[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-manning-dnsext-mdns) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 RFC 4795

DNSEXT Working Group                                        Levon Esibov
INTERNET-DRAFT                                             Bernard Aboba
Category: Standards Track                                    Dave Thaler
<draft-ietf-dnsext-mdns-09.txt>                                Microsoft
February 21 2002


              Link-Local Multicast Name Resolution (LLMNR)

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC 2026.

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that other groups
may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

Copyright Notice

Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

Today, with the rise of home networking, there are an increasing number
of ad-hoc networks operating without a DNS server. In order to allow
name resolution in such environments, Link-Local Multicast Name
Resolution (LLMNR) is proposed.














Esibov, Aboba & Thaler       Standards Track                    [Page 1]


INTERNET-DRAFT                    LLMNR                February 21, 2002


Table of Contents

1.     Introduction ..........................................    2
2.     Name resolution using LLMNR ...........................    3
   2.1       Behavior of the sender and responder ............    4
3.     Usage model ...........................................    7
   3.1       LLMNR configuration .............................    7
4.     Sequence of events ....................................    8
5.     Conflict resolution ...................................    8
   5.1       Considerations for multiple interfaces ..........   10
   5.2       API issues ......................................   11
6.     Security considerations ...............................   12
7.     IANA considerations ...................................   13
8.     Normative References ..................................   13
9.     Informative References ................................   13
Acknowledgments ..............................................   14
Authors' Addresses ...........................................   14
Intellectual Property Statement ..............................   15
Full Copyright Statement .....................................   15


1.  Introduction

Link-Local Multicast Name Resolution (LLMNR) enables name resolution in
the scenarios when conventional DNS name resolution is not possible. The
main scenarios that require introduction of a new name resolution
mechanism are:

1. Multiple computers connected to the same network within the same
link-local scope. These computers are not configured with an IP address
of any DNS server. Users of these computers need to locate other
computers by their DNS names.

2. Home networks that don't contain a DNS server, but are connected to
the Internet through an ISP. The network hosts are configured with the
ISP's DNS server, which provides the name resolution for the names
registered on the Internet, but doesn't provide name resolution for the
names of the hosts on the network. Users of the computers on the home
network need to locate other computers by their DNS names.

This document discusses Link-Local Multicast Name Resolution (LLMNR),
which operates on a separate port from DNS, with a distinct resolver
cache, but does not change the format of DNS packets.

Service discovery in general, as well as discovery of DNS servers using
LLMNR in particular is outside of the scope of this document, as is name
resolution over non-multicast capable media.

In this document, the key words "MAY", "MUST,  "MUST  NOT", "OPTIONAL",
"RECOMMENDED",  "SHOULD",  and  "SHOULD  NOT",  are to be interpreted as
described in [RFC2119].


Esibov, Aboba & Thaler       Standards Track                    [Page 2]


INTERNET-DRAFT                    LLMNR                February 21, 2002


2.  Name resolution using LLMNR

While operating on a different port with a distinct resolver cache,
LLMNR makes no change to the current format of DNS packets.

Link-Local Multicast Name Resolution queries are sent to and received on
port 5353 using a LINKLOCAL address as specified in "Administratively
Scoped IP Multicast" [RFC2365] for IPv4 and the "solicited name"
LINKLOCAL multicast addresses for IPv6, and using a unicast addresses in
a few scenarios described below in Section 3.  The LLMNR LINKLOCAL
address to be used for IPv4 is 224.0.0.251.  LINKLOCAL addresses are
used to prevent propagation of LLMNR traffic across routers, potentially
flooding the network.

Propagation of LLMNR packets on the local link is considered sufficient
to enable name resolution in small adhoc networks. The assumption is
that if a network has a router, then the network either has a DNS server
or the router can function as a DNS proxy.

By implementing DHCPv4 as well as a DNS proxy and dynamic DNS, routers
can provide name resolution for the names of IPv4 hosts on the local
network. Where the DNS proxy supports AAAA RRs, resolution for the names
of dual stack IPv6 hosts on the local network can also be provided using
this mechanism.

Within small adhoc IPv6 networks, stateful autoconfiguration is the most
likely configuration mechanism. If DHCPv6 is not present, then in order
to support resolution of names of IPv6-only hosts on the local network,
the DNS proxy will need to support dynamic client update as well as DNS
over IPv6.

