draft-ietf-dnsext-mdns-09.txt   draft-ietf-dnsext-mdns-10.txt 
DNSEXT Working Group Levon Esibov DNSEXT Working Group Levon Esibov
INTERNET-DRAFT Bernard Aboba INTERNET-DRAFT Bernard Aboba
Category: Standards Track Dave Thaler Category: Standards Track Dave Thaler
<draft-ietf-dnsext-mdns-09.txt> Microsoft <draft-ietf-dnsext-mdns-10.txt> Microsoft
February 21 2002 23 March 2002
Link-Local Multicast Name Resolution (LLMNR) Linklocal Multicast Name Resolution (LLMNR)
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC 2026. provisions of Section 10 of RFC 2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts. may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
skipping to change at page 1, line 31 skipping to change at page 1, line 31
or to cite them other than as "work in progress." or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
Today, with the rise of home networking, there are an increasing number Today, with the rise of home networking, there are an increasing number
of ad-hoc networks operating without a DNS server. In order to allow of ad-hoc networks operating without a DNS server. In order to allow
name resolution in such environments, Link-Local Multicast Name name resolution in such environments, Link-Local Multicast Name
Resolution (LLMNR) is proposed. Resolution (LLMNR) is proposed.
Table of Contents Table of Contents
1. Introduction .......................................... 2 1. Introduction .......................................... 3
2. Name resolution using LLMNR ........................... 3 2. Name resolution using LLMNR ........................... 3
2.1 Behavior of the sender and responder ............ 4 2.1 Behavior of the sender and responder ............ 4
3. Usage model ........................................... 7 3. Usage model ........................................... 7
3.1 LLMNR configuration ............................. 7 3.1 LLMNR configuration ............................. 8
4. Sequence of events .................................... 8 4. Sequence of events .................................... 9
5. Conflict resolution ................................... 8 5. Conflict resolution ................................... 9
5.1 Considerations for multiple interfaces .......... 10 5.1 Considerations for multiple interfaces .......... 11
5.2 API issues ...................................... 11 5.2 API issues ...................................... 12
6. Security considerations ............................... 12 6. Security considerations ............................... 13
7. IANA considerations ................................... 13 6.1 Scope restriction ............................... 13
8. Normative References .................................. 13 6.2 Usage restriction ............................... 14
9. Informative References ................................ 13 6.3 Cache and port separation ....................... 15
Acknowledgments .............................................. 14 6.4 Authentication .................................. 15
Authors' Addresses ........................................... 14 7. IANA considerations ................................... 15
Intellectual Property Statement .............................. 15 8. Normative References .................................. 15
Full Copyright Statement ..................................... 15 9. Informative References ................................ 16
Acknowledgments .............................................. 17
Authors' Addresses ........................................... 17
Intellectual Property Statement .............................. 18
Full Copyright Statement ..................................... 18
1. Introduction 1. Introduction
Link-Local Multicast Name Resolution (LLMNR) enables name resolution in
the scenarios when conventional DNS name resolution is not possible. The
main scenarios that require introduction of a new name resolution
mechanism are:
1. Multiple computers connected to the same network within the same
link-local scope. These computers are not configured with an IP address
of any DNS server. Users of these computers need to locate other
computers by their DNS names.
2. Home networks that don't contain a DNS server, but are connected to
the Internet through an ISP. The network hosts are configured with the
ISP's DNS server, which provides the name resolution for the names
registered on the Internet, but doesn't provide name resolution for the
names of the hosts on the network. Users of the computers on the home
network need to locate other computers by their DNS names.
This document discusses Link-Local Multicast Name Resolution (LLMNR), This document discusses Link-Local Multicast Name Resolution (LLMNR),
which operates on a separate port from DNS, with a distinct resolver which operates on a separate port from DNS, with a distinct resolver
cache, but does not change the format of DNS packets. cache, but does not change the format of DNS packets.
The goal of LLMNR is to enable name resolution in scenarios in which
conventional DNS name resolution is not possible. These include
scenarios in which hosts are not configured with the address of a DNS
server.
Since IPv4 and IPv6 utilize distinct configuration mechanisms, it is
possible for a dual stack host to be configured with the address of a
DNS server for IPv4, while remaining unconfigured with a DNS server
suitable for use with IPv6. Since automatic IPv6 DNS configuration
mechanisms such as [DHCPv6DNS] and [DNSDisc] are not yet widely
deployed, such "partially configuration" may be common in the short
term. However, in the long term, IPv6 DNS configuration will become more
common so that LLMNR will typically be restricted to adhoc networks in
which neither IPv4 nor IPv6 DNS servers are configured.
