<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<!-- $Id: mdnsproxy.html,v 1.4 2001/10/23 06:04:15 miyayama Exp $ -->
<html lang="ja">

<head>
<title>mdnsproxy specification</title>
<meta http-equiv="Content-Type" content="text/html; charset=Shift_JIS">
<link rev="made" href="mailto:idn-cmt@nic.ad.jp">
<link rel="stylesheet" type="text/css" href="spec.css">
</head>

<body>
<h1>mdnsproxy</h1>

<!-- =========================================================== -->
<hr>
<h2><a name="overview">Overview</a></h2>

<p>
mnsproxy receives DNS requests including local code-based multilingual domain names from the client and converts them to domain names that can be accepted by the multilingualized DNS. In reverse, it returns multilingual domain names included in responses from the DNS to a format that can be recognized by the client side.
</p>

<p>
Because of this, without modification, the client can use various multilingual domain names.
From the DNS server's point of view, because of client + mdnsproxy, the client operates as if it supports multilingual domain names.
</p>

<p>
However, in order for mdnsproxy to operate correctly, it is necessary for the resolver library of the client to transmit domain names in local encoding as is and does not cause an error. Regretably, many current UNIX resolver libraries are not 8-bit through and they cannot support multilingual domain names even when mdnsproxy is used. In such cases, it is necessary to use the following methods. 
</p>

<p>
Use resolver library for which <a href="spec.html#eightbitthru-patch">8-bit through patch of BIND 8</a> is applied. 
<!-- Instead of mdnsproxy, use runmdn or BIND-9 patch. -->
</p>

<p>
In addition, since mdnsproxy ignores <a href="resolvconfig.html#mdn_disable">the setting of the environment variable MDN_DISABLE</a> explicitly ,in spite of whether the environment variable MDN_DISABLE is set or not, the conversion of the domain names is performed.
</p>

<!-- =========================================================== -->
<hr>
<h2><a name="invoke">Invoke</a></h2>

<p>
The command line format used to start up mdnsproxy is as follows.
</p>

<blockquote>
<p>
<code>$ mdnsproxy</code> [<var>Option...</var>]
</p>
</blockquote>

<!-- =========================================================== -->
<hr>
<h2><a name="options">Options</a></h2>

<p>
mdnsproxy recognizes the following command line options.
</p>

<dl>
<dt><a name="opt-daemon"><code>-daemon</code></a>
  <dd>Activates mdnsproxy as a daemon.

<dt><a name="opt-config"><code>-config</code> <var>config-file</var></a>
  <dd>Indicates the configuration file. When the command line does is not used to indicate a configuration file, the default configuration file is used. The details of this are explained in the <a href="#config-file">Configuration file</a>.

<dt><a name="opt-logfile"><code>-logfile</code> <var>log-file</var></a>
  <dd>Specifies the file name for mdnsproxy to output the execution log. Unless otherwise specified, the execution log is output to the log file specified by the configuration file or the default log file.
</dl>

<!-- =========================================================== -->
<hr>
<h2><a name="config-file">Configuration file</a></h2>

<p>
mdnsproxy configuration information is written in the configuration file. The configuration file can be specified using a command line upon activation of mdnsproxy.
</p>

<blockquote>
<pre>
<code>% mdnsproxy -config</code> <var>&lt;config-file&gt;</var>
</pre>
</blockquote>

<p>
When the configuration file is not specified by the command line, the default configuration file is used. The default configuration file is <code>/usr/local/etc/mdnsproxy.conf</code> if mDNkit were installed under <code>/usr/local</code>.
</p>

<p>
The configuration file is a plain text file and each line of the file (except comment lines that begin with # and blank line) consists of the following simple format.
</p>

<blockquote>
<pre>
Keyword value ...
</pre>
</blockquote>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="listen"><code>listen</code></a></h3>

<p>
Specifies the network address and port number used by mdnsproxy to receive requests from the client.
</p>

<blockquote>
<p>
<code>listen</code> <var>&lt;address&gt;</var>
</p>
</blockquote>

<p>
<var>&lt;address&gt;</var> is specified using one of the following formats.
</p>

<blockquote>
<table summary="&lt;address&gt; format">
<tr><td><var>&lt;IP address&gt;</var>:<var>&lt;port number&gt;</var></td></tr>
<tr><td><var>:&lt;port number&gt;</var></td></tr>
<tr><td><var>&lt;IP address&gt;</var></td></tr>
</table>
</blockquote>

<p>
When <var>&lt;IP address&gt;</var> is omitted, <code>0.0.0.0</code>
(<code>INADDR_ANY</code>) is used and when <var>&lt;port number&gt;</var> is omitted, port number 53 is used.
When <code>listen</code> itself is omitted, <code>0.0.0.0:53</code> is used as <var>&lt;address&gt;</var>.
</p>

<p>
If the client uses a DNS server via mdnsproxy, set the address and port specified here as the DNS server. Many clients cannot change the port number, thus it is recommended that default port number 53 be used as is.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="forward"><code>forward</code></a></h3>

<p>
Specifies the original network address and port number of the DNS server used by mdnsproxy to transfer DNS requests and receive responses.
</p>

