is easy to have 20+ devices on a network that broadcast constantly thus slowing down the network.
Gigabit ethernet and PCs will not feel this effect much but WiFi 5 and bellow or anything not as performant as a PC (ex TV, rpi) can exhibit slowdowns and strange behavior.
 
iegg
just joined
Posts: 18
Joined: Thu May 27, 2021 10:13 pm

Re: mDNS repeater feature

Tue Sep 07, 2021 1:26 pm

For the time being I will install avahi on a Raspberry Pi, however I would really like to have a mDNS proxy feature available in RouterOS. Some clients (seems like MacOS needs it for the scanner of my MFP) need mDNS in order function properly, so it's just nonsense to say that there is no use for it. And yes, I strongly disagree to say that we shouldn't put IoT devices in a separate VLAN: I want to control my network, i do not want those devices to control my network. Firewall rules for inter VLAN routing should of course be implemented.
 
mafiosa
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: mDNS repeater feature

Wed Sep 08, 2021 2:43 pm

In v7.1 RC3 docker support is added so anyone who has/ will try implementing mDNS via container?
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.1
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Wed Sep 08, 2021 2:46 pm

Please keep all Container related questions and feedback to the specific topic: viewtopic.php?f=1&t=178342&p=878204
 
jookraw
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Aug 19, 2019 3:06 pm

Re: mDNS repeater feature

Thu Sep 09, 2021 1:59 pm

In v7.1 RC3 docker support is added so anyone who has/ will try implementing mDNS via container?
It would need to be able to attach docker interfaces to each vlan on the existing bridge (as it needs to be on the same broadcast domain), if possible it could work, but, still not good as a native mDNS repeater / Avahi package for ROS.

I don't think that docker / containers are the solution for the need discussed here.
 
control4
just joined
Posts: 2
Joined: Fri Sep 10, 2021 5:26 am

Re: mDNS repeater feature

Fri Sep 17, 2021 8:12 pm

Glad to find this thread and I am having problems on this as well. Hope that there is a work around for being able to Airplay music to the different zones or even air print when we are on a different VLANs.

As more and more residentials and offices are getting more “Smarter” due to the huge increase of IoT products, it actually make sense to make sure they are on a different VLANs. Most Smart bulbs and other IoT devices are Wi-Fi based hence you do not want them to bog down that particular network when everything is on the same subnet.

In regards to multicast, I am still trying to figure out how to configure it correctly as I’ve a RB3011 with a UniFi 48 Pro POE switch and trying to configure to make sure the VLANs for Video Over IP works and properly configured but no luck.
 
vfreex
just joined
Posts: 10
Joined: Sat Dec 05, 2020 8:49 pm

Re: mDNS repeater feature

Wed Sep 29, 2021 8:15 pm

For those who are interested, I have a simple mDNS reflector developed by myself and running in Docker. It is just hundreds lines of code in C, supporting both ipv4 and ipv6: https://github.com/vfreex/mdns-reflector
 
linedpaper
just joined
Posts: 1
Joined: Tue Nov 23, 2021 7:56 pm

Re: mDNS repeater feature

Tue Dec 07, 2021 10:59 pm

Just got my first mikrotik and sad to see this is still not a feature. Second guessing my rb5009 purchase over the Ubiquiti option, hopefully it gets added soon.
 
eduplant
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Tue Dec 19, 2017 9:45 am

Re: mDNS repeater feature

Sat Dec 11, 2021 10:20 am

For those who are interested, I have a simple mDNS reflector developed by myself and running in Docker. It is just hundreds lines of code in C, supporting both ipv4 and ipv6: https://github.com/vfreex/mdns-reflector
I haven't done any testing yet but this looks really useful. My workaround from this point has been a VLAN trunk to a raspberry pi with unnumbered interfaces running avahi in reflector mode. I'll report back after I've had a chance to dig into v7 and containers.

Regarding the need for mDNS reflectors, I figure I'll add my two cents in case staff makes another appearance on the thread. In theory, nobody should *need* an mDNS reflector. In fact, the aforementioned avahi didn't implement a reflector until later and you have to turn it on in the config. avahi's primary purpose was simply being an mDNS advertisement daemon for service discovery on Linux.

