[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LLMNR considreed harmful

To: Keith Moore <moore@cs.utk.edu>, discuss@apps.ietf.org
Subject: Re: LLMNR considreed harmful
From: Martin Duerst <duerst@w3.org>
Date: Wed, 07 May 2003 11:50:12 -0400
Cc: iesg@ietf.org
In-reply-to: <20030506235938.2c551071.moore@cs.utk.edu>

Hello Keith,

This seems to be a serious problem. Could you give some
more information, at least some pointers to the relevant
drafts and an expansion of LLMNR?

Regards,     Martin.

At 23:59 03/05/06 -0400, Keith Moore wrote:

Folks,

it's happening again.

the dnsext working group is in revision 18 of a draft that drastically and
incompatibly changes the DNS API, out from under every application that uses
DNS.  they've made all  kinds of efforts to avoid having LLMNR pollute DNS
caches, but done nothing to avoid polluting applications that use DNS and make
similar assumptions about DNS integrity.   in fact the document explicitly
suggests overloading the existing APIs so that lookups intended for DNS will
under some conditions instead be redirected to LLMNR - even though LLMNR is
supposed to look up a completely different set of names.  (though the
examples are all written in terms of FQDNs.)

furthermore it is entirely possible that some hosts on a link will have their
queries sent to DNS while others will have their queries handled by LLMNR
servers, again completely transparently to the applications, producing
inconsistent results for identical queries.

the amazing thing is that they're in revision 18 and still have these
fundamental flaws.

Follow-Ups:
- Re: LLMNR considreed harmful
  - From: Keith Moore <moore@cs.utk.edu>

References:
- LLMNR considreed harmful
  - From: Keith Moore <moore@cs.utk.edu>

Prev by Date: RE: Evaluating a draft on restricting posting rights
Next by Date: **Revised Telechat Timetable**
Previous by thread: LLMNR considreed harmful
Next by thread: Re: LLMNR considreed harmful
Index(es):
- Date
- Thread