Given the above mechanisms enabling DNS name resolution in small
networks with a router, it is assumed that LLMNR need not be enabled by
default.

In the future, LLMNR may be defined to support greater than LINKLOCAL
multicast scope.  This would occur if LLMNR deployment is successful,
the assumption that LLMNR is not needed on multiple links proves
incorrect, and multicast routing becomes ubiquitous.  For example, it is
not clear that this assumption will be valid in large adhoc networking
scenarios.

Once we have experience in LLMNR deployment in terms of administrative
issues, usability and impact on the network it will be possible
reevaluate which multicast scopes are appropriate for use with LLMNR.








Esibov, Aboba & Thaler       Standards Track                    [Page 3]


INTERNET-DRAFT                    LLMNR                February 21, 2002


2.1.  Behavior of the sender and responder

For the purpose of this document a host that sends a LLMNR query is
called a "sender", while a host that listens to (but not necessarily
responds to) a LLMNR query is called "responder". Although the same
host may be configured as a "sender", but not a "responder" and vice
versa, i.e. as a "responder", but not a "sender", the host configured as
a "responder" MUST act as a sender by using LLMNR dynamic update
requests to verify the uniqueness of names as described in Section 5.


2.1.1.  Behavior of senders

A sender sends an LLMNR query for any legal Type of resource record
(e.g. A, PTR, etc.) to the LINKLOCAL address. Notice that in some
scenarios described below in Section 3 a sender may also send a unicast
query. The RD (Recursion Desired) bit MUST NOT be set. If a responder
receives a query with the header containing RD set bit, the responder
MUST ignore the RD bit.

The IPv6 LINKLOCAL address a given responder  listens to, and to which a
sender sends, is a link-local multicast address formed as follows: The
name of the resource record in question is expressed in its canonical
form (see [RFC2535], section 8.1), which is uncompressed with all
alphabetic characters in lower case.  The first label of the resource
record name is then hashed using the MD5 algorithm, described in
[RFC1321].  The first 32 bits of the resultant 128-bit hash is then
appended to the prefix FF02:0:0:0:0:2::/96 to yield the 128-bit
"solicited name multicast address".  (Note: this procedure is intended
to be the same as that specified in section 3 of "IPv6 Node Information
Queries" [NodeInfo]).  A responder that listens for queries for multiple
names will necessarily listen to multiple of these solicited name
multicast addresses.

If the LLMNR query is not resolved during a limited amount of time
(LLMNR_TIMEOUT), then a sender MAY repeat the transmission of a query in
order to assure themselves that the query has been received by a host
capable of responding to the query.

Repetition MUST NOT be attempted more than 3 times and SHOULD NOT be
repeated more often than once per second to reduce unnecessary network
traffic. The delay between attempts should be randomized so as to avoid
synchronization effects.


2.1.2.  Behavior of responders

A responder listens on port 5353 on the LINKLOCAL address and on the
unicast address(es) that could be set as the source address(es) when the
responder responds to the LLMNR query. Responders MUST respond to



Esibov, Aboba & Thaler       Standards Track                    [Page 4]


INTERNET-DRAFT                    LLMNR                February 21, 2002


LLMNR queries to those and only those names for which they are
authoritative. As an example, computer "host.example.com." is
authoritative for the domain "host.example.com.". On receiving a LLMNR A
record query for the name "host.example.com." such a host responds with
A record(s) that contain IP address(es) in the RDATA of the record.

In conventional DNS terminology a DNS server authoritative for a zone is
authoritative for all the domain names under the zone root except for
the branches delegated into separate zones. Contrary to conventional DNS
terminology, a responder is authoritative only for the zone root. For
example the host "host.example.com." is not authoritative for the name
"child.host.example.com." unless the host is configured with multiple
names, including "host.example.com."  and "child.host.example.com.". The
purpose of limiting the name authority scope of a responder is to
prevent complications that could be caused by coexistence of two or more
hosts with the names representing child and parent (or grandparent)
nodes in the DNS tree, for example, "host.example.com." and
"child.host.example.com.".

In this example (unless this limitation is introduced) a LLMNR query
for an A record for the name "child.host.example.com." would result in
two authoritative responses: name error received from
"host.example.com.", and a requested A record - from
"child.host.example.com.". To prevent this ambiguity, LLMNR enabled
hosts could perform a dynamic update of the parent (or grandparent) zone
with a delegation to a child zone. In this example a host
"child.host.example.com." would send a dynamic update for the NS and
glue A record to "host.example.com.", but this approach significantly
complicates implementation of LLMNR and would not be acceptable
for lightweight hosts.