Service discovery in general, as well as discovery of DNS servers using Service discovery in general, as well as discovery of DNS servers using
LLMNR in particular is outside of the scope of this document, as is name LLMNR in particular is outside of the scope of this document, as is name
resolution over non-multicast capable media. resolution over non-multicast capable media.
In this document, the key words "MAY", "MUST, "MUST NOT", "OPTIONAL", In this document, the key words "MAY", "MUST, "MUST NOT", "OPTIONAL",
"RECOMMENDED", "SHOULD", and "SHOULD NOT", are to be interpreted as "RECOMMENDED", "SHOULD", and "SHOULD NOT", are to be interpreted as
described in [RFC2119]. described in [RFC2119].
2. Name resolution using LLMNR 2. Name resolution using LLMNR
While operating on a different port with a distinct resolver cache, While operating on a different port with a distinct resolver cache,
LLMNR makes no change to the current format of DNS packets. LLMNR makes no change to the current format of DNS packets.
Link-Local Multicast Name Resolution queries are sent to and received on LLMNR queries are sent to and received on port 5353 using a LINKLOCAL
port 5353 using a LINKLOCAL address as specified in "Administratively address as specified in "Administratively Scoped IP Multicast" [RFC2365]
Scoped IP Multicast" [RFC2365] for IPv4 and the "solicited name" for IPv4 and the "solicited name" LINKLOCAL multicast addresses for
LINKLOCAL multicast addresses for IPv6, and using a unicast addresses in IPv6, and using a unicast addresses in a few scenarios described below
a few scenarios described below in Section 3. The LLMNR LINKLOCAL in Section 3. The LLMNR LINKLOCAL address to be used for IPv4 is
address to be used for IPv4 is 224.0.0.251. LINKLOCAL addresses are 224.0.0.251. LINKLOCAL addresses are used to prevent propagation of
used to prevent propagation of LLMNR traffic across routers, potentially LLMNR traffic across routers, potentially flooding the network.
flooding the network.
Propagation of LLMNR packets on the local link is considered sufficient Propagation of LLMNR packets on the local link is considered sufficient
to enable name resolution in small adhoc networks. The assumption is to enable name resolution in small networks. The assumption is that if a
that if a network has a router, then the network either has a DNS server network has a home gateway, then the network either has a DNS server or
or the router can function as a DNS proxy. the home gateway can function as a DNS proxy. By implementing DHCPv4 as
well as a DNS proxy and dynamic DNS, home gateways can provide name
By implementing DHCPv4 as well as a DNS proxy and dynamic DNS, routers resolution for the names of IPv4 hosts on the local network.
can provide name resolution for the names of IPv4 hosts on the local
network. Where the DNS proxy supports AAAA RRs, resolution for the names
of dual stack IPv6 hosts on the local network can also be provided using
this mechanism.
Within small adhoc IPv6 networks, stateful autoconfiguration is the most For small IPv6 networks, equivalent functionality can be provided by a
likely configuration mechanism. If DHCPv6 is not present, then in order home gateway implementing DHCPv6 for DNS configuration [DHCPv6DNS], as
to support resolution of names of IPv6-only hosts on the local network, well as a DNS proxy supporting AAAA RRs and dynamic DNS, providing name
the DNS proxy will need to support dynamic client update as well as DNS resolution for the names of IPv6 hosts on the local network.
over IPv6.
Given the above mechanisms enabling DNS name resolution in small This should be adequate as long as home gateways implementing DNS
networks with a router, it is assumed that LLMNR need not be enabled by configuration also support dynamic DNS in some form. If the home
default. gateway only supports DNS discovery [DNSDisc] but not DHCPv6 DNS
configuration [DHCPv6DNS] or dynamic client update, then resolution of
the names of IPv6 hosts on the local link will not be possible. Since
IPv6 DNS discovery will configure the DNS server address, LLMNR will not
be enabled by default. Yet without gateway support for client dynamic
update or DHCPv6, dynamic DNS will not be enabled.
In the future, LLMNR may be defined to support greater than LINKLOCAL In the future, LLMNR may be defined to support greater than LINKLOCAL
multicast scope. This would occur if LLMNR deployment is successful, multicast scope. This would occur if LLMNR deployment is successful,
the assumption that LLMNR is not needed on multiple links proves the assumption that LLMNR is not needed on multiple links proves
incorrect, and multicast routing becomes ubiquitous. For example, it is incorrect, and multicast routing becomes ubiquitous. For example, it is
not clear that this assumption will be valid in large adhoc networking not clear that this assumption will be valid in large adhoc networking
scenarios. scenarios.
