Wide Area Bonjour: probably not worth the hassle
I've been experimenting a little with Wide Area Bonjour. Or, if you want the neutral name for it, Wide Area DNS Service Discovery (DNS-SD). This is a technology that lets your computer register its IP address and services on a DNS server and make it available for internet consumption, even if you're behind a firewall.
Why would you want to do this? You might want access to files on your home network, wherever you are. Or you might want to use SSH to log in to your machines. Wide Area Bonjour can help you do this directly without the complications of setting up tunnels and so on.
Normal Bonjour advertises services on a local network via broadcast, and is very useful for automatic configuration and detection of services. The benefit of Wide Area Bonjour is that you can locate services even when you're not on your home network.
As implemented in Mac OS X, Wide Area Bonjour does two things: it registers your IP address against a DNS server, and if you have opted to advertise the services running on your Mac, it works with a UPNP or NAT-PMP capable router to expose these to the internet. For instance, if you control the domain bonjour.example.org your laptop might be available as my-macbook.bonjour.example.org.
So, be very careful if you try this: you might think you're safely behind your router's firewall, but if you enable this service, direct internet access to your machines is possible.
If you want to experiment with setting up Wide Area Bonjour, you need access to a DNS server that supports secure updates. Instructions for setting this up are available from the DNS-SD web site.
The story isn't so great for platforms other than Mac OS X. Linux's Bonjour stack, Avahi, is irksome when it comes to accessing resources from Wide Area DNS-SD servers, and lacks the capability altogether to publish services. So, in the main, Wide Area Bonjour remains a Mac-only game.
At the end of the day, if you want to expose services from your home network, the traditional solution of using dynamic DNS and the DMZ or port forwarding on your router is going to be easier to set up and manage.
Back to My Mac
As part of their MobileMe services, Apple have bundled up Wide Area Bonjour with secure IPv6 connectivity and created "Back to My Mac". It's a much easier way to access your home network resources over the internet, although obviously a paid-for service. It's what I'll be sticking with for now. However, it's nice to know how all the bits inside it work!
Comments [1]