A response to a LLMNR query is composed in exactly the same manner
as a response to the unicast DNS query as specified in [RFC1035].
Responders MUST never respond using cached data, and the AA
(Authoritative Answer) bit MUST be set. The response is sent to the
sender via unicast.  A response to an LLMNR query MUST have RCODE set to
zero. Responses with RCODE set to zero are referred to in this document
as "positively resolved". LLMNR responders may respond only to queries
which they can resolve positively.

If a TC (truncation) bit is set in the response, then the sender MAY use
the response if it contains all necessary information, or the sender MAY
discard the response and resend the query over TCP or using EDNS0 with
larger window using the unicast address of the responder. The RA
(Recursion Available) bit in the header of the response MUST NOT be set.
Even if the RA bit is set in the response header, the sender MUST ignore
it.






Esibov, Aboba & Thaler       Standards Track                    [Page 5]


INTERNET-DRAFT                    LLMNR                February 21, 2002


2.1.3.  LLMNR addressing

For IPv4 LINKLOCAL addressing, section 2.4 of "Dynamic Configuration of
IPv4 Link-Local Addresses" [IPV4Link] lays out the rules with respect to
source address selection, TTL settings, and acceptable
source/destination address combinations. IPv6 is described in [RFC2460];
IPv6 LINKLOCAL addressing is described in [RFC2373]. LLMNR queries and
responses MUST obey the rules laid out in these documents.

In composing an LLMNR response, the responder MUST set the Hop Limit
field in the IPv6 header and the TTL field in IPv4 header of the LLMNR
response to 255. The sender MUST verify that the Hop Limit field in IPv6
header and TTL field in IPv4 header of each response to the LLMNR query
is set to 255. If it is not, then sender MUST ignore the response.

   Implementation note:

   In the sockets API for IPv4, the IP_TTL and IP_MULTICAST_TTL socket
   options are used to specify the TTL of outgoing unicast and multicast
   packets. The IP_RECVTTL socket option is available on some platforms
   to receive the IPv4 TTL of received packets with recvmsg(). [RFC2292]
   specifies similar options for specifying and receiving the IPv6 Hop
   Limit.


2.1.4.  Use of LLMNR TTL

The responder should use a pre-configured TTL value in the records
returned in the LLMNR query response. Due to the TTL minimalization
necessary when caching an RRset, all TTLs in an RRset MUST be set to the
same value.  In the additional and authority section of the response the
responder includes the same records as a DNS server would insert in the
response to the unicast DNS query.


2.1.5.  No/multiple responses

The sender MUST anticipate receiving no replies to some LLMNR queries,
in the event that no responders are available within the linklocal
multicast scope, or in the event that no positive non-null responses
exist for the transmitted query.  If no positive response is received,
a resolver treats it as a response that no records of the specified
type and class for the specified name exist (NXRRSET).

The sender MUST anticipate receiving multiple replies to the same LLMNR
query, in the event that several LLMNR enabled computers receive the
query and respond with valid answers. When this occurs, the responses
MAY first be concatenated, and then treated in the same manner that
multiple RRs received from the same DNS server would, ordinarily.
However, after receiving an initial response, the sender is not required
to wait for LLMNR_TIMEOUT for additional responses.


Esibov, Aboba & Thaler       Standards Track                    [Page 6]


INTERNET-DRAFT                    LLMNR                February 21, 2002


3.  Usage model

Although the same host may be configured as a "sender", but not a
"responder" and vice versa, i.e. as a "responder", but not "sender", the
host configured as a "responder" MUST at least use "sender"'s capability
to send LLMNR dynamic update requests to verify the uniqueness of the
names as it is described in Section 5. An LLMNR "sender" MAY multicast
requests for any name. If that name is not qualified and does not end in
a trailing dot, for the purposes of LLMNR, the implicit search order is
as follows:

[1]  Request the name with the current domain appended.

[2]  Request just the name.

This is the behavior suggested by [RFC1536].  LLMNR uses this technique
to resolve unqualified host names.

If a DNS server is running on a host that supports LLMNR, the DNS server
MUST respond to LLMNR queries only for the RRSets owned by the host on
which the server is running, but MUST NOT respond for the records for
which the server is authoritative.