Once we have experience in LLMNR deployment in terms of administrative Once we have experience in LLMNR deployment in terms of administrative
issues, usability and impact on the network it will be possible issues, usability and impact on the network it will be possible
reevaluate which multicast scopes are appropriate for use with LLMNR. reevaluate which multicast scopes are appropriate for use with multicast
name resolution mechanisms.
2.1. Behavior of the sender and responder 2.1. Behavior of the sender and responder
For the purpose of this document a host that sends a LLMNR query is For the purpose of this document a host that sends a LLMNR query is
called a "sender", while a host that listens to (but not necessarily called a "sender", while a host that listens to (but not necessarily
responds to) a LLMNR query is called "responder". Although the same responds to) a LLMNR query is called "responder". Although the same host
host may be configured as a "sender", but not a "responder" and vice may be configured as a "sender", but not a "responder" and vice versa,
versa, i.e. as a "responder", but not a "sender", the host configured as i.e. as a "responder", but not a "sender", the host configured as a
a "responder" MUST act as a sender by using LLMNR dynamic update "responder" MUST act as a sender by using LLMNR dynamic update requests
requests to verify the uniqueness of names as described in Section 5. to verify the uniqueness of names as described in Section 5.
2.1.1. Behavior of senders 2.1.1. Behavior of senders
A sender sends an LLMNR query for any legal Type of resource record A sender sends an LLMNR query for any legal Type of resource record
(e.g. A, PTR, etc.) to the LINKLOCAL address. Notice that in some (e.g. A, PTR, etc.) to the LINKLOCAL address. Notice that in some
scenarios described below in Section 3 a sender may also send a unicast scenarios described below in Section 3 a sender may also send a unicast
query. The RD (Recursion Desired) bit MUST NOT be set. If a responder query. The RD (Recursion Desired) bit MUST NOT be set. If a responder
receives a query with the header containing RD set bit, the responder receives a query with the header containing RD set bit, the responder
MUST ignore the RD bit. MUST ignore the RD bit.
skipping to change at page 4, line 41 skipping to change at page 5, line 19
appended to the prefix FF02:0:0:0:0:2::/96 to yield the 128-bit appended to the prefix FF02:0:0:0:0:2::/96 to yield the 128-bit
"solicited name multicast address". (Note: this procedure is intended "solicited name multicast address". (Note: this procedure is intended
to be the same as that specified in section 3 of "IPv6 Node Information to be the same as that specified in section 3 of "IPv6 Node Information
Queries" [NodeInfo]). A responder that listens for queries for multiple Queries" [NodeInfo]). A responder that listens for queries for multiple
names will necessarily listen to multiple of these solicited name names will necessarily listen to multiple of these solicited name
multicast addresses. multicast addresses.
If the LLMNR query is not resolved during a limited amount of time If the LLMNR query is not resolved during a limited amount of time
(LLMNR_TIMEOUT), then a sender MAY repeat the transmission of a query in (LLMNR_TIMEOUT), then a sender MAY repeat the transmission of a query in
order to assure themselves that the query has been received by a host order to assure themselves that the query has been received by a host
capable of responding to the query. capable of responding to the query. The default value for LLMNR_TIMEOUT
is 1 second.
Repetition MUST NOT be attempted more than 3 times and SHOULD NOT be Repetition MUST NOT be attempted more than 3 times and SHOULD NOT be
repeated more often than once per second to reduce unnecessary network repeated more often than once per second to reduce unnecessary network
traffic. The delay between attempts should be randomized so as to avoid traffic. The delay between attempts should be randomized so as to avoid
synchronization effects. synchronization effects.
2.1.2. Behavior of responders 2.1.2. Behavior of responders
A responder listens on port 5353 on the LINKLOCAL address and on the A responder listens on port 5353 on the LINKLOCAL address and on the
unicast address(es) that could be set as the source address(es) when the unicast address(es) that could be set as the source address(es) when the
responder responds to the LLMNR query. Responders MUST respond to responder responds to the LLMNR query. Responders MUST respond to LLMNR
queries to those and only those names for which they are authoritative.
LLMNR queries to those and only those names for which they are As an example, computer "host.example.com." is authoritative for the
authoritative. As an example, computer "host.example.com." is domain "host.example.com.". On receiving a LLMNR A record query for the
authoritative for the domain "host.example.com.". On receiving a LLMNR A name "host.example.com." such a host responds with A record(s) that
record query for the name "host.example.com." such a host responds with contain IP address(es) in the RDATA of the record.