The previous posters talking about routable multicast have sort of the right idea. If you need link local multicast to leave the LAN, then maybe you shouldn't use link local multicast and instead a proper routable multicast group. Agreed! Unfortunately we all are stuck with the implementation decisions that Google (Chromecast/Home/etc), Apple (Airplay/Homekit/etc), and every other IoT vendor have made. They apparently cannot fathom why anyone would be using the devices on a network more complicated than a single Ethernet broadcast domain.

In a home environment, it's true that very few people actually need multiple VLANs and to put themselves in the situation where an mDNS reflector is required. However, a lot of these protocols are not limited to the home and there may be more business use cases than you think that could stand to benefit from this. In larger enterprise/campus networks, for example, it is often no longer acceptable to land wireless clients from controllerized wireless infrastructure directly onto the same LANs as the wall jacks. When there are BYOD users on wireless in a conference room that want to present to a wired AppleTV/Chromecast, you suddenly have a problem. This has been a problem in higher education for years and is becoming more and more common in any institutional environment that has conference rooms.

The solution to this is either proprietary full-stack replacements that speak Airplay/Chromecast and include their own mDNS replacement or for the networking vendors to support a native mDNS proxy. In the US, folks in higher ed have been grumpily lobbying Apple for almost a decade now [1] to just ditch the mechanism. Ultimately, vendors like Cisco saw the need and responded by implementing mDNS proxies in their wireless controllers [2]. Maybe Mikrotik can follow, too?

[1] https://www.cultofmac.com/182919/educat ... x-bonjour/
[2] https://www.cisco.com/c/en/us/td/docs/w ... ur-DG.html
 
rplant
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Fri Sep 29, 2017 11:42 am

Re: mDNS repeater feature

Tue Dec 14, 2021 1:18 am

For those who are interested, I have a simple mDNS reflector developed by myself and running in Docker. It is just hundreds lines of code in C, supporting both ipv4 and ipv6: https://github.com/vfreex/mdns-reflector
Cool, I installed this on a hap ac2, it seems to work ok, and appears to take up very little ram, and the executable is tiny.
Unfortunately, I needed to use a couple of VLans on the veth so need scripting to enable them first.
Ideally I would like no scripting, so could potentially remove all the other shell executables in the image.
Reducing likelihood of being owned (maybe).

Alternatively maybe Mikrotik could add this as a package...
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 209
Joined: Tue Jan 21, 2014 10:03 pm

Re: mDNS repeater feature

Sat Dec 25, 2021 3:12 pm

Can't PM you rplant. Mind explaining how you achieved this? Running openwrt / metarouter on 6.x?
 
PackElend
Member Candidate
Member Candidate
Posts: 198
Joined: Tue Sep 29, 2020 6:05 pm

Re: mDNS repeater feature

Mon Dec 27, 2021 10:53 pm

For those who are interested, I have a simple mDNS reflector developed by myself and running in Docker. It is just hundreds lines of code in C, supporting both ipv4 and ipv6: https://github.com/vfreex/mdns-reflector

:?: can you tell, if this is that the same approach as https://github.com/kennylevinsen/mdns-repeater mentioned in Setting up Avahi Reflector in Mikrotik
Finally solved this!

So from Mikrotik perspective, everything was set up properly. You might need IGMP proxy for some devices, but no need for PIM (some suggested that IGMP is not enough, even though every guide says it uses IGMP), just a simple IGMP-Proxy setup will do.

I have switched from avahi to this mdns reflector:
https://github.com/kennylevinsen/mdns-repeater
which was forked into a docker (https://github.com/monstrenyatko/docker-mdns-repeater) container mentioned further down the same discussion
With RouterOS 7.1rc3 .... would a docker image be usable?
https://github.com/monstrenyatko/docker-mdns-repeater

--------------
:?: by the way are you aware of
We will re-release container package soon. We wanted to improve security of the package, and make sure it does not have access to things it should not access. We will sandbox it more, re-evaluate all security aspects and will release it soon, when it is ready and completely secure.
said in v7.1rc3 adds Docker (TM) compatible container support
 
User avatar
broderick
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Mon Nov 30, 2020 7:44 pm

Re: mDNS repeater feature

Wed Dec 29, 2021 9:27 pm

Ok, I read most of the topics above, even though I am still trying to make sense of everything has been written.
No networking expert here, and I even didn't know that such a mDNS was a thing until a couple of days ago, so please bear with me.

