03-07-2025, 04:40 PM
@the_bertrum
This exercise reminds me of working jigsaw puzzles with my late wife. She'd "accidentally" hide a piece or two under her arm so she could be the one to finish the puzzle.
Last night, I did as I mentioned in my last post and reserved IP addresses for the Ethernet and WiFi interfaces on my moOde player, modified the cert to include them as subject alternative names, and redid the enable HTTPS, etc., dance. Now Firefox and Chrome on my Pixel 6a seem to be behaving as I expected.
Came here this morning and found out this was already baked into your setup. Hmmm.
I don't believe mDNS is unreliable on my LAN or in Android per se. Every device is working fine with it and no device will succeed in accessing local hosts without it (or IP addresses, of course). When my router receives a request to resolve a local hostname, it appends an ISP-provided multi-level domain to it and passes the FQDN to upstream ISP servers for (unsuccessful) resolution. Are you using mDNS addressing because you can or because you must?
As for Firefox pointing out the obvious, I mentioned that only for sake of completeness because that's what Joe User will face when trying this. Firefox itself is a bit circumspect about it. For example, the "Use third party CA certificates" setting in mine says "Allows the use of third party certificates from the Android CA store." [italics added] What isn't said explicitly is that others will be allowed but will be considered insecure.
Tangential TODOs for me: figure out how to do some network sniffing of the WiFi traffic from my phone to read the DNS requests. Stand up a more typical subnet with the DHCP/DNS services seen on a typical home LAN to test in.
Suggest a few editorial chances to the guide doc.
For all that, the approach set forth in the guide doc seems to be working well enough in the main.
Regards,
Kent
This exercise reminds me of working jigsaw puzzles with my late wife. She'd "accidentally" hide a piece or two under her arm so she could be the one to finish the puzzle.
Quote:Point of difference 2, nope it's mDNS all the way for me as well. I'm using ".local" addresses throughout, although certs issued by my local CA also cover the (reserved) IPs of my players as belt and braces. If mDNS isn't reliable then getting the IP into the certificate will definitely improve things.
Last night, I did as I mentioned in my last post and reserved IP addresses for the Ethernet and WiFi interfaces on my moOde player, modified the cert to include them as subject alternative names, and redid the enable HTTPS, etc., dance. Now Firefox and Chrome on my Pixel 6a seem to be behaving as I expected.
Came here this morning and found out this was already baked into your setup. Hmmm.
I don't believe mDNS is unreliable on my LAN or in Android per se. Every device is working fine with it and no device will succeed in accessing local hosts without it (or IP addresses, of course). When my router receives a request to resolve a local hostname, it appends an ISP-provided multi-level domain to it and passes the FQDN to upstream ISP servers for (unsuccessful) resolution. Are you using mDNS addressing because you can or because you must?
As for Firefox pointing out the obvious, I mentioned that only for sake of completeness because that's what Joe User will face when trying this. Firefox itself is a bit circumspect about it. For example, the "Use third party CA certificates" setting in mine says "Allows the use of third party certificates from the Android CA store." [italics added] What isn't said explicitly is that others will be allowed but will be considered insecure.
Tangential TODOs for me: figure out how to do some network sniffing of the WiFi traffic from my phone to read the DNS requests. Stand up a more typical subnet with the DHCP/DNS services seen on a typical home LAN to test in.
Suggest a few editorial chances to the guide doc.
For all that, the approach set forth in the guide doc seems to be working well enough in the main.
Regards,
Kent