A record(s) that contain IP address(es) in the RDATA of the record.
In conventional DNS terminology a DNS server authoritative for a zone is In conventional DNS terminology a DNS server authoritative for a zone is
authoritative for all the domain names under the zone root except for authoritative for all the domain names under the zone root except for
the branches delegated into separate zones. Contrary to conventional DNS the branches delegated into separate zones. Contrary to conventional DNS
terminology, a responder is authoritative only for the zone root. For terminology, a responder is authoritative only for the zone root. For
example the host "host.example.com." is not authoritative for the name example the host "host.example.com." is not authoritative for the name
"child.host.example.com." unless the host is configured with multiple "child.host.example.com." unless the host is configured with multiple
names, including "host.example.com." and "child.host.example.com.". The names, including "host.example.com." and "child.host.example.com.". The
purpose of limiting the name authority scope of a responder is to purpose of limiting the name authority scope of a responder is to
prevent complications that could be caused by coexistence of two or more prevent complications that could be caused by coexistence of two or more
hosts with the names representing child and parent (or grandparent) hosts with the names representing child and parent (or grandparent)
nodes in the DNS tree, for example, "host.example.com." and nodes in the DNS tree, for example, "host.example.com." and
"child.host.example.com.". "child.host.example.com.".
In this example (unless this limitation is introduced) a LLMNR query In this example (unless this limitation is introduced) a LLMNR query for
for an A record for the name "child.host.example.com." would result in an A record for the name "child.host.example.com." would result in two
two authoritative responses: name error received from
"host.example.com.", and a requested A record - from
"child.host.example.com.". To prevent this ambiguity, LLMNR enabled
hosts could perform a dynamic update of the parent (or grandparent) zone
with a delegation to a child zone. In this example a host
"child.host.example.com." would send a dynamic update for the NS and
glue A record to "host.example.com.", but this approach significantly
complicates implementation of LLMNR and would not be acceptable
for lightweight hosts.
A response to a LLMNR query is composed in exactly the same manner authoritative responses: name error received from "host.example.com.",
as a response to the unicast DNS query as specified in [RFC1035]. and a requested A record - from "child.host.example.com.". To prevent
Responders MUST never respond using cached data, and the AA this ambiguity, LLMNR enabled hosts could perform a dynamic update of
(Authoritative Answer) bit MUST be set. The response is sent to the the parent (or grandparent) zone with a delegation to a child zone. In
sender via unicast. A response to an LLMNR query MUST have RCODE set to this example a host "child.host.example.com." would send a dynamic
zero. Responses with RCODE set to zero are referred to in this document update for the NS and glue A record to "host.example.com.", but this
as "positively resolved". LLMNR responders may respond only to queries approach significantly complicates implementation of LLMNR and would not
which they can resolve positively. be acceptable for lightweight hosts.
A response to a LLMNR query is composed in exactly the same manner as a
response to the unicast DNS query as specified in [RFC1035]. Responders
MUST never respond using cached data, and the AA (Authoritative Answer)
bit MUST be set. The response is sent to the sender via unicast. A
response to an LLMNR query MUST have RCODE set to zero. Responses with
RCODE set to zero are referred to in this document as "positively
resolved". LLMNR responders may respond only to queries which they can
resolve positively.
If a TC (truncation) bit is set in the response, then the sender MAY use If a TC (truncation) bit is set in the response, then the sender MAY use
the response if it contains all necessary information, or the sender MAY the response if it contains all necessary information, or the sender MAY
discard the response and resend the query over TCP or using EDNS0 with discard the response and resend the query over TCP or using EDNS0 with
larger window using the unicast address of the responder. The RA larger window using the unicast address of the responder. The RA
(Recursion Available) bit in the header of the response MUST NOT be set. (Recursion Available) bit in the header of the response MUST NOT be set.
Even if the RA bit is set in the response header, the sender MUST ignore Even if the RA bit is set in the response header, the sender MUST ignore
it. it.
2.1.3. LLMNR addressing 2.1.3. LLMNR addressing
skipping to change at page 6, line 43 skipping to change at page 7, line 20
necessary when caching an RRset, all TTLs in an RRset MUST be set to the necessary when caching an RRset, all TTLs in an RRset MUST be set to the
same value. In the additional and authority section of the response the same value. In the additional and authority section of the response the
responder includes the same records as a DNS server would insert in the responder includes the same records as a DNS server would insert in the
response to the unicast DNS query. response to the unicast DNS query.
