Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' toProposed

On Mon, 2005-09-05 at 15:02 +0300, Markku Savela wrote:
> LLMNR does create extra queries to root servers. Lets say I have named
> my local devices in LLMNR as
>
>  "fridge"
>  "tv"
>  "vcr"
>  "myserver"
Which would be easily "solved" for both mDNS (when not restricting
to .local) by first asking the local network using mDNS/LLMNR and then
asking DNS. Which takes away the worry of flooding (root) dns servers.
(Misconfigured machines are a bigger problem there)

This has a *huge* security issue of course when some one starts replying
to all those queries with false data (www.paypal.com anyone?, or
responding for www.ietf.org and putting all kind of naughty words in the
drafts ;)

Then again, hosts on the local network can already easily respond to
normal DNS queries too by flooding the switch with MAC addresses,
putting it into broadcast mode and then simply responding to queries. Of
course one will then get some dupes back from the original one which
will make things a bit confusing, but most resolvers don't care about
those and simply ignore them anyway (afaik). I guess we want DNSSec
here, but that was the whole point -> zeroconf...

That said, it would be really good if both mDNS/LLMNR had a 'off'
switch. When a real DNS server responds then we have a working DNS
server, with mDNS/LLMNR being targetted at zero-conf networks,
apparently, as we have DNS, these networks are configured, they have a
working DNS server, thus mDNS/LLMNR is not required. Folks can then use
DDNS and other methods for registering names.

Another thing one could do then is have a real DNS server respond
directly to these mDNS/LLMNR queries, which avoids one to even configure
a DNS server.

Greets,
 Jeroen

signature.asc
Description: This is a digitally signed message part

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf