Solution
Markvision Discovery Function and mDNS
The discovery operation starts by sending a unicast mDNS packet to the address supplied by the discovery profile. Markvision will never use the 'multicast' function of this protocol, nor will it send data to a known multicast address. Section 5.5 of RFC 6762 defines the allowance and behavior of Direct Unicast Queries to Port 5353. The printer ensures that such queries are always answered via direct unicast back to the queriers address. This request is to obtain the host TXT record of a Lexmark printer. The printer replies directly back to the server with its response. The structure of that response contains several fields of interest: Hostname (as defined in the printer), IP Address, Gateway, Netmask, UAA MAC Address, Serial Number, 1284 Device ID, NPA Family ID, as well as the security state of the printer.
When mDNS is enabled in the printer, it replies to multicast mDNS request issued from peers on the local subnet of the printer if that request is for the hostname assigned to the printer. As previously mentioned, Markvision will never use the ‘multicast’ part of this protocol and will never send data to a known multicast address. Lexmark advises that the printer should never be exposed directly to the open internet, nor should the local subnet or any clients on that subnet be exposed to the internet.
If the printer does not respond to the initial mDNS query (the port is blocked/protocol disabled etc.), then MVE makes other attempts to discover the printer. If these alternate mechanisms fail because security is set or the alternate protocols are blocked, then the discovery fails. If an alternate protocol is successful such as SNMP as an example, then the printer is marked as “discovered”; however, since the security state cannot be determined, the printer will not be marked as “secured.” This behavior can be problematic if other functions like Enforcement, Conformance, Audit etc. are attempted and a credential is required.
If the printers response indicates that security is not set or if there is no response after multiple attempts, the discovery process will continue and MVE will attempt to gather other discovery data using alternate paths. Depending on the age of the printer and its security classification, it could try SNMP, LST, NPA, HTTPS, and/or SNMP V3. Sometimes, MVE can obtain enough information using these alternate paths to store the printer in the database.