2.1.5. No/multiple responses 2.1.5. No/multiple responses
The sender MUST anticipate receiving no replies to some LLMNR queries, The sender MUST anticipate receiving no replies to some LLMNR queries,
in the event that no responders are available within the linklocal in the event that no responders are available within the linklocal
multicast scope, or in the event that no positive non-null responses multicast scope, or in the event that no positive non-null responses
exist for the transmitted query. If no positive response is received, exist for the transmitted query. If no positive response is received, a
a resolver treats it as a response that no records of the specified resolver treats it as a response that no records of the specified type
type and class for the specified name exist (NXRRSET). and class for the specified name exist (NXRRSET).
The sender MUST anticipate receiving multiple replies to the same LLMNR The sender MUST anticipate receiving multiple replies to the same LLMNR
query, in the event that several LLMNR enabled computers receive the query, in the event that several LLMNR enabled computers receive the
query and respond with valid answers. When this occurs, the responses query and respond with valid answers. When this occurs, the responses
MAY first be concatenated, and then treated in the same manner that MAY first be concatenated, and then treated in the same manner that
multiple RRs received from the same DNS server would, ordinarily. multiple RRs received from the same DNS server would, ordinarily.
However, after receiving an initial response, the sender is not required However, after receiving an initial response, the sender is not required
to wait for LLMNR_TIMEOUT for additional responses. to wait for LLMNR_TIMEOUT for additional responses.
3. Usage model 3. Usage model
Although the same host may be configured as a "sender", but not a The same host may be configured as a "sender", but not a "responder" and
"responder" and vice versa, i.e. as a "responder", but not "sender", the vice versa (as a "responder", but not "sender"). However, the host
host configured as a "responder" MUST at least use "sender"'s capability configured as a "responder" MUST at least use "sender"'s capability to
to send LLMNR dynamic update requests to verify the uniqueness of the send LLMNR dynamic update requests to verify the uniqueness of the names
names as it is described in Section 5. An LLMNR "sender" MAY multicast as described in Section 5. An LLMNR "sender" MAY multicast requests for
requests for any name. If that name is not qualified and does not end in any name. If that name is not qualified and does not end in a trailing
a trailing dot, for the purposes of LLMNR, the implicit search order is dot, for the purposes of LLMNR, the implicit search order is as follows:
as follows:
[1] Request the name with the current domain appended. [1] Request the name with the current domain appended.
[2] Request just the name. [2] Request just the name.
This is the behavior suggested by [RFC1536]. LLMNR uses this technique This is the behavior suggested by [RFC1536]. LLMNR uses this technique
to resolve unqualified host names. to resolve unqualified host names.
If a DNS server is running on a host that supports LLMNR, the DNS server If a DNS server is running on a host that supports LLMNR, the DNS server
MUST respond to LLMNR queries only for the RRSets owned by the host on MUST respond to LLMNR queries only for the RRSets owned by the host on
which the server is running, but MUST NOT respond for the records for which the server is running, but MUST NOT respond for the records for
which the server is authoritative. which the server is authoritative.
skipping to change at page 7, line 48 skipping to change at page 8, line 26
example, when a responder with the name "host.example.com." receives an example, when a responder with the name "host.example.com." receives an
A type LLMNR query for the name "host.example.com." it authoritatively A type LLMNR query for the name "host.example.com." it authoritatively
responds to the query. responds to the query.
The same host MAY use LLMNR queries for the resolution of the local The same host MAY use LLMNR queries for the resolution of the local
names, and conventional DNS queries for resolution of other DNS names. names, and conventional DNS queries for resolution of other DNS names.
3.1. LLMNR configuration 3.1. LLMNR configuration
LLMNR usage can be configured manually or automatically. On interfaces LLMNR usage can be configured manually or automatically. On interfaces
where no manual or automatic configuration has been performed for a where no manual or automatic DNS configuration has been performed for a
given protocol (IPv4 or IPv6), LLMNR SHOULD be enabled by default for given protocol (IPv4 or IPv6), LLMNR SHOULD be enabled for that
that protocol. protocol.
For IPv6, the stateless DNS discovery mechanisms described in "IPv6 For IPv6, the stateless DNS discovery mechanisms described in "IPv6
Stateless DNS Discovery" [DNSDisc] can be used to discover whether Stateless DNS Discovery" [DNSDisc] or "Using DHCPv6 for DNS
Configuration in Hosts" [DHCPv6DNS] can be used to discover whether
LLMNR should be enabled or disabled on a per-interface basis. LLMNR should be enabled or disabled on a per-interface basis.
