Bonjour uses Multicast DNS (mDNS) to provide the ability to perform DNS-like operations on the local link in the absence of any conventional Unicast DNS server. Bonjour requires little or no administration or configuration to set up. It works when no infrastructure is present, and it works during infrastructure failures. This design assumes cooperation of participants. In a hostile environment other mechanisms must be used to ensure the cooperation of participants or to distinguish untrusted Multicast DNS messages.
In wireless environments, WPA2-PSK or better encryption should be used to ensure only trusted parties are active on the network. In open network environments (e.g., Wi-Fi hotspots) administrators should implement appropriate mitigations.
These mitigations might include:
- advertising services using unicast Wide-Area Bonjour, configured manually or automatically using one of the emerging Bonjour Hybrid Proxy gateway products; or
- using other Bonjour gateway products available from Wi-Fi access point vendors.