I have a Mikrotik hAP ac² at the top of my home LAN (in my room). I also have a Plex server installed on a little Windows notebook. There is also a not-VLAn capable switch/ap in my dining room for guest-wifi purpose. My smart tv with the Plex app is plugged to the switch as well. They are all on the same subnet now, and of course the Plex app can reach and read media contents on the Plex server.

I'm going to change a bit my private LAN in the next few days. Ubuntu server is going to be installed on the little notebook and a Plex server, as a docker container, will be installed on it.
I am going to separate an ethernet port ( the same ethernet port which the switch is plugged to) from my Mikrotik bridge and create a new subnet on it in order to set firewall rules to isolate the switch from my main LAN mostly because of the guest wifi running on it. However, I still want the Plex app on my TV to reach and read media contents of the plex server on my ubuntu server which will remain in my main LAN/subnet. Plex server is going to be the only service accessible from another subnet (by my smart TV). I know that the best solution will that of setting up a vlan-capable switch and put the guest-wifi and my smart-tv on different VLANs in order to handle them with different firewall rules, but I'm not going to buy one..at the moment at least.

So, in your opinion what would be the best solution to achieve my goal only with the devices I have at the moment? Thanks
 
brotherdust
Member Candidate
Member Candidate
Posts: 120
Joined: Tue Jun 05, 2007 1:31 am

Re: mDNS repeater feature

Thu Jan 06, 2022 7:19 pm

Yes, the question is, why separate the IoT, if you don't really need to separate ?
Normis, as I'm sure you are aware, IOT devices have a notorious reputation for poor security practices. In order to limit the impact of these security problems, a conscientious network administrator will place these devices on separate VLAN. The VLAN provides an implicit context to apply additional security policies. The expectation that really _any_ IOT device is secure is foolish at best.

Providing a native mDNS/SSDP repeater would allow administrators to follow the good practice of keeping these devices in a separate security context, whilst also making it possible for the more user-friendly functions to work across contexts.

Please consider adding this functionality to RouterOS 7. It is sorely needed and has been requested across the forum by your customers for years.

Thank you!

Edit:
If the answer is “no”: since RouterOS 7 lacks a PIM dense-mode implementation (for now), maybe the clever guys on your team could come up with a workaround using PIM-SM and post a working example config to the docs?
 
invader zog
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Wed Jan 03, 2007 9:04 pm

Re: mDNS repeater feature

Fri Jan 07, 2022 1:52 am

I'd also like the feature.

All of my wireless, IOT, and entertainment devices are on one network (guest)
My servers and desktops are on another network (private)
I control and limit access from the guest to the private network

I'd like to be able to do a wireless sync of my iPhone from my desktop computer

If there are any suggestions/guides for how to accomplish this, I'd love to here. The only device I have that communicates on both networks is the MT, but I do have windows and linux servers running in my private network and could install a service there. I've been a MT user for decades now and am reasonably savvy with networking, but I don't know much about mDNS and forwarding broadcast traffic...
 
TonyJr
Member Candidate
Member Candidate
Posts: 206
Joined: Sat Nov 12, 2011 1:30 am
Location: UK
Contact:

Re: mDNS repeater feature

Tue Jan 11, 2022 11:53 am

If this is implemented, some kind of way to filter which devices/services are repeated and to which interface would be handy. Sometimes you may not want everything advertised.
 
User avatar
kennnnnnnneth
just joined
Posts: 24
Joined: Tue Mar 16, 2021 9:25 pm
Location: Northeastern US

Re: mDNS repeater feature

Wed Jan 19, 2022 1:45 am

Big upvote.

I agree with a lot of folks here that a classic multicast REFLECTOR*, which repeats any multicast packet from any VLAN back out to any other VLAN, would be a terrible idea that defeats the purpose of VLAN subnet security, even with a beefy firewall; it would effectively create a giant hole between your VLANs through which insidious traffic could travel.