Where DHCPv4 or DHCPv6 is implemented, DHCP options can be used to Where DHCPv4 or DHCPv6 is implemented, DHCP options can be used to
configure LLMNR on an interface. The LLMNR Enable Option, described in configure LLMNR on an interface. The LLMNR Enable Option, described in
[mDNSEnable], can be used to explicitly enable or disable use of LLMNR [LLMNREnable], can be used to explicitly enable or disable use of LLMNR
on an interface. The LLMNR Enable Option does not determine whether or on an interface. The LLMNR Enable Option does not determine whether or
in which order DNS itself is used for name resolution. The order in in which order DNS itself is used for name resolution. The order in
which various name resolution mechanisms should be used can be specified which various name resolution mechanisms should be used can be specified
using the Name Service Search Option for DHCP, [RFC2937]. using the Name Service Search Option for DHCP, [RFC2937].
Note that it is possible for LLMNR to be enabled for use with IPv6 at Note that it is possible for LLMNR to be enabled for use with IPv6 at
the same time it is disabled for IPv4, and vice versa. For example, the same time it is disabled for IPv4, and vice versa. For example, a
where a home gateway implements a DNS proxy and DHCPv4, but not DHCPv6 home gateway may implement a DNS proxy and DHCPv4, but not DHCPv6 for
or DNS autoconfiguration, there may be no mechanism for allowing DNS configuration [DHCPv6DNS] or stateless DNS discovery [DNSDisc]. In
IPv6-only hosts to resolve the names of other IPv6-only hosts on the such a circumstance, IPv6 hosts will not be configured with a DNS
home network. In this situation, LLMNR is useful for resolution of server. Where DHCPv6 is not supported, it will not be possible for the
dynamic names, and it will be enabled for use with IPv6, even though it DNS proxy within the home gateway to dynamically register names learned
is disabled for use with IPv4. via DHCPv6. As a result, unless the DNS proxy supports client update, it
will not be able to respond to AAAA RR queries for local names sent over
IPv4 or IPv6, preventing IPv6 hosts from resolving the names of other
IPv6 hosts on the local link. In this situation, LLMNR enables
resolution of dynamic names, and it will be enabled for use with IPv6,
even though it is disabled for use with IPv4.
4. Sequence of events 4. Sequence of events
The sequence of events for LLMNR usage is as follows: The sequence of events for LLMNR usage is as follows:
1. If a sender needs to resolve a query for a name "host.example.com", 1. If a sender needs to resolve a query for a name "host.example.com",
then it sends a LLMNR query to the LINKLOCAL multicast address. then it sends a LLMNR query to the LINKLOCAL multicast address.
2. A responder responds to this query only if it is authoritative 2. A responder responds to this query only if it is authoritative
for the domain name "host.example.com". The responder sends for the domain name "host.example.com". The responder sends
skipping to change at page 9, line 5 skipping to change at page 9, line 44
submitted are referred as UNIQUE throughout this document. The submitted are referred as UNIQUE throughout this document. The
uniqueness of a resource record depends on a nature of the name in the uniqueness of a resource record depends on a nature of the name in the
query and type of the query. For example it is expected that: query and type of the query. For example it is expected that:
- multiple hosts may respond to a query for a SRV type record - multiple hosts may respond to a query for a SRV type record
- multiple hosts may respond to a query for an A type record for a - multiple hosts may respond to a query for an A type record for a
cluster name (assigned to multiple hosts in the cluster) cluster name (assigned to multiple hosts in the cluster)
- only a single host may respond to a query for an A type record for - only a single host may respond to a query for an A type record for
a hostname. a hostname.
Every responder that responds to a LLMNR Every responder that responds to a LLMNR query and/or dynamic update
query and/or dynamic update request AND includes a UNIQUE record in the request AND includes a UNIQUE record in the response:
response:
1. MUST verify that there is no other host within the scope of the 1. MUST verify that there is no other host within the scope of the
LLMNR query propagation that can return a resource record LLMNR query propagation that can return a resource record
for the same name, type and class. for the same name, type and class.
2. MUST NOT include a UNIQUE resource record in the 2. MUST NOT include a UNIQUE resource record in the
response without having verified its uniqueness. response without having verified its uniqueness.