A sender MUST NOT send a unicast LLMNR query except when:
  a. A sender repeats a query after it received a response
     to the previous LLMNR query with the TC bit set, or

  b. The sender's LLMNR cache contains an NS resource record that
     enables the sender to send a query directly to the hosts
     authoritative for the name in the query.

A responder with a name "host.example.com." configured to respond to the
LLMNR queries is authoritative for the name "host.example.com.". For
example, when a responder with the name "host.example.com." receives an
A type LLMNR query for the name "host.example.com." it authoritatively
responds to the query.

The same host MAY use LLMNR queries for the resolution of the local
names, and conventional DNS queries for resolution of other DNS names.


3.1.  LLMNR configuration

LLMNR usage can be configured manually or automatically.  On interfaces
where no manual or automatic configuration has been performed for a
given protocol (IPv4 or IPv6), LLMNR SHOULD be enabled by default for
that protocol.

For IPv6, the stateless DNS discovery mechanisms described in "IPv6
Stateless DNS Discovery" [DNSDisc] can be used to discover whether
LLMNR should be enabled or disabled on a per-interface basis.


Esibov, Aboba & Thaler       Standards Track                    [Page 7]


INTERNET-DRAFT                    LLMNR                February 21, 2002

Where DHCPv4 or DHCPv6 is implemented, DHCP options can be used to
configure LLMNR on an interface. The LLMNR Enable Option, described in
[mDNSEnable], can be used to explicitly enable or disable use of LLMNR
on an interface. The LLMNR Enable Option does not determine whether or
in which order DNS itself is used for name resolution.  The order in
which various name resolution mechanisms should be used can be specified
using the Name Service Search Option for DHCP, [RFC2937].

Note that it is possible for LLMNR to be enabled for use with IPv6 at
the same time it is disabled for IPv4, and vice versa. For example,
where a home gateway implements a DNS proxy and DHCPv4, but not DHCPv6
or DNS autoconfiguration, there may be no mechanism for allowing
IPv6-only hosts to resolve the names of other IPv6-only hosts on the
home network. In this situation, LLMNR is useful for resolution of
dynamic names, and it will be enabled for use with IPv6, even though it
is disabled for use with IPv4.


4.  Sequence of events

The sequence of events for LLMNR usage is as follows:

1. If a sender needs to resolve a query for a name "host.example.com",
   then it sends a LLMNR query to the LINKLOCAL multicast address.

2. A responder responds to this query only if it is authoritative
   for the domain name "host.example.com". The responder sends
   a response to the sender via unicast over UDP.

3. Upon the reception of the response, the sender verifies that the Hop
   Limit field in IPv6 header or TTL field in IPv4 header (depending on
   the protocol used) of the response is set to 255. The sender then
   verifies compliance with the addressing requirements for IPv4,
   described in [IPV4Link], and IPv6, described in [RFC2373]. If these
   conditions are met, then the sender uses and caches the returned
   response. If not, then the sender ignores the response and continues
   waiting for the response.

5.  Conflict resolution

There are some scenarios when multiple responders MAY respond to the
same query. There are other scenarios when only one responder may
respond to a query. Resource records for which the latter queries are
submitted are referred as UNIQUE throughout this document. The
uniqueness of a resource record depends on a nature of the name in the
query and type of the query. For example it is expected that:

   - multiple hosts may respond to a query for a SRV type record
   - multiple hosts may respond to a query for an A type record for a
     cluster name (assigned to multiple hosts in the cluster)
   - only a single host may respond to a query for an A type record for
     a hostname.


Esibov, Aboba & Thaler       Standards Track                    [Page 8]


INTERNET-DRAFT                    LLMNR                February 21, 2002

Every responder that responds to a LLMNR
query and/or dynamic update request AND includes a UNIQUE record in the
response:

   1. MUST verify that there is no other host within the scope of the
      LLMNR query propagation that can return a resource record
      for the same name, type and class.
   2. MUST NOT include a UNIQUE resource record in the
      response without having verified its uniqueness.