<blockquote>
<p>
<code>forward</code> <var>&lt;address&gt;</var> [ <code>bind4compat</code> ]
</p>
</blockquote>

<p>
The format of <var>&lt;address&gt;</var> is the same as the one for the above <a href="#listen"><code>listen</code></a>.
</p>

<p>
When <code>bind4compat</code> option is specified, the address and port specified by <code>listen</code> as the source address is used. This is a function of BIND 4 and it is assumed that UDP port is used under limited access. If this option is not specified, 1024 or greater source port is used.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="client-encoding"><code>client-encoding</code></a></h3>

<p>
Specifies the encoding of domain names at the client side.
</p>

<blockquote>
<p>
<code>client-encoding</code> <var>&lt;Encoding&gt;</var>
</p>
</blockquote>

<p>
The encoding of domain names in the DNS query sent by the client is converted to UTF-8 encoding that is used internally. Then normalization (described below) and conversion to server side encoding are performed after which the data is sent to the DNS server. The response from the DNS server is converted back to the original encoding and returned to the client.
</p>

<p>
The encoding names that can be used here depend on libmdn of mDNkit and iconv library to be used.
Since the encoding name used differs with the iconv library that is employed, check the library manual to confirm the encoding names that can be used. In addition to the encoding provided by iconv, libdmn supports the following encoding schemes recommended for multilingual DNS. <br>
The following encoding schemes are supported.
</p>

<blockquote>
<table summary="Encoding for multilingual DNS">
<tr><td>Punycode</td>
    <td><a href="../../reference/draft/draft-ietf-idn-punycode-00.txt">draft-ietf-idn-punycode-00.txt</a></td>
    </tr>
<tr><td>RACE</td>
    <td><a href="../../reference/draft/draft-ietf-idn-race-03.txt">draft-ietf-idn-race-03.txt</a></td>
    </tr>
<tr><td>DUDE</td>
    <td><a href="../../reference/draft/draft-ietf-idn-dude-02.txt">draft-ietf-idn-dude-02.txt</a></td>
    </tr>
</table>
</blockquote>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="mdn-conf-file"><code>mdn-conf-file</code></a></h3>

<p>
Specifies the configuration file names of libmdn attached to mDNkit.
</p>

<blockquote>
<p>
<code>mdn-conf-file</code> <var>&lt;path&gt;</var>
</p>
</blockquote>

<p>
mdnsproxy uses libmdn attched to mDNkit to perform multilingual domain-related processing. <code>mdn-conf-file</code> is used to specify the file name of the libmdn configuration file.
</p>

<p>
The file name can be specified by <code>-conf</code> command line option. When both are specifed, the command line operation specification takes precedence. If neither are not specified, the configuration file is loaded from <code>/usr/local/etc/mdn.conf</code>.
</p>

<p>
For information on how to describe the libmdn configuration file, refer to <a href="../guide/resolvconfig.html">Configuration of mDNkit</a>.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="log-file"><code>log-file</code></a></h3>

<p>
Specifies the file name for mdnsproxy to output the execution log.
</p>

<blockquote>
<p>
<code>log-file</code> <var>&lt;path&gt;</var>
</p>
</blockquote>

<p>
The log file name can also be specified with the <code>-logfile</code> command line option.  When both are specified, the command line option specification takes precedence.When neither are specified, the execution log is output to <code>/usr/local/var/mdnsproxy/mdnsproxy.log</code>. 
</p>

<p>
Note that the execution log is added to continuously and should be deleted from time to time.  When a hangup signal (SIGHUP) is sent to mdnsproxy, it temporarily closes the log file and then reopens it. This is a convenient command when the log file is to be archived.
</p>

<p>
When <code>syslog</code> is specified as <var>&lt;path&gt;</var>, log is output for syslog. When <code>stderr</code> is specified, log is output for standard error output.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="log-level"><code>log-level</code></a></h3>

<p>
Sets the log level.
</p>

<blockquote>
<p>
<code>log-level</code> <var>&lt;level&gt;</var>
</p>
</blockquote>

<p>
The following log level values can be specified.
</p>

<blockquote>
<dl>
<dt><code>none</code>
  <dd>No log is recorded. The absence of a log file makes it very difficult to identify the cause of a problem. If at all possible avoid using this level.
<dt><code>fatal</code>
  <dd>Outputs a log only when a fatal error occurs.
<dt><code>warn</code>
  <dd>Records warning messages in the log. This is the default used when no log level is specified.
<dt><code>trace</code>
  <dd>Outputs execution trace messages in the log. This level provides a detailed record of dnsproxy operation, which is helpful in determining the cause of a problem. As it records a large amount of data, it is best not used during normal operation.
</dl>
</blockquote>

<p>
When syslog is used to output logs, a fatal error message is output in priority ERR of syslog. In the same way, a warning level error message is output in priority WARNING and a trace message is output in priority DEBUG.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="mdn-log-level"><code>mdn-log-level</code></a></h3>

<p>
Sets the log level of libmdn.
</p>

<blockquote>
<p>
<code>mdn-log-level</code> <var>&lt;level&gt;</var>
</p>
</blockquote>