Where a host is configured to respond to LLMNR queries on more than one Where a host is configured to respond to LLMNR queries on more than one
interface, the host MUST verify resource record uniqueness on each interface, the host MUST verify resource record uniqueness on each
interface for each UNIQUE resource record that could be used on that interface for each UNIQUE resource record that could be used on that
skipping to change at page 10, line 9 skipping to change at page 10, line 52
When a host that owns a UNIQUE record receives a dynamic update request When a host that owns a UNIQUE record receives a dynamic update request
that requests that the UNIQUE resource record set does not exist, the that requests that the UNIQUE resource record set does not exist, the
host MUST respond via unicast with the YXRRSET error, according to the host MUST respond via unicast with the YXRRSET error, according to the
rules described in Section 3 of [RFC2136]. rules described in Section 3 of [RFC2136].
After the client receives an YXRRSET response to its dynamic update After the client receives an YXRRSET response to its dynamic update
request stating that a UNIQUE resource record does not exist, the host request stating that a UNIQUE resource record does not exist, the host
MUST check whether the response arrived on another interface. If this is MUST check whether the response arrived on another interface. If this is
the case, then the client can use the UNIQUE resource record in response the case, then the client can use the UNIQUE resource record in response
to LLMNR queries and dynamic update requests. If not, then it MUST to LLMNR queries and dynamic update requests. If not, then it MUST NOT
NOT use the UNIQUE resource record in response to LLMNR
queries and dynamic update requests. use the UNIQUE resource record in response to LLMNR queries and dynamic
update requests.
Note that this name conflict detection mechanism doesn't prevent name Note that this name conflict detection mechanism doesn't prevent name
conflicts when previously partitioned segments are connected by a conflicts when previously partitioned segments are connected by a
bridge. In such a situation, name conflicts are detected when a sender bridge. In such a situation, name conflicts are detected when a sender
receives more than one response to its LLMNR query. In this case, the receives more than one response to its LLMNR query. In this case, the
sender sends the first response that it received to all responders that sender sends the first response that it received to all responders that
responded to this query except the first one, using unicast. A host that responded to this query except the first one, using unicast. A host that
receives a query response containing a UNIQUE resource record that it receives a query response containing a UNIQUE resource record that it
owns, even if it didn't send such a query, MUST verify that no other owns, even if it didn't send such a query, MUST verify that no other
host within the LLMNR scope is authoritative for the same name, using host within the LLMNR scope is authoritative for the same name, using
skipping to change at page 12, line 21 skipping to change at page 13, line 21
multiple addrinfo structures, each with an associated sockaddr_in6 multiple addrinfo structures, each with an associated sockaddr_in6
structure. This list will thus contain the IPv4 and IPv6 addresses of structure. This list will thus contain the IPv4 and IPv6 addresses of
both hosts responding to the name 'A'. Link-local addresses will have a both hosts responding to the name 'A'. Link-local addresses will have a
sin6_scope_id value that disambiguates which interface is used to reach sin6_scope_id value that disambiguates which interface is used to reach
the address. Of course, to the application, Figures 2 and 3 are still the address. Of course, to the application, Figures 2 and 3 are still
indistinguishable, but this API allows the application to communicate indistinguishable, but this API allows the application to communicate
successfully with any address in the list. successfully with any address in the list.
6. Security Considerations 6. Security Considerations
This draft does not prescribe a means of securing the LLMNR mechanism. LLMNR is by nature a peer to peer name resolution protocol, for use in
It is possible that hosts will allocate conflicting names for a period situations when a DNS server is not configured. It is therefore
of time, or that non-conforming hosts will attempt to deny service to inherently more vulnerable than DNS, since existing DNS security
other hosts by allocating the same name. Such attacks also allow nodes mechanisms are difficult to apply to LLMNR and an attacker only needs to
to receive packets destined for other nodes. The protocol reduces the be misconfigured to answer an LLMNR query with incorrect information.
exposure to such threats in the absence of authentication by ignoring
LLMNR query response packets received from off-link senders. In order to address the security vulnerabilities, the following
mechanisms are contemplated:
[1] Scope restrictions.
[2] Usage restrictions.
[3] Cache and port separation.
[4] Authentication.
These techniques are described in the following sections.
6.1. Scope restriction
With LLMNR it is possible that hosts will allocate conflicting names for
a period of time, or that attackers will attempt to deny service to
other hosts by allocating the same name. Such attacks also allow hosts
to receive packets destined for other hosts.
In the absence of authentication, LLMNR reduces the exposure to such
threats by ignoring LLMNR query response packets received from off-link
senders. In all received responses, the Hop Limit field in IPv6 and the
TTL field in IPv4 are verified to contain 255, the maximum legal value.
Since routers decrement the Hop Limit on all packets they forward,
received packets containing a Hop Limit of 255 must have originated from
a neighbor.
