Foris-controller mdns

aspadini · July 17, 2023, 7:18pm

Hello Team,

I’ve recently been playing with mDSN configuration in my home network, notably I wanted to prevent mDNS traffic in certain VLANs and especially I wanted to prevent the router to disclose its IP address via mDNS. While I know this can be achieved via dedicated firewall rules, I noticed that for each interface I defined on my Turris Omnia (TurrisOS 6.3.3), a foris-controller instance listening on port 5353 is being launched allowing clients to query the router itself.

Can anybody explain what’s the reason for this behaviour and how to prevent it? What if I want foris-controller to be active only on selected interfaces?

Many thanks in advance!

JardaB · July 17, 2023, 8:36pm

In my cursory layman’s view of the function and purpose of mDNS, you’re probably going about it the wrong way. You can find the function and behavior of mDNS in public sources for example (where port 5353 is listed)

aspadini · July 18, 2023, 4:24pm

Thanks for your input @JardaB, here the matter is different, the questions are:

Why is foris-controller keeping mDNS port open?

What’s the purpose (especially considering umdns and/or avahi being available)
How to disable foris-controller replies to mDNS queries and prevent the process to disclose router information

Why a separate foris-controller instance is being created for each interface

What’s the purpose
How to disable and/or prevent this behaviour

root@turris:~# lsof -i :mdns
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
foris-con 4671 root   10u  IPv4  45125      0t0  UDP *:mdns
foris-con 4671 root   13u  IPv4  45144      0t0  UDP 192.168.x.1:mdns
foris-con 4671 root   17u  IPv4  45145      0t0  UDP 192.168.y.1:mdns
foris-con 4671 root   18u  IPv4  45146      0t0  UDP 192.168.z.1:mdns
foris-con 4671 root   19u  IPv4  45147      0t0  UDP 172.16.x.1:mdns
foris-con 4671 root   20u  IPv4  45148      0t0  UDP 172.16.y.1:mdns
foris-con 4671 root   23u  IPv4  45151      0t0  UDP 172.16.z.1:mdns
foris-con 4671 root   24u  IPv4  45152      0t0  UDP localhost:mdns
umdns     5483 root    7u  IPv4  65652      0t0  UDP 192.168.x.1:mdns
umdns     5483 root    8u  IPv4  65654      0t0  UDP 224.0.0.251:mdns

EDIT: corrections

JardaB · July 18, 2023, 7:42pm

mDNS is not configurable, its behavior is a property of … i think
=´=´=
Multicast DNS (mDNS) is a zero-configuration protocol that lets you perform DNS-like operations on the local network in the absence of a conventional, unicast DNS server. The protocol uses the same API, packet formats , and operating semantics as DNS, allowing you to resolve domain names on the local network. DNS Service Discovery (DNS-SD) is a protocol that allows clients to discover a list of named instances of services (such as test._ipps._tcp.local, or linux._ssh._tcp.local) in a domain using standard DNS queries. DNS-SD is most often used in conjunction with mDNS but isn’t dependent on it. They’re both used by many IoT devices, such as network printers, Apple TVs, Google Chromecast, Network-Attached Storage (NAS) devices, and cameras. Default port: 5353/UDP

aspadini · July 19, 2023, 6:08am

Thanks for your reply @JardaB. Still this is not answering my questions nor why foris-controller is acting as Multicast DNS responder

I’d suggest to have a read to RFC6762

JardaB · July 19, 2023, 8:09am

1- If you deactivate mDNS, the state on foris controller (is acting as Multicast DNS responder) persists or not ? Isn’t there a direct connection to the mDNS protocol activity ?

2 - Excuse my reasoning as a less knowledgeable user

aspadini · July 19, 2023, 9:41am

Not sure what you mean by “deactivate mDNS”, bottom line is that the router shouldn’t respond to a query unless a software such as, for instance, umdns or avahi is configured to. Still, even without any of this software installed, foris-controller is providing responses.

See an example of the output from dns-sd -q openwrt.local (“openwrt” is the hostname for my Turris Omnia)

DATE: ---Wed 19 Jul 2023---
11:38:22.789  ...STARTING...
Timestamp     A/R  Flags         IF  Name                          Type   Class  Rdata
11:38:22.790  Add  40000002      12  openwrt.local.            Addr   IN     192.168.x.1

You do not experience this behaviour in standard OpenWRT installation unless the afore mentioned software is installed and configured.

No worries, we are all learning, thanks a lot for your support.

JardaB · July 19, 2023, 3:25pm

I really don’t know how change to the non-configurable mDNS protocol to remove listening on port 5353. Kill process /etc/init.d/umdns ??

aspadini · July 20, 2023, 7:37pm

As said in my previous post

and in this specific case

Disabling umdns won’t change change the behaviour, in fact you can completely uninstall umdns but still you’ll get a response from the router as long as foris-controller is up and running.

/etc/init.d/foris-controller stop will do the trick but of course this will make the foris web interface unavailable.

@turris-admin It will be really great to have a foris-controller developer to chime in and provide some input and answer to my questions.

Many thanks in advance!

aspadini · July 21, 2023, 6:13am

Awaiting some official answer, I managed to disable foris-controller acting as Multicast DNS responder removing the --zeroconf-enabled --zeroconf-port "${remote_port}" parameters from /etc/init.d/foris-controller procd init script.

Not ideal, as this will likely be overwritten with the next TurrisOS upgrade, nor I know what are the implications. Hope we can get some input from developers.

Meanwhile I’m still investigating

ljelinek · July 21, 2023, 8:42pm

turris-admin isn’t a real user. It’s a special administrative account that can be used as a fallback when no normal forum administrator is available. Please don’t mention it.

The best way how to contact our developers it to send a message to our official support channel: tech.support@turris.cz. You can also write directly to our team members (you can find their e-mail addresses in Git commits) but this way isn’t reliable due to several reasons (e.g. some people leave our team and some other come, there are some transitions etc.).

piko · May 27, 2024, 6:21pm

Gents - any update on the topic? I’m trying to figure out something related to mDNS so would be great to have some clarification

cassianoleal · December 26, 2024, 9:45pm

I’d also like a solution to this. I prefer to run avahi for mDNS but for it to work properly I first need to use @aspadini 's suggested hack of editing /etc/init.d/foris-controller (thanks for figuring this one out!).

It would be great if there was some way to configure foris-controller so it wouldn’t listen on the mDNS port.