Where a host is configured to respond to LLMNR queries on more than one
interface, the host MUST verify resource record uniqueness on each
interface for each UNIQUE resource record that could be used on that
interface. To accomplish this, the host MUST send a dynamic LLMNR update
request for each new UNIQUE resource record. Format of the dynamic LLMNR
update request is identical to the format of the dynamic DNS update
request specified in [RFC2136]. Uniqueness verification is carried out
when the host:

  - starts up or
  - is configured to respond to the LLMNR queries on some interface or
  - is configured to respond to the LLMNR queries using additional
    UNIQUE resource records.

Below we describe the data to be specified in the dynamic update
request:

Header section
     contains values according to [RFC2136].

Zone section
     The zone name in the zone section MUST be set to the name of the
     UNIQUE record. The zone type in the zone section MUST be set to
     SOA. The zone class in the zone section MUST be set to the class of
     the UNIQUE record.

Prerequisite section
     This section MUST contain a record set whose semantics are
     described in [RFC2136], Section 2.4.3 "RRset Does Not Exist",
     requesting that RRs with the NAME and TYPE of the UNIQUE record do
     not exist.

Update section
     This section MUST be left empty.

Additional section
     This section is set according to [RFC2136].

When a host that owns a UNIQUE record receives a dynamic update request
that requests that the UNIQUE resource record set does not exist, the
host MUST respond via unicast with the YXRRSET error, according to the
rules described in Section 3 of [RFC2136].


Esibov, Aboba & Thaler       Standards Track                    [Page 9]


INTERNET-DRAFT                    LLMNR                February 21, 2002


After the client receives an YXRRSET response to its dynamic update
request stating that a UNIQUE resource record does not exist, the host
MUST check whether the response arrived on another interface. If this is
the case, then the client can use the UNIQUE resource record in response
to LLMNR queries and dynamic update requests. If not, then it MUST
NOT use the UNIQUE resource record in response to LLMNR
queries and dynamic update requests.

Note that this name conflict detection mechanism doesn't prevent name
conflicts when previously partitioned segments are connected by a
bridge.  In such a situation, name conflicts are detected when a sender
receives more than one response to its LLMNR query. In this case, the
sender sends the first response that it received to all responders that
responded to this query except the first one, using unicast. A host that
receives a query response containing a UNIQUE resource record that it
owns, even if it didn't send such a query, MUST verify that no other
host within the LLMNR scope is authoritative for the same name, using
the dynamic LLMNR update request mechanism described above.

Based on the result, the host detects whether there is a name conflict
and acts as described above.


5.1.  Considerations for Multiple Interfaces

A multi-homed host may elect to configure LLMNR on only one of its
active interfaces. In many situations this will be adequate.  However,
should a host wish to configure LLMNR on more than one of its active
interfaces, there are some additional precautions it MUST take.
Implementers who are not planning to support LLMNR on multiple
interfaces simultaneously may skip this section.

A multi-homed host checks the uniqueness of UNIQUE records as described
in Section 5. The situation is illustrated in figure 1 below:

     ----------  ----------
      |      |    |      |
     [A]    [myhost]   [myhost]

   Figure 1. LINKLOCAL name conflict

In this situation, the multi-homed myhost will probe for, and defend,
its host name on both interfaces. A conflict will be detected on one
interface, but not the other. The multi-homed myhost will not be able to
respond with a host RR for "myhost" on the interface on the right (see
Figure 1). The multi-homed host may, however, be configured to use the
"myhost" name on the interface on the left.






Esibov, Aboba & Thaler       Standards Track                   [Page 10]


INTERNET-DRAFT                    LLMNR                February 21, 2002


Since names are only unique per-link, hosts on different links could be
using the same name.  If an LLMNR client sends requests over multiple
interfaces, and receives replies from more than one, the result returned
to the client is defined by the implementation.  The situation is
illustrated in figure 2 below.

     ----------  ----------
      |      |    |     |
     [A]    [myhost]   [A]


   Figure 2. Off-segment name conflict

If host myhost is configured to use LLMNR on both interfaces, it will
send LLMNR queries on both interfaces.  When host myhost sends a query
for the host RR for name "A" it will receive a response from hosts on
both interfaces.

Host myhost will then forward a response from the first responder to the
second responder, who will attempt to verify the uniqueness of host RR
for its name, but will not discover a conflict, since the conflicting
host resides on a different link.  Therefore it will continue using its
name.

