diff --git a/lib/mdns.js b/lib/mdns.js
index 60fe873..2c6ef0c 100644
--- a/lib/mdns.js
+++ b/lib/mdns.js
@@ -31,7 +31,7 @@ var randomId = {
   }
 };
 
-function createResponse(name, packet, ttl, mainPort) {
+function createResponse(name, ownerIds, packet, ttl, mainPort) {
   var rpacket = {
     header: {
       id: packet.header.id
@@ -97,12 +97,21 @@ function createResponse(name, packet, ttl, mainPort) {
   , target: name + ".local"
   });
   rpacket.additional.push({
-    name: name + '._device-info._tcp.local'
+    name: name + '._device-info.' + queryName
   , typeName: 'TXT'
   , ttl: ttl
   , className: 'IN'
   , data: ["model=CloudHome1,1", "dappsvers=1"]
   });
+  ownerIds.forEach(function (id) {
+    rpacket.additional.push({
+      name: name + '._owner-id.' + queryName
+    , typeName: 'TXT'
+    , ttl: ttl
+    , className: 'IN'
+    , data: [id]
+    });
+  });
 
   return require('dns-suite').DNSPacket.write(rpacket);
 }
@@ -134,9 +143,23 @@ module.exports.start = function (deps, config, mainPort) {
     if (packet.question.length !== 1 || packet.question[0].name !== queryName) {
       return;
     }
+    if (packet.question[0].typeName !== 'PTR' || packet.question[0].className !== 'IN' ) {
+      return;
+    }
 
-    randomId.get().then(function (name) {
-      var resp = createResponse(name, packet, config.mdns.ttl, mainPort);
+    var proms = [
+      randomId.get()
+    , deps.storage.owners.all().then(function (owners) {
+        // The ID is the sha256 hash of the PPID, which shouldn't be reversible and therefore
+        // should be safe to expose without needing authentication.
+        return owners.map(function (owner) {
+          return owner.id;
+        });
+      })
+    ];
+
+    PromiseA.all(proms).then(function (results) {
+      var resp = createResponse(results[0], results[1], packet, config.mdns.ttl, mainPort);
       var now = Date.now();
       if (now > nextBroadcast) {
         socket.send(resp, config.mdns.port, config.mdns.broadcast);
diff --git a/packages/apis/com.daplie.goldilocks/index.js b/packages/apis/com.daplie.goldilocks/index.js
index eb3d88b..6c94f14 100644
--- a/packages/apis/com.daplie.goldilocks/index.js
+++ b/packages/apis/com.daplie.goldilocks/index.js
@@ -12,13 +12,6 @@ module.exports.create = function (deps, conf) {
 
   var api = deps.api;
 
-  /*
-  var owners;
-  deps.storage.owners.on('set', function (_owners) {
-    owners = _owners;
-  });
-  */
-
   function handleCors(req, res, methods) {
     if (!methods) {
       methods = ['GET', 'POST'];
@@ -65,7 +58,7 @@ module.exports.create = function (deps, conf) {
 
   return {
     init: function (req, res) {
-      if (handleCors(req, res, 'POST')) {
+      if (handleCors(req, res, ['GET', 'POST'])) {
         return;
       }
       if (req.method !== 'POST') {
@@ -75,6 +68,18 @@ module.exports.create = function (deps, conf) {
         return;
       }
 
+      if ('POST' !== req.method) {
+        // It should be safe to give the list of owner IDs to an un-authenticated
+        // request because the ID is the sha256 of the PPID and shouldn't be reversible
+        return deps.storage.owners.all().then(function (results) {
+          var ids = results.map(function (owner) {
+            return owner.id;
+          });
+          res.setHeader('Content-Type', 'application/json');
+          res.end(JSON.stringify(ids));
+        });
+      }
+
       jsonParser(req, res, function () {
 
       return deps.PromiseA.resolve().then(function () {