[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LLMNR Issue 58: DNS server usage of LLMNR

To: Bernard Aboba <aboba@internaut.com>
Subject: Re: LLMNR Issue 58: DNS server usage of LLMNR
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Mon, 22 Dec 2003 06:51:31 +0900
Cc: Christian Huitema <huitema@windows.microsoft.com>, namedroppers@ops.ietf.org
In-reply-to: <Pine.LNX.4.56.0312211322380.10835@internaut.com>
References: <DAC3FCB50E31C54987CD10797DA511BA06AC1850@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <Pine.LNX.4.56.0312210739260.23403@internaut.com> <3FE6013C.5030804@necom830.hpcl.titech.ac.jp> <Pine.LNX.4.56.0312211322380.10835@internaut.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Bernard Aboba;

	LLMNR is expected to be useful for nodes on an isolated
	IP network with a single link, but not beyond that. LLMNR
	MUST NOT be used by nodes connected to the Internet nor
	an isolated IP network with multiple links.

Whether the network is "isolated" or "connected to the Internet" is
very hard to determine.  A host may be able to reach some Internet
prefixes, and not be able to reach others.  Similarly, the radius of the
network may also be hard to determine.

It is trivially easy for an administrator of the network.

LLMNR use is restricted to situations in which DNS servers are not
configured, where DNS servers do not respond or where
DNS responds with RCODE=3 or RCODE=0 and no RRs.


The problem is that, LLMNR is still not useful unless the network
is an isolated single link that LLMNR should never be attempted
otherwise.

However, the host is not obliged to dig deeper to  understand *why* these
situations occur,

Agreed, but it is not my point.

Given the difficulty you mentioned, I think it is also necessary
to request that LLMNR functionality is, by default, turned off.

Masataka Ohta

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- RE: LLMNR Issue 58: DNS server usage of LLMNR
  - From: "Christian Huitema" <huitema@windows.microsoft.com>
- RE: LLMNR Issue 58: DNS server usage of LLMNR
  - From: Bernard Aboba <aboba@internaut.com>
- Re: LLMNR Issue 58: DNS server usage of LLMNR
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
- Re: LLMNR Issue 58: DNS server usage of LLMNR
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: Re: LLMNR Issue 58: DNS server usage of LLMNR
Next by Date: LLMNR Issue 60: Uniqueness check on linkup
Previous by thread: Re: LLMNR Issue 58: DNS server usage of LLMNR
Next by thread: LLMNR Issue 59: Miscellaneous Issues
Index(es):
- Date
- Thread