Indeed, host myhost cannot distinguish between the situation shown in
Figure 2, and that shown in Figure 3 where no conflict exists:

             [A]
            |   |
        -----   -----
            |   |
           [myhost]

   Figure 3. Multiple paths to same host

This illustrates that the proposed name conflict resolution mechanism
does not support detection or resolution of conflicts between hosts on
different links.  This problem can also occur with unicast DNS when a
multi-homed host is connected to two different networks with separated
name spaces. It is not the intent of this document to address the issue
of uniqueness of names within DNS.

5.2.  API issues

[RFC2553] provides an API which can partially solve the name ambiguity
problem for applications written to use this API, since the sockaddr_in6
structure exposes the scope within which each scoped address exists, and
this structure can be used for both IPv4 (using v4-mapped IPv6





Esibov, Aboba & Thaler       Standards Track                   [Page 11]


INTERNET-DRAFT                    LLMNR                February 21, 2002


addresses) and IPv6 addresses.

Following the example in Figure 2, an application on 'myhost' issues the
request getaddrinfo("A", ...) with ai_family=AF_INET6 and
ai_flags=AI_ALL|AI_V4MAPPED.  LLMNR requests will be sent from both
interfaces and the resolver library will return a list containing
multiple addrinfo structures, each with an associated sockaddr_in6
structure.  This list will thus contain the IPv4 and IPv6 addresses of
both hosts responding to the name 'A'.  Link-local addresses will have a
sin6_scope_id value that disambiguates which interface is used to reach
the address.  Of course, to the application, Figures 2 and 3 are still
indistinguishable, but this API allows the application to communicate
successfully with any address in the list.

6.  Security Considerations

This draft does not prescribe a means of securing the LLMNR mechanism.
It is possible that hosts will allocate conflicting names for a period
of time, or that non-conforming hosts will attempt to deny service to
other hosts by allocating the same name. Such attacks also allow nodes
to receive packets destined for other nodes. The protocol reduces the
exposure to such threats in the absence of authentication by ignoring
LLMNR query response packets received from off-link senders.

In order to prevent responses to LLMNR queries from polluting the DNS
cache, LLMNR implementations MUST use a distinct, isolated cache for
LLMNR.

In all received responses, the Hop Limit field in IPv6 and the TTL field
in IPv4 are verified to contain 255, the maximum legal value.  Since
routers decrement the Hop Limit on all packets they forward, received
packets containing a Hop Limit of 255 must have originated from a
neighbor.

These threats are most serious in wireless networks such as 802.11,
since attackers on a wired network will require physical access to the
home network, while wireless attackers may reside outside the home.
Link-layer security will serve to secure LLMNR against the above threats
if it is available. For example, where 802.11 "Wired Equivalency
Privacy" (WEP) [IEEE80211] is implemented, a casual attacker is likely
to be deterred from gaining access to the home network.

The  mechanism specified in this draft does not require use of DNSSEC.
As a result, responses to LLMNR queries MAY NOT be authenticated. If
authentication is desired, and a pre-arranged security configuration is
possible, then IPsec ESP with a null-transform MAY be used to
authenticate LLMNR responses. In a small network without a certificate
authority, this can be most easily accomplished through configuration of





Esibov, Aboba & Thaler       Standards Track                   [Page 12]


INTERNET-DRAFT                    LLMNR                February 21, 2002


a group pre-shared key for trusted hosts.

7.  IANA Considerations

This specification does not create any new name spaces for IANA
administration.  Since it uses a port (5353) and link scope multicast
IPv4 address (224.0.0.251) previously allocated for use with LLMNR, no
additional IANA allocations are required.

8.  Normative References

[RFC1035]      Mockapetris, P., "Domain Names - Implementation and
               Specification", RFC 1035, November 1987.

[RFC2119]      Bradner, S., "Key words for use in RFCs to Indicate
               Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2136]      Vixie, P., Thomson, S., Rekhter, Y., Bound, J., "Dynamic
               Updates in the Domain Name System (DNS UPDATE)", RFC
               2136, April 1997.

[RFC2365]      Meyer, D., "Administratively Scoped IP Multicast", BCP
               23, RFC 2365, July 1998.

[RFC2373]      Hinden, R., Deering, S., "IP Version 6 Addressing
               Architecture", RFC 2373, July 1998.

[RFC2460]      Deering, S. and R. Hinden, "Internet Protocol, Version 6
               (IPv6) Specification", RFC 2460, December 1998.

[RFC2535]      Eastlake, D., "Domain Name System Security Extensions",
               RFC 2535, March 1999.

