35. Bonjour / mDNS aniqlash

OpenClaw faol Gateway (WebSocket endpoint) ni aniqlash uchun faqat LAN doirasidagi qulaylik sifatida Bonjour (mDNS / DNS‑SD) dan foydalanadi. 37. Bu best‑effort bo‘lib, SSH yoki Tailnet asosidagi ulanishni almashtirmaydi.

38. Tailscale orqali keng hududli Bonjour (Unicast DNS‑SD)

Agar tugun va gateway turli tarmoqlarda bo‘lsa, multicast mDNS chegaradan o‘tmaydi. 40. Tailscale orqali unicast DNS‑SD (“Wide‑Area Bonjour”) ga o‘tib, xuddi shu aniqlash UX’ini saqlab qolishingiz mumkin.
Yuqori darajadagi qadamlar:
1. Gateway xostida DNS serverni ishga tushiring (Tailnet orqali yetib boriladigan).
1. Ajratilgan zona ostida _openclaw-gw._tcp uchun DNS‑SD yozuvlarini e’lon qiling (misol: openclaw.internal.).
1. Tanlangan domeningiz mijozlar (jumladan iOS) uchun o‘sha DNS server orqali yechilishi uchun Tailscale split DNS ni sozlang.

OpenClaw istalgan aniqlash domenini qo‘llab-quvvatlaydi; openclaw.internal. faqat misol.
iOS/Android tugunlari local. va siz sozlagan keng hududli domenni birgalikda ko‘rib chiqadi.

47. Gateway konfiguratsiyasi (tavsiya etiladi)

50. openclaw dns setup --apply

49. Bir martalik DNS server sozlamasi (gateway xosti)

50. openclaw dns setup --apply

Bu CoreDNS’ni o‘rnatadi va uni quyidagicha sozlaydi:

1. 53‑portda faqat gateway’ning Tailscale interfeyslarida tinglaydi
1. tanlangan domeningizni (misol: openclaw.internal.) ~/.openclaw/dns/<domain>.db dan xizmat qiladi

Tailnet’ga ulangan mashinadan tekshiring:

5. dns-sd -B _openclaw-gw._tcp openclaw.internal.
dig @<TAILNET_IPV4> -p 53 _openclaw-gw._tcp.openclaw.internal PTR +short

6. Tailscale DNS sozlamalari

Tailscale admin konsolida:

1. Gateway’ning tailnet IP manziliga (UDP/TCP 53) yo‘naltirilgan nameserver qo‘shing.
1. Discovery domeningiz shu nameserver’dan foydalanishi uchun split DNS qo‘shing.

Mijozlar tailnet DNS’ni qabul qilgach, iOS tugunlari multicast’siz discovery domeningizda _openclaw-gw._tcp ni ko‘ra oladi.

11. Gateway tinglovchi xavfsizligi (tavsiya etiladi)

Gateway WS porti (standart 18789) sukut bo‘yicha loopback’ga bog‘lanadi. 13. LAN/tailnet kirish uchun, aniq bog‘lang va autentifikatsiyani yoqilgan holda qoldiring.
Faqat tailnet sozlamalari uchun:

1. ~/.openclaw/openclaw.json faylida gateway.bind: "tailnet" ni o‘rnating.
1. Gateway’ni qayta ishga tushiring (yoki macOS menyubar ilovasini qayta ishga tushiring).

17. Nimalar e’lon qilinadi

Faqat Gateway _openclaw-gw._tcp ni e’lon qiladi.

19. Xizmat turlari

1. _openclaw-gw._tcp — gateway transport beacon (macOS/iOS/Android tugunlari tomonidan ishlatiladi).

21. TXT kalitlari (maxfiy bo‘lmagan ishoralar)

Gateway UI jarayonlarini qulay qilish uchun kichik, maxfiy bo‘lmagan ishoralarni e’lon qiladi:

role=gateway
displayName=<friendly name>
lanHost=<hostname>.local
gatewayPort=<port> (Gateway WS + HTTP)
1. gatewayTls=1 (faqat TLS yoqilganida)
1. gatewayTlsSha256=<sha256> (faqat TLS yoqilgan va fingerprint mavjud bo‘lganda)
canvasPort=<port> (faqat canvas host yoqilganda; hozirda gatewayPort bilan bir xil)
1. sshPort=<port> (o‘zgartirilmagan bo‘lsa, sukut bo‘yicha 22)
transport=gateway
1. cliPath=<path> (ixtiyoriy; ishga tushiriladigan openclaw kirish nuqtasiga mutlaq yo‘l)
1. tailnetDns=<magicdns> (Tailnet mavjud bo‘lganda ixtiyoriy ishora)

Xavfsizlik bo‘yicha eslatmalar:

Bonjour/mDNS TXT yozuvlari autentifikatsiyalanmagan. Mijozlar TXT ni ishonchli marshrutlash manbasi sifatida qabul qilmasliklari kerak.
Mijozlar marshrutlashni aniqlangan xizmat endpointi (SRV + A/AAAA) orqali amalga oshirishlari kerak. lanHost, tailnetDns, gatewayPort va gatewayTlsSha256 ni faqat maslahat sifatida qabul qiling.
TLS pinlash hech qachon e’lon qilingan gatewayTlsSha256 ga oldin saqlangan pinni bekor qilishga ruxsat bermasligi kerak.
iOS/Android tugunlari discovery asosidagi to‘g‘ridan-to‘g‘ri ulanishlarni faqat TLS sifatida qabul qilishi va birinchi marta ko‘rilgan fingerprintga ishonishdan oldin foydalanuvchining aniq tasdig‘ini talab qilishi kerak.