<p>
mdnsproxy uses libmdn attched to mDNkit to perform multilingual domain-related processing. <code>mdn-conf-file</code> is used to specify the file name of the libmdn configuration file, <code>mdn-log-level</code> is used to set the log related to internal processing of libmdn, and <a href="#log-level"><code>log-level</code></a> is used to set processing parts other than the above.
</p>

<p>
The following five log levels are defined.
</p>

<blockquote>
<ul>
<li><code>fatal</code> (= 0)
<li><code>error</code> (= 1)
<li><code>warning</code> (= 2)
<li><code>info</code> (= 3)
<li><code>trace</code> (= 4)
<li><code>dump</code> (= 5)
</ul>
</blockquote>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="syslog-facility"><code>syslog-facility</code></a></h3>

<p>
Sets syslog facility.
</p>

<blockquote>
<p>
<code>syslog-facility</code> <var>&lt;facility&gt;</var>
</p>
</blockquote>

<p>
The facility used when the log is output using syslog. When the log is not output using syslog, it is ignored. (To output a log using syslog, it is necessary to specify with <a href="#log-file"><code>log-file</code></a> or <code>-logfile</code> command line option.) When it is omitted, a <code>daemon</code> is used.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="user-id"><code>user-id</code></a></h3>

<p>
Specifies process owner's user id of mdnsproxy.
</p>

<blockquote>
<p>
<code>user-id</code> <var>&lt;user&gt;</var>
</p>
</blockquote>

<p>
Normally, mdnsproxy must be started up with root permission to use a privileged port, but continued use of root permission is not recommended for security reasons. With this specification, mdnsproxy runs under the specified user's control with a created privileged port before start of service.
</p>

<p>
var>&lt;user&gt;</var> allows you to specify user name or user ID number.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="group-id"><code>group-id</code></a></h3>

<p>
Specifies process owner's user id of mdnsproxy.
</p>

<blockquote>
<p>
<code>group-id</code> <var>&lt;group&gt;</var>
</p>
</blockquote>

<p>
This resembles the <code>user-id</code> entry, but differs from it in that it specifies a group in place of the user.
</p>

<p>
<var>&lt;group&gt;</var> can be specified by a group name or group ID number.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="root-directory"><code>root-directory</code></a></h3>

<p>
Specifies the root directory used with mdnsproxy.
</p>

<blockquote>
<p>
<code>root-directory</code> <var>&lt;path&gt;</var>
</p>
</blockquote>

<p>
This, also, is a security measure. By specifying the root directory used with mdnsproxy access cannot be made outside of this directory. This specification causes mdnsproxy to use chroot() system calls to set the specified directory as the root directory before starting service.
</p>

<p>
<var>&lt;path&gt;</var> specifies the name of the directory to be used as the root.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="allow-access"><code>allow-access</code></a></h3>

<p>
Sets the access restriction based on the IP address of clients to limit which clients have access to mdnsproxy.
</p>

<blockquote>
<p>
<code>allow-acccess</code> <var>&lt;where&gt;</var> ...
</p>
</blockquote>

<p>
<var>&lt;where&gt;</var> is specified using one of the following formats.
</p>

<blockquote>
<table summary="&lt;where&gt; format">
<tr><td><var>&lt;IP address&gt;</var></td></tr>
<tr><td><var>&lt;IP address&gt;</var>/<var>&lt;prefix-length&gt;</var></td></tr>
</table>
</blockquote>

<p>
The first one permits access from a host with a specific IP address. The latter permits access from hosts that has an address prefix specified by <var>&lt;IP address&gt;</var> and <var>&lt;prefix-length&gt;</var>. For example, when the following is specified,
</p>

<blockquote>
<p>
<code>allow-access 192.168.0.0/16</code>
</p>
</blockquote>

<p>
access is permitted from hosts whose upper 16 bits of address (prefix) is 192.168. 
</p>

<p>
More than one entry can be specified. When more than one entry is specified, access is permitted if one of them matches.
</p>

<p>
When this entry is not specified, access from all hosts is permitted.
</p>

<!-- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = -->
<h3><a name="log-on-denied"><code>log-on-denied</code></a></h3>

<p>
When a connection is rejected by the access restriction set in <a href="#allow-access"><code>allow-access</code></a>, whether it is recorded in the log is specified.
</p>

<blockquote>
<p>
<code>log-on-denied</code> <var>&lt;yes-or-no&gt;</var>
</p>
</blockquote>

<p>
<code>yes</code> or <code>no</code> can be specified. When yes is specified, the rejected connection is recorded in the log. If not, it is not recorded in the log.
</p>

<!-- =========================================================== -->
<hr>
<h2><a name="signal">Signal</a></h2>

<p>
When a hangup signal (SIGHUP) is sent to mdnsproxy, it temporarily closes the log file and then reopens it. This is to archive the log using the following steps. 

<ol>
<li>Use the <code>mv</code> command to create a log file under a different name.
<li>Send SIGHUP to mdnsproxy to open the new log file.
</ol>

</body>
</html>