However, a nice powerful multicast REPEATER*, with the ability to pick and choose the flow and protocol of the multicast packets being repeated, would be an exceptionally handy tool. Every enterprise vendor, almost all the prosumer vendors, and even a few consumer routers have some form of this implemented.

In ROS 6, I understand that building a multicast repeater would have been a high-effort, low-reward project for MT. However, as many have noted previously in this thread, this is a much easier package for MT to implement in ROS7, and I hope we see it in future releases.

Would it be BETTER if Apple, Google, etc caught up with the rest of the class and just implemented their services so that they talk inter-VLAN correctly (like so many enterprise IoT vendors already do)? Sure! Is that ever going to happen? Again, sure!... if you are willing to wait till 2035 to see it implemented.

Till then, we have to work around the incompetencies of Big Tech.

* According to most of stackoverflow, the key difference between a Reflector and a Repeater is that the former blindly repeats all multicast traffic on two or more interfaces, whereas the latter repeats only specific multicast traffic in certain circumstances.
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: mDNS repeater feature

Sun Jan 23, 2022 1:41 am

I don't understand why RouterOS's PIM-SM was suggested in the thread: it requires devices to enter / leave multicast groups via IGMP.

mDNS (Apple Bonjour) does not use IGMP, PIM-SM and IGMP-Proxy are useless for it.
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
User avatar
kennnnnnnneth
just joined
Posts: 24
Joined: Tue Mar 16, 2021 9:25 pm
Location: Northeastern US

Re: mDNS repeater feature

Tue Feb 01, 2022 11:02 pm

Till ROS7 has mDNS repeating capabilities, I went ahead and got VLANs and Avahi running on my RPi server running Raspbian (will work fine with other linux boxes).

I tagged the VLANs I wanted to reflect on the switch port, installed and configured the VLANs on the pi, and after some tinkering with the vlan and avahi files and a couple reboots (and adding Bonjour ports to ufw) it's properly repeating the multicast packets from my secure subnet (both wired and wifi) to my iot subnet (also wired and wifi) and vice versa. This allows me to airplay, airprint, homekit, etc across the VLANs.

I also had to go to the Filter firewall, and allow New/Established/Reply connections from the secure subnet to iot subnet, and allow Established/Reply from iot to secure.

If I had a sonos or chromecast some other mdns device, I'd probably also need to open those ports in ufw on the pi, but right now we're mostly an Apple household, so bonjour does all we need.

Use Wireshark (search parameter: mdns) and your tik's ARP table (to reference MAC addresses to devices, especially if you're using ipv6) to make sure you can see the mdns casts from your pi (or other linux box) containing the cast from the other subnet. In my case, I was looking for mdns packets from my pi on my secure subnet, which contained Apple bonjour mdns info from my Apple TV on the iot subnet. I go to my mac or idevice, go to some media like music or podcasts or whatever, hit the airplay button (triggers discovery for airplay devices on bonjour), and then check wireshark for those mdns packets.
I knew I was successful because 1) airplay worked, and 2) wireshark showed multicast packets from my pi containing things like:
PTR MacBook Pro._companion-link._tcp.local PTR Living Room Apple TV._companion-link._tcp.local
If anyone needs help doing that, let me know and I'll be happy to show you what I did.

Of course this isn't ideal, since now my homekit automations and printing are dependent on a pi server that I use for a variety of network testing and other homelab stuff so it's frequently offline. I may get a dedicated pi for this, they're only like $40, but it sucks to have to provision a dedicated appliance for such a tiny and lightweight service, and it's certainly not a solution that would scale well; it would be really convenient, and potentially more efficient and secure, to manage this in ROS.

