Mac OS X,  Mac Security,  Mass Deployment

Disabling Bonjour

Love it or not, some environments insist on disabling Bonjour, Apple’s implementation of Multicast DNS. Despite the fact that mDNS has been around since 2000 and is widely used by Microsoft, we still look to disable this from time to time. As Arek Dreyer mentioned last week at MacSysAdmin in Gothenburg, Sweden, you can’t just disable the mDNSResponder LaunchDaemon or you will bork DNS (my word I think, not his). Instead, to disable Bonjour you would add the -NoMulticastAdvertisements option into the ProgramArguments array in the /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist file. This can be done manually, or it can be automated with the following command:

defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array “/usr/sbin/mDNSResponder” “-launchd” “-NoMulticastAdvertisements”

To undo this, you would run:

defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array “/usr/sbin/mDNSResponder” “-launchd”

If you have other elements in the array you could also use the following to simply append to the end of it:

defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array-add “-NoMulticastAdvertisements”

When I got home from MacSysAdmin, I had a request to disable Multicast DNS in Debian, which was done by editing the Avahi daemon. The file was avahi-daemon (aptly named) located in the /etc/default directory. The settting to change in there is AVAHI_DAEMON_START which needs to be set to 0.