Mac OS X,  Mass Deployment

LoginHook Bonjour

Want users to be able to use Bonjour at home without having their systems registering with Bonjour when they’re on your network?

Many environments have taken to wholesale disabling Bonjour. This can be done by augmenting the LaunchDaemon that invokes Bonjour, com.apple.mDNSResponder.plist that is located at /System/Library/LaunchDaemons. You add a -NoMulticastAdvertisements to the ProgramArguments array. This can be done with the defaults command as so:

defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array-add “-NoMulticastAdvertisements”

This can then be undone by writing the contents you want back into the array without the -NoMulticastAdvertisements:

defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array /usr/sbin/mDNSResponder -launchd

This is somewhat well documented, initially appearing as an Apple kbase article. However, we should keep in mind that computers, especially laptops, have a tendency to go home with people. Therefore, you may very well want to fire Bonjour back up in the event that your users are not in your environment. Prior to Mac OS X 10.6 (aka 10.5 and below) you could edit the /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/Kicker.xml file to add a shell script and upon network change it would fire off an event to run some script that you craft. In this case, the script you might run would be a simple look for some variable you decide to key off of and run one of the two above commands based on an if/then keyed off against whether the name mybigserver.mydomain.com has a valid hostname (we’re assuming it does in your network and it does not when not in your network):

if [ $(host mybigserver.mydomain.com | grep -ic “not found:”) > 0 ]; then
defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array /usr/sbin/mDNSResponder -launchd
else
defaults write /System/Library/LaunchDaemons/com.apple.mDNSResponder ProgramArguments -array-add “-NoMulticastAdvertisements”
fi

You can also use this as a login hook or the if/then swapped out with one another as a logout hook; customize to your hearts content. You could even run it at boot time or on a scheduled interval, instead of as a login hook. Now, the simple fact is that since this is easy, it’s tempting. But luckily some really smart guys thought of a better way to do this kind of thing (not relying on a login or logout hook). They though that the old 10.5 Kicker was a much better solution and came up with the next best thing, crankd, which allows you to fire off a shell script (maybe one similar to the one here) when the network status changes. Thanks to all involved with this project.