34. macOS’da nosozliklarni tuzatish

Foydali o‘rnatilgan vositalar:

1. Instansiyalarni ko‘rish:
```
37. dns-sd -B _openclaw-gw._tcp local.
```

Bitta instansiyani aniqlash ( <instance> ni almashtiring):

39. dns-sd -L "<instance>" _openclaw-gw._tcp local.

Agar ko‘rish ishlasa, lekin aniqlash ishlamasa, odatda LAN siyosati yoki mDNS rezolver muammosiga duch kelasiz.

41. Gateway loglarida nosozliklarni tuzatish

Gateway aylanuvchi log faylini yozadi (ishga tushishda quyidagicha chop etiladi: gateway log file: ...). 43. Ayniqsa bonjour: qatorlariga e’tibor bering:

bonjour: advertise failed ...
1. `bonjour: …
2. name conflict resolved/hostname conflict resolved47.bonjour: watchdog detected non-announced service …`
1. iOS tugunida nosozliklarni tuzatish

Keng tarqalgan nosozlik holatlari

Loglarni olish uchun:

To capture logs:

Settings → Gateway → Advanced → Discovery Debug Logs
Settings → Gateway → Advanced → Discovery Logs → reproduce → Copy

The log includes browser state transitions and result‑set changes.

Common failure modes

Bonjour doesn’t cross networks: use Tailnet or SSH.
workdir, env
Sleep / interface churn: macOS may temporarily drop mDNS results; retry.
Browse works but resolve fails: keep machine names simple (avoid emojis or punctuation), then restart the Gateway. The service instance name derives from the host name, so overly complex names can confuse some resolvers.

Escaped instance names (`\032`)

Bonjour/DNS‑SD often escapes bytes in service instance names as decimal \DDD sequences (e.g. spaces become \032).

This is normal at the protocol level.
Multicast bloklangan: ba’zi Wi‑Fi tarmoqlari mDNS’ni o‘chirib qo‘yadi.

Disabling / configuration

OPENCLAW_DISABLE_BONJOUR=1 disables advertising (legacy: OPENCLAW_DISABLE_BONJOUR).
gateway.bind in ~/.openclaw/openclaw.json controls the Gateway bind mode.
OPENCLAW_SSH_PORT overrides the SSH port advertised in TXT (legacy: OPENCLAW_SSH_PORT).
OPENCLAW_TAILNET_DNS publishes a MagicDNS hint in TXT (legacy: OPENCLAW_TAILNET_DNS).
OPENCLAW_CLI_PATH overrides the advertised CLI path (legacy: OPENCLAW_CLI_PATH).

Discovery policy and transport selection: Discovery
Node pairing + approvals: Gateway pairing

Shlyuz

Masofaviy kirish

Veb interfeyslar

34. Bonjour aniqlash

35. Bonjour / mDNS aniqlash

38. Tailscale orqali keng hududli Bonjour (Unicast DNS‑SD)

47. Gateway konfiguratsiyasi (tavsiya etiladi)

49. Bir martalik DNS server sozlamasi (gateway xosti)

6. Tailscale DNS sozlamalari

11. Gateway tinglovchi xavfsizligi (tavsiya etiladi)

17. Nimalar e’lon qilinadi

19. Xizmat turlari

21. TXT kalitlari (maxfiy bo‘lmagan ishoralar)

34. macOS’da nosozliklarni tuzatish

41. Gateway loglarida nosozliklarni tuzatish

Keng tarqalgan nosozlik holatlari

Common failure modes

Escaped instance names (`\032`)

Disabling / configuration

Shlyuz

Masofaviy kirish

Veb interfeyslar

​35. Bonjour / mDNS aniqlash

​38. Tailscale orqali keng hududli Bonjour (Unicast DNS‑SD)

​47. Gateway konfiguratsiyasi (tavsiya etiladi)

​49. Bir martalik DNS server sozlamasi (gateway xosti)

​6. Tailscale DNS sozlamalari

​11. Gateway tinglovchi xavfsizligi (tavsiya etiladi)

​17. Nimalar e’lon qilinadi

​19. Xizmat turlari

​21. TXT kalitlari (maxfiy bo‘lmagan ishoralar)

​34. macOS’da nosozliklarni tuzatish

​41. Gateway loglarida nosozliklarni tuzatish

​Keng tarqalgan nosozlik holatlari

​Common failure modes

​Escaped instance names (\032)

​Disabling / configuration

​Related docs

35. Bonjour / mDNS aniqlash

38. Tailscale orqali keng hududli Bonjour (Unicast DNS‑SD)

47. Gateway konfiguratsiyasi (tavsiya etiladi)

49. Bir martalik DNS server sozlamasi (gateway xosti)

6. Tailscale DNS sozlamalari

11. Gateway tinglovchi xavfsizligi (tavsiya etiladi)

17. Nimalar e’lon qilinadi

19. Xizmat turlari

21. TXT kalitlari (maxfiy bo‘lmagan ishoralar)

34. macOS’da nosozliklarni tuzatish

41. Gateway loglarida nosozliklarni tuzatish

Keng tarqalgan nosozlik holatlari

Common failure modes

Escaped instance names (`\032`)

Disabling / configuration

Related docs