[RFC2937]      Smith, C., "The Name Service Search Option for DHCP", RFC
               2937, September 2000.

[IPV4Link]     Cheshire, S., Aboba, B., "Dynamic Configuration of IPv4
               Link-Local Addresses", Internet draft (work in progress),
               draft-ietf-zeroconf-ipv4-linklocal-05.txt, November 2001.

[mDNSEnable]   Guttman, E., "DHCP mDNS Enable Option", Internet
               draft (work in progress), draft-guttman-mdns-
               enable-01.txt, July 2001.

9.  Informative References

[RFC1321]      Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
               April 1992.





Esibov, Aboba & Thaler       Standards Track                   [Page 13]


INTERNET-DRAFT                    LLMNR                February 21, 2002


[RFC1536]      Kumar, A., et. al. "DNS Implementation Errors and
               Suggested Fixes", RFC 1536, October 1993.

[RFC2292]      Stevens, W., Thomas, M., "Advanced Sockets API for IPv6",
               RFC 2292, February 1998.

[RFC2434]      Alvestrand, H. and T. Narten, "Guidelines for Writing an
               IANA Considerations Section in RFCs", BCP 26, RFC 2434,
               October 1998.

[RFC2553]      Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic
               Socket Interface Extensions for IPv6", RFC 2553, March
               1999.

[IEEE80211]    Information technology - Telecommunications and
               information exchange between systems - Local and
               metropolitan area networks - Specific Requirements Part
               11:  Wireless LAN Medium Access Control (MAC) and
               Physical Layer (PHY) Specifications, IEEE Std.
               802.11-1997, 1997.

[DNSDisc]      Thaler, D., Hagino, I., "IPv6 Stateless DNS Discovery",
               Internet draft (work in progress), draft-ietf-ipngwg-dns-
               discovery-02.txt, July 2001.

[NodeInfo]     Crawford, Matt, "IPv6 Node Information Queries", Internet
               draft (work in progress), draft-ietf-ipn-gwg-icmp-name-
               lookups-07.txt, August 2000.

Acknowledgments

This work builds upon original work done on multicast DNS by Bill
Manning and Bill Woodcock. Bill Manning's work was funded under DARPA
grant #F30602-99-1-0523. The authors gratefully acknowledge their
contribution to the current specification.  Constructive input has also
been received from Mark Andrews, Stuart Cheshire, Robert Elz, Rob
Austein, James Gilroy, Olafur Gudmundsson, Erik Guttman, Myron Hattig,
Thomas Narten, Erik Nordmark, Sander Van-Valkenburg, Tomohide
Nagashima and Brian Zill.

Authors' Addresses

Levon Esibov
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

EMail: levone@microsoft.com





Esibov, Aboba & Thaler       Standards Track                   [Page 14]


INTERNET-DRAFT                    LLMNR                February 21, 2002


Bernard Aboba
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

Phone: +1 425 706 6605
EMail: bernarda@microsoft.com

Dave Thaler
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052

Phone: +1 425 703 8835
EMail: dthaler@microsoft.com

Intellectual Property Statement

The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to  pertain
to the implementation or use of the technology described in this
document or the extent to which any license under such rights might or
might not be available; neither does it represent that it has made any
effort to identify any such rights.  Information on the IETF's
procedures with respect to rights in standards-track and standards-
related documentation can be found in BCP-11.  Copies of claims of
rights made available for publication and any assurances of licenses to
be made available, or the result of an attempt made to obtain a general
license or permission for the use of such proprietary rights by
implementors or users of this specification can be obtained from the
IETF Secretariat.

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary rights
which may cover technology that may be required to practice this
standard.  Please address the information to the IETF Executive
Director.

Full Copyright Statement

Copyright (C) The Internet Society (2001).  All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included
on all such copies and derivative works.  However, this document itself
may not be modified in any way, such as by removing the copyright notice





Esibov, Aboba & Thaler       Standards Track                   [Page 15]


INTERNET-DRAFT                    LLMNR                February 21, 2002


or references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into
languages other than English.  The limited permissions granted above are
perpetual and will not be revoked by the Internet Society or its
successors or assigns.  This document and the information contained
herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."

Expiration Date

This memo is filed as <draft-ietf-dnsext-mdns-09.txt>,  and  expires
August 21, 2002.





Esibov, Aboba & Thaler       Standards Track                   [Page 16]

Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/