Dan,
> On Sep 10, 2024, at 2:08 PM, Dan Wing <[email protected]> wrote:
>> ...
>> Why ask to use some non-defined magical system such as "bookmarks" when we
>> could instead
>> simply ask to push CNAMEs into DNS. Thats something we can define.
>
> As suggested in (*), a device with a long name can also advertise a short
> name (e.g., mDNS), allowing the user to visit "https://router.local"; (or
> "https://printer.local"; or "https://printer.home.example.net";, which is a
> CNAME to the long name. The client, encountering the long name, can then
> initiate the its bootstrapping to trusting (*) the long name
> ("https://router.ejfkejfkejfejkejfkjkej.local";), or if bootstrapping has
> already occurred the client would immediately see the router's (or printer's)
> HTTPS configuration page.
The method we've used for printers since Bonjour/mDNS/DNS-SD was invented has
been for printers to use unique mDNS hostnames (normally a vendor prefix
followed by some number of bytes from the MAC address) and then using SRV
records to define the "Friendly Name", which itself defaults to the make and
model, e.g.:
et0021b7017d7b.local -> Lexmark CS410dn
HPE073E7E6E4CF.local -> HP Color LaserJet Pro MFP 4301 [E6E4CF]
rollo-e5-47-f8.local -> Rollo X1040
This has the advantage of avoiding hostname conflicts in most circumstances and
providing a reasonable level of uniqueness for security's sake. Both the
hostname and service instance name are configurable ("Bob's Printer" and
bobs-printer.local).
Using CNAME tricks is certainly possible but I'm not sure how well supported it
is over mDNS. I know that my Ubiquiti gear hijacks the "unifi.local" hostname
for accessing the local Unifi controller, without a unique identifier or
redirects, and it provides a self-signed certificate for HTTPS access (which
yields the usual "this web site will steal your soul, continue?" warning from
the browser). I would much rather it redirect the browser to a unique mDNS
hostname (unify-XXXXXX.local or similar) but I also wouldn't expect more than
one active controller per network (for obvious reasons).
________________________
Michael Sweet
_______________________________________________
Anima mailing list -- [email protected]
To unsubscribe send an email to [email protected]
