[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: LLMNR Issue 58: DNS server usage of LLMNR

To: Christian Huitema <huitema@windows.microsoft.com>
Subject: RE: LLMNR Issue 58: DNS server usage of LLMNR
From: Bernard Aboba <aboba@internaut.com>
Date: Sun, 21 Dec 2003 08:05:29 -0800 (PST)
Cc: namedroppers@ops.ietf.org
In-reply-to: <DAC3FCB50E31C54987CD10797DA511BA06AC1850@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
References: <DAC3FCB50E31C54987CD10797DA511BA06AC1850@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>

> I am not sure this is such a "very bad idea". Take the example of an
> IPv6 home network. The ISP explicitly delegates an IPv6 prefix to the
> home router. The router advertises this prefix. Hosts configure
> addresses from this prefix. Since there is explicit prefix delegation to
> the router, we may expect the router to also receive delegation of the
> reverse lookup tree. In these conditions, it makes a lot of sense to use
> LLMNR to fulfill a DNS PTR request. If you look at it, the chain of
> trust is exactly the same as what we have today in IPv4, when a router
> fulfills a PTR request using whatever name the host asserted in a DHCP
> request.

The drafts currently discusses two scenarios:

a. Today with IPv4, home gateways typically act as both a DHCPv4 server
and DNS server, supporting dynamic DNS (via DHCP).  This allows them to answer
both A and PTR queries for the names of hosts on the local network.  Such
routers typically answer AAAA queries for local hosts they don't know with
RCODE=3 or, for hosts they do know, but for which there is no AAAA RR, with
RCODE=0 and no RRs.  This causes the querying host to send an LLMNR query
for the AAAA RR or corresponding PTR.

b. If the router supports IPv6, as well as acting as a DNS server, and
supports DHCPv6Lite, then it would also be able to support dynamic DNS
(via DHCPv6lite) and could answer AAAA and PTR queries without need of LLMNR.

Given that both a) and b) scenarios already work, I'm looking to come up
with a scenario in which DNS server usage of LLMNR queries helps.

One possible scenario would be where only some of the local IPv6 hosts are
LLMNR capable and support DHCPv6lite.  Hosts that do not support DHCPv6lite
might not be able to register their AAAA and corresponding PTR RRs with
the DNS server authoritative for the names of local hosts (e.g. the router).
Other hosts might support DHCPv6 lite, but might not be able to act as
either an LLMNR sender or responder.

In such a situation, an LLMNR-incapable host might send a DNS query for a
AAAA or PTR RR of a host that didn't support DHCPv6lite, but could act as
an LLMNR responder.  The DNS server would respond with RCODE=3, at which
point the querier would have no recourse, since it doesn't support LLMNR.
However, if the DNS server sent an LLMNR query for the name, it would get
an answer which it could relay back to the querier.

Is this a likely scenario? It seems quite likely to me that we will have
hosts that support DHCPv6lite but not LLMNR, but I'm not sure about hosts
that support LLMNR but not DHCPv6lite.  You need to posit both types of
hosts for scenario c) to apply.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: LLMNR Issue 58: DNS server usage of LLMNR
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

References:
- RE: LLMNR Issue 58: DNS server usage of LLMNR
  - From: "Christian Huitema" <huitema@windows.microsoft.com>

Prev by Date: Re: LLMNR Issue 58: DNS server usage of LLMNR
Next by Date: Re: LLMNR Issue 58: DNS server usage of LLMNR
Previous by thread: Re: LLMNR Issue 58: DNS server usage of LLMNR
Next by thread: Re: LLMNR Issue 58: DNS server usage of LLMNR
Index(es):
- Date
- Thread