While restricting ignoring packets received from off-link senders
reduces the level of vulnerability, it does not eliminate it. There are
scenarios such as public "hotspots" where attackers can be present on
the same link. These threats are most serious in wireless networks such
as 802.11, since attackers on a wired network will require physical
access to the home network, while wireless attackers may reside outside
the home. Link-layer security can be of assistance against these
threats if it is available.
6.2. Usage restriction
As noted in Section 3.1, LLMNR is intended for usage in scenarios where
a DNS server is not configured. If an interface has been configured for
a given protocol via any automatic configuration mechanism which is able
to supply DNS configuration information, then LLMNR SHOULD NOT be used
on that interface for that protocol unless it has been explicitly
enabled, whether via that mechanism or any other. This ensures that
upgraded hosts do not change their default behavior, without requiring
the source of the configuration information to be simultaneously
updated. This implies that on the interface, the host will neither
listen on the LINKLOCAL multicast address, nor will it send queries to
that address.
Violation of this guideline can significantly increases security
vulnerabilities. For example, if an LLMNR query were to be sent
whenever a DNS server did not respond in a timely way, then an attacker
could execute a denial of service attack on the DNS server(s) and then
poison the LLMNR cache by responding to the resulting LLMNR queries with
incorrect information.
The vulnerability would be even greater if LLMNR is given higher
priority than DNS among the enabled name resolution mechanisms. In such
a configuration, a denial of service attack on the DNS server would not
be necessary in order to poison the LLMNR cache, since LLMNR queries
would be sent even when the DNS server is available. In addition, the
LLMNR cache, once poisoned, would take precedence over the DNS cache,
eliminating the benefits of cache separation.
As a result, LLMNR is best thought of as a name resolution mechanism of
last resort, useful only in situations where a DNS server is not
configured. Where resilience against DNS server failure is desired,
configuration of additional DNS servers or DNS server clustering is
recommended; LLMNR is not an appropriate "failsafe" mechanism.
6.3. Cache and port separation
In order to prevent responses to LLMNR queries from polluting the DNS In order to prevent responses to LLMNR queries from polluting the DNS
cache, LLMNR implementations MUST use a distinct, isolated cache for cache, LLMNR implementations MUST use a distinct, isolated cache for
LLMNR. LLMNR. The use of separate caches is most effective when LLMNR is used
as a name resolution mechanism of last resort, since the this minimizes
In all received responses, the Hop Limit field in IPv6 and the TTL field the opportunities for poisoning the LLMNR cache, and decreases reliance
in IPv4 are verified to contain 255, the maximum legal value. Since on it.
routers decrement the Hop Limit on all packets they forward, received
packets containing a Hop Limit of 255 must have originated from a
neighbor.
These threats are most serious in wireless networks such as 802.11, LLMNR operates on a separate port (5353) from DNS, reducing the
since attackers on a wired network will require physical access to the likelihood that a DNS server will unintentionally respond to an LLMNR
home network, while wireless attackers may reside outside the home. query.
Link-layer security will serve to secure LLMNR against the above threats
if it is available. For example, where 802.11 "Wired Equivalency
Privacy" (WEP) [IEEE80211] is implemented, a casual attacker is likely
to be deterred from gaining access to the home network.
The mechanism specified in this draft does not require use of DNSSEC. 6.4. Authentication
As a result, responses to LLMNR queries MAY NOT be authenticated. If
authentication is desired, and a pre-arranged security configuration is
possible, then IPsec ESP with a null-transform MAY be used to
authenticate LLMNR responses. In a small network without a certificate
authority, this can be most easily accomplished through configuration of
a group pre-shared key for trusted hosts. LLMNR does not require use of DNSSEC, and as a result, responses to
LLMNR queries MAY NOT be authenticated. If authentication is desired,
and a pre-arranged security configuration is possible, then IPsec ESP
with a null-transform MAY be used to authenticate LLMNR responses. In a
small network without a certificate authority, this can be most easily
accomplished through configuration of a group pre-shared key for trusted
hosts.
7. IANA Considerations 7. IANA Considerations
This specification does not create any new name spaces for IANA This specification does not create any new name spaces for IANA
administration. Since it uses a port (5353) and link scope multicast administration. Since it uses a port (5353) and link scope multicast
IPv4 address (224.0.0.251) previously allocated for use with LLMNR, no IPv4 address (224.0.0.251) previously allocated for use with LLMNR, no
additional IANA allocations are required. additional IANA allocations are required.
8. Normative References 8. Normative References
[RFC1035] Mockapetris, P., "Domain Names - