0

I'm building an iOS app that uses Bonjour for device discovery on the same WiFi network. It works fine on some networks, but not on others (like Starbucks or Panera). The devices see themselves, but not each other.

I got a tip that these networks may be using Split Horizon DNS. I've confirmed that I cannot ping one device from another.

The problem is, I want to show an error message if the WiFi network won't work.

I thought maybe I wouldn't be able to ping myself on such a network, but I can.

What is the best strategy for detecting Split Horizon from a single device? In other words, I cannot ping another device at runtime since I don't know anything about other devices.

bendytree
  • 132
  • 5
  • 4
    Are you sure this has anything to do with split DNS? Sounds to me like they just configure their wireless networks to disallow client to client communication, which is fairly common for public wireless networks - there's no good reason to allow two clients to get at each other in a wifi hotspot. I can't really think of a way to detect this though unless you're aware of a device that should be available, but can't be reached (which obviously isn't available in your case) – USD Matt May 27 '13 at 19:30
  • @USDMatt I'm not sure at all, Split Horizon was someone else's diagnosis. All I know is that the devices can't ping each other or see each other via bonjour. – bendytree May 27 '13 at 20:46

3 Answers3

6

Places like Starbucks use device isolation purposely so that one client can't talk to another. It's by design.

This really has nothing to do with DNS.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Ultimately I'm looking for a way to detect the isolation so I can warn users. Do you have any suggestions to that end? – bendytree May 27 '13 at 20:47
  • @bendytree USDMatt is correct, there is no way to 'prove' this unless you have another known device to detect. – Dan May 27 '13 at 22:30
3

As mentioned, this is almost certainly due to wireless clients being isolated. It makes perfect sense to do this on public wifi networks and I'd be surprised if any public networks don't do it. (With client to client communication enabled someone could sit on the network trying to hack other users devices. It's a large security risk for users and when you're providing a hotspot for Internet access what's the point in allowing clients to see each other).

If you can't ping other clients at all (by IP address) then it clearly has nothing to do with DNS.

I can't see any way to detect this and there is no real simple solution to get round it. Some apps use a central server which all clients connect to, which relays data between clients (such as IM apps), although depending on the goal of your app that may not be a viable solution.

The most obvious answer is that your app will just have to tell the user it can't find any other clients, maybe with a more information button/section that details the fact that it may not be able to discover other clients on certain networks (especially public ones).

USD Matt
  • 5,381
  • 15
  • 23
1

Here's an idea that could at least partially diagnose client isolation, assuming iOS has access to the device ARP table: ping each valid address for the subnet, and see if any entries for those addresses (other than the gateway) show up in the ARP table. If they do, you know that at least layer 2 traffic is getting passed and isolation is probably not in effect. If no entries appear, you can at least tell the user there's a good possibility of isolation if there are other users nearby.

That's just based on network protocol theory -- I've never coded in iOS so I have no idea how to implement. Good luck!

Noah Stahl
  • 453
  • 2
  • 8
  • Awesome idea, I implemented something similar where I ping addresses in the arp table. If one fails then I show a warning. I'll probably end up showing false positives, but it's just a warning. – bendytree May 31 '13 at 02:33
  • Yeah, that could work assuming the targets allow ping. If they have firewalls you might assume traffic is getting blocked by the access point when it's actually getting blocked by the device. Either way, probably nothing foolproof. – Noah Stahl May 31 '13 at 17:00