RE: LLMNR Issue 58: DNS server usage of LLMNR

["Christian Huitema" <huitema@windows.microsoft.com>]

> DNS servers are prohibited from responding to LLMNR queries except
with
> RRs they own. However, DNS servers are not prohibited from sending
> LLMNR queries in order to resolve DNS queries. This seems like a very
bad
> idea.
> 
> Add the following sentence to Section 2.2:
> 
> "DNS servers also MUST NOT send LLMNR queries in order to resolve DNS
> queries."

I am not sure this is such a "very bad idea". Take the example of an
IPv6 home network. The ISP explicitly delegates an IPv6 prefix to the
home router. The router advertises this prefix. Hosts configure
addresses from this prefix. Since there is explicit prefix delegation to
the router, we may expect the router to also receive delegation of the
reverse lookup tree. In these conditions, it makes a lot of sense to use
LLMNR to fulfill a DNS PTR request. If you look at it, the chain of
trust is exactly the same as what we have today in IPv4, when a router
fulfills a PTR request using whatever name the host asserted in a DHCP
request.

This is just one scenario. I am convinced there may be others. "MUST
NOT" is way too strong.

-- Christian Huitema

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>