The most accurate guide I could find to install and configure tagged VLAN interfaces on your pi running Raspbian: https://engineerworkshop.com/blog/raspb ... -networks/
I used this guide for Avahi, but the VLANs portion is totally incorrect for a pi running raspbian, though it sorta runs (as I found out the hardware), so just use it for teh Avahi instructions: http://chrisreinking.com/need-bonjour-a ... i-gateway/
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: mDNS repeater feature

Wed Feb 02, 2022 2:19 am

Avahi on your raspberry is reflecting mDNS, ROS does nothing here.
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
User avatar
kennnnnnnneth
just joined
Posts: 24
Joined: Tue Mar 16, 2021 9:25 pm
Location: Northeastern US

Re: mDNS repeater feature

Wed Feb 02, 2022 2:46 am

Avahi on your raspberry is reflecting mDNS, ROS does nothing here.
Yes, my pi is reflecting the mDNS, ROS can't do that yet, as I stated multiple times. Are you saying ROS does support reflecting mDNS? Or did you perhaps misread my last post :)
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: mDNS repeater feature

Wed Feb 02, 2022 2:50 am

Haha, I misread Till and TIL 🤦
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
User avatar
kennnnnnnneth
just joined
Posts: 24
Joined: Tue Mar 16, 2021 9:25 pm
Location: Northeastern US

Re: mDNS repeater feature

Wed Feb 02, 2022 2:53 am

Darn, you got my hopes up, I thought maybe they released the feature lol
 
CTSsean
newbie
Posts: 27
Joined: Fri Sep 15, 2017 12:56 pm

Re: mDNS repeater feature

Thu Feb 03, 2022 5:12 pm

Yes, the question is, why separate the IoT, if you don't really need to separate ?
Trust.

The same reason is why you firewall your input chain from the world... You can't always trust that people won't do the right thing. This is the reason for a LOT of vlans.

However with IoT, there are service needs that have to be met. Easiest example: Chromecast. You need to have mDNS to be able to search from a home / production vlan to the Chromecast device discover the device and set up the initial communication. Once you choose to cast to a specific device... your mobile device is taken out of the loop and the data is pulled from the server / internet service. However, doesn't mean you should trust that Chromecast on your home network. Google and other entities have proven that they want data at nearly all costs. Similar goes with Chinese security cameras.

The design of Chromecast (and other google products) is to capture data (while providing a cool service). We want to limit what PERSONAL data google can capture.
 
User avatar
Buckeye
Member Candidate
Member Candidate
Posts: 232
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: mDNS repeater feature

Tue Feb 22, 2022 8:26 am

Yes, the question is, why separate the IoT, if you don't really need to separate ?
I spend a lot of time on the Ubiquiti EdgeMAX forums, and there are many noob questions related to getting things to work across vlans.
In my opinion, many people use vlans without enough foundational understanding. They have just heard about how unsafe IoT devices are, and that the IoT devices should be kept separate, then find some recommendation for the ER-X, then come asking for help setting it up with vlans.
Then, soon after they get vlans working, they come back complaining that things don't work any more (chromecast, sonos, printer discovery, etc.)
I put mDNS repeater into the same class as UPnP. It is a bad idea from a security standpoint, but most home users are really more interested in ease of use than security, especially when it comes down to having to deal with family members' complaints about things that used to work no longer working.
These posts always remind me of the https://imgs.xkcd.com/comics/sandboxing_cycle.png cartoon.
If this does get added, it should not be the default. But I can understand why many people want it. It is a compromise between real security and no separation. Supporting mDNS repeater gives more separation than having everything in the same subnet/lan. It is the same argument for allowing a user to use https with "obsolete insecure ciphers" after making them make a manual exception vs. forcing them to use http with absolutely no protection.
FWIW, I don't use either UPnP or mDNS repeater. I just put the untrusted stuff on its own vlan with its own wifi SSID. That does mean I can't cast from my trusted PC, but I can live with that.
 
ishanjain
newbie
Posts: 35
Joined: Tue Sep 29, 2020 8:40 am

Re: mDNS repeater feature

Thu Apr 14, 2022 12:00 am

I am just echoing my use case here.

I have 4 private vlans for 4 homes and 1 common guest vlan across all 4 homes.
The TVs in each home sit in their private vlan but sometimes when guests arrive, They want to be able to cast to the TV.

Internet traffic in guest vlan is routed over a vpn and I do not want guests using the private vlans _BUT_ I also want them to be able to cast to the TVs.

Google cast(& Presumably apple's casting tech) requires mdns for discovery and simply will not work if it can't see the TV. It'll be nice to be able to allow specific mdns traffic to be repeated across vlans. It's less safe than isolating the two vlans completely but that will not work in my case.

If I tell them that guests simply can not cast to the TVs, They'll most likely end up sharing the private vlan's password with them and I think that's just worse. :/
 
User avatar
Buckeye
Member Candidate
Member Candidate
Posts: 232
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: mDNS repeater feature

Thu Apr 14, 2022 2:43 am

I have 4 private vlans for 4 homes and 1 common guest vlan across all 4 homes.
If I tell them that guests simply can not cast to the TVs, They'll most likely end up sharing the private vlan's password with them and I think that's just worse. :/
So you want your guest to be able to cast to another home? Isn't that what you are asking the ability to do, given you have "1 common guest vlan across all 4 homes."
I won't go into it more, because this thread isn't the proper place, but I think there are better solutions to your problem than mdns to a common guest network.
 
MartyMcSly
just joined
Posts: 1
Joined: Sat Apr 30, 2022 6:54 am

Re: mDNS repeater feature

Sat Apr 30, 2022 7:06 am

All this do not change my disbelief on need separation from IoT and home private network.
(On home point of view, business/work is another thing...)
Anyone who's had their home network locked up by ransomware would see the value in separate VLANs.

Especially if they need their home network to access their work VPN. Say, hypothetically, they might be working from home because of a pandemic, perhaps?

Many IoT devices are built to a price, so security is skimped. They are notorious for being attack vectors.

An IoT VLAN is pretty much home internet security 101 these days.
 
ishanjain
newbie
Posts: 35
Joined: Tue Sep 29, 2020 8:40 am

Re: mDNS repeater feature

Sat Apr 30, 2022 6:45 pm

So you want your guest to be able to cast to another home? Isn't that what you are asking the ability to do, given you have "1 common guest vlan across all 4 homes."
Yes, but this won't remain turned on _forever_. I'll only be turning on this repeater when I have some guests at home. (I am writing a wrapper for the mikrotik API and people in 4 homes will get a simple interface to turn this on/off)
 
vikinggeek
newbie
Posts: 47
Joined: Sat Aug 02, 2014 4:14 am

Re: mDNS repeater feature

Sat Apr 30, 2022 7:06 pm

I am writing a wrapper for the mikrotik API and people in 4 homes will get a simple interface to turn this on/off
Care to share? Looking for something similar such the wife/kids can turn on/off a feature without having access to the router.
 
craigxau
just joined
Posts: 3
Joined: Sat Apr 17, 2021 6:48 am

Re: mDNS repeater feature

Tue May 03, 2022 5:40 am

I too have a need for an mDNS repeater for the same reasons.

=> I segregate my networks
=> I have devices across multiple networks that i would like to see each others broadcasts (within limits)
=> I purchased a ton of mikrotik because i an not sheep and walk in a flock
=> i want and like to use the power of the equipment i purchased. Mikrotik is powerful like no other and mDNS is a valid feature request.
=> i am in a group of mikrotik user peers that respect each others opinion and collaborate not criticize
=> i choose to have a high degree of separation within my network
=> if you choose to dump all your equipment onto big flat networks then that's your choice and is totally ok. But not for me.

Adding this mDNS reflector feature would be appreciated. Thanks for your time.
 
Corbie
just joined
Posts: 16
Joined: Thu Apr 01, 2021 12:37 pm

Re: mDNS repeater feature

Wed May 04, 2022 4:40 pm

Ever home user needs mDNS.
I am a home user and do not need it.
Why is your assumption so absolute?
It is absolute-ly false.

My 4,000 contracts (home and business), corresponding to more than 16,000 people,
do not have it and no one has ever complained about it.

Please explain which critical part of the home network does not work without mDNS.

