As always Thank you very much Mr. Wilmer, really appreciate each second you spend making this videos. Something to ask that suppose that I have a Guest network and a Server Network and I want to see the printers in guest network by applying this method. Does this create a security issue on the server Network? I mean, is it secure to apply?
You're welcome, and I appreciate your kind words! To be secure, you can create firewall rules that allow traffic from the server to the printers and also permit established connections, but block any new connections initiated by the printers except to the ports that you require. This ensures that only the server can initiate communication, and the printers can only respond to the server’s requests.
Thanks for sharing . Now that you have talk about Mulitcast DNS . Can you present a topic on Mulitcast Ip and how we can benefit from it in an ISP environment generally. Thanks sir 🙏🙏
Great question! Security shouldn’t rely on DNS itself; all security should be enforced at the firewall level. If there are networks where communication isn’t allowed, this must be explicitly blocked by firewall rules. Only traffic you trust and need should be allowed. Additionally, mDNS is designed for small, SOHO networks with smart devices, where it helps dynamically discover devices like printers and TVs. It’s not intended for large-scale environments, as it can generate unnecessary traffic and congestion. So, for home or small offices, it works well, but beyond that, other solutions may be better. Personally, I always recommend fine-tuning the firewall to allow only the necessary traffic, which helps mitigate any security risks while using mDNS effectively.
Bryan Ward has a video ( ruclips.net/video/miRV8qDOKBE/видео.html ) discussing the devastating effects broadcast and multicast (like mDNS) has on campus Wifi networks and why it must be aggressively filtered. You can do this kind of filtering in the bridge filter of your Mikrotik access points on ingress and egress.
Hello! Can this work between VLAN and WIREGUARD networks? I have enabled the new Media server (UPNP) on the router and I would like to see it when I'm connecting through Wireguard.
This is really cool , I set it up and it works great , what I have seen is after I disable it , mDNS still looks to be working , any reason why this would be still working even after removing it from my MikroTik?
Very Informative Video Thanks
Thank you!
As always Thank you very much Mr. Wilmer, really appreciate each second you spend making this videos.
Something to ask that suppose that I have a Guest network and a Server Network and I want to see the printers in guest network by applying this method.
Does this create a security issue on the server Network? I mean, is it secure to apply?
You're welcome, and I appreciate your kind words!
To be secure, you can create firewall rules that allow traffic from the server to the printers and also permit established connections, but block any new connections initiated by the printers except to the ports that you require. This ensures that only the server can initiate communication, and the printers can only respond to the server’s requests.
Thanks for sharing . Now that you have talk about Mulitcast DNS . Can you present a topic on Mulitcast Ip and how we can benefit from it in an ISP environment generally. Thanks sir 🙏🙏
Great suggestion! Thank you
What about security perspective for mDns and also it makes a lot of network congestion.
Great question! Security shouldn’t rely on DNS itself; all security should be enforced at the firewall level. If there are networks where communication isn’t allowed, this must be explicitly blocked by firewall rules. Only traffic you trust and need should be allowed.
Additionally, mDNS is designed for small, SOHO networks with smart devices, where it helps dynamically discover devices like printers and TVs. It’s not intended for large-scale environments, as it can generate unnecessary traffic and congestion. So, for home or small offices, it works well, but beyond that, other solutions may be better.
Personally, I always recommend fine-tuning the firewall to allow only the necessary traffic, which helps mitigate any security risks while using mDNS effectively.
Bryan Ward has a video ( ruclips.net/video/miRV8qDOKBE/видео.html ) discussing the devastating effects broadcast and multicast (like mDNS) has on campus Wifi networks and why it must be aggressively filtered. You can do this kind of filtering in the bridge filter of your Mikrotik access points on ingress and egress.
can you pls make a video about 802.1x , with radius server nps from a windows server to asign dynamic vlan's based on account from nps server?
Hello!
This is on my to-do list. Thank you for your suggestion.
Hello! Can this work between VLAN and WIREGUARD networks?
I have enabled the new Media server (UPNP) on the router and I would like to see it when I'm connecting through Wireguard.
This is really cool , I set it up and it works great , what I have seen is after I disable it , mDNS still looks to be working , any reason why this would be still working even after removing it from my MikroTik?
Hello!
The values should be in the cache. Clear the cache and the PC/Device will not longer have the information.