Thanks.
Guessing your customers are not spoiled as others :D

We have homestead with smarthome things implemented everywhere which have their own vlan. There is audiosystem around whole farm, which is connected to Loxone server( basically smarthome controller) but employee network is ofcourse on another vlan. And only way to control audioserver is via AirPlay where only mDNS or Bonjour or whatever apple bullshit works, you cannot manually add them so mDNS support would be our only solution. Now we have separate wi-fi for controlling the smarthome things but its kind of annoying for employees to need to switch wi-fi when they wanna change songs for example and then switch back if they wanna access company data. Its kinda specific problem but that doesnt mean there are none.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Wed May 04, 2022 5:18 pm

Use Alexa devices...
From my Office I can control devices at my Home (different cities and networks) with vocal commands... :lol:
 
mafiosa
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: mDNS repeater feature

Wed May 04, 2022 6:40 pm

Use Alexa devices...
From my Office I can control devices at my Home (different cities and networks) with vocal commands... :lol:
You will suggest everything else to prove that mikrotik doesn't need to implement mDNS. Such a simp!
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.1
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 7004
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy, but my Heart is in Україна

Re: mDNS repeater feature

Wed May 04, 2022 6:43 pm

Zerotier?

If mDNS proxy is implemented, the RFC is broken because on RFC mDNS must not be forwarded outside local LAN...
 
Corbie
just joined
Posts: 16
Joined: Thu Apr 01, 2021 12:37 pm

Re: mDNS repeater feature

Wed May 04, 2022 11:36 pm

Use Alexa devices...
From my Office I can control devices at my Home (different cities and networks) with vocal commands... :lol:
im gonna tell them to change system who cost them 20 000 euro :D (its more of home automatization then smarthome) but if i have to be honest we switched them to fortigate :D
 
bmann
just joined
Posts: 14
Joined: Sat Jan 05, 2013 2:10 pm

Re: mDNS repeater feature

Sat May 07, 2022 1:09 pm

I see mDNS proxy/repeater as valid feature request and understand why many people want such feature.
But do not understand why some people fight against it so dogged.

During decades networking evolved - we have switching (L2), routing (L3), VLANs, private VLANs, VRFs, VPNs etc. and all tends to separation/segmentation so recommending someone to
put everything to one L2 is strange.

@rextended
You fight mostly against mDNS here. But then you wrote:
"All this do not change my disbelief on need separation from IoT and home private network.
(On home point of view, business/work is another thing...)"

So if you see a value for business, why to deny the same value for home networks? If you do not want it, OK. But why to fight with people who want it.

@normis
Let me give you example of topology you may have at home:
- trusted wired LAN
- trusted (private) WLAN
- guest WLAN
- DMZ for NAS/servers etc,
- DMZ for IoT/media devices

So from 'trusted' LANs you have access to all DMZs, internet etc. And you need the option to cast to media devices in DMZ.
The guest WLAN has access only to internet, but ability cast to media devices. And of course DMZ devices are limited too.

So even if I need to allow some traffic and communication between trusted LANs and media devices, the media/IoT devices are still limited to access other parts of network.
Putting it to one flat L2 would give them more space than it is needed (and all devices are reachable mutually).
If I put media/IoT to separate L3 network, I can even isolate from each other and outside communicate is filtered by FW rules.


At the end it is Mikrotik's decision. It is not only about home networks, but too about small bushiness etc. Even big names can do mDNS repeater/forwarder in some products as in business it is expected to have separated networks. And it is Mikrotik's decision if they aim to business or not.
 
hapoo
newbie
Posts: 34
Joined: Wed Apr 24, 2019 1:35 am

Re: mDNS repeater feature

Mon May 09, 2022 7:29 pm

Another vote here for the feature.

If I'm away from my network and I VPN in, services that rely on mDNS are unavailable. It would be nice to be able to have mDNS requests go across from the VPN subnet to my main subnet. If anyone knows how to do this without an mDNS repeater feature, let me know.
 
whmcr
just joined
Posts: 2
Joined: Sun Jun 01, 2014 12:09 pm

Re: mDNS repeater feature

Mon May 09, 2022 9:46 pm

To those people asking for mDNS, can you give examples where it will be useful?
Rextended provided solutions for the given examples. Maybe there are more examples?
I've seen this implemented on networks using Aruba APs, specifically with AirGroup. The most common deployment reason I've seen is for AirPrint or AirPlay, ChromeCast to allow these devices in another network to be discovered by guests on other networks. Obviously appropriate firewall is required between the networks, or the segmentation is not as useful.

Who is online

Users browsing this forum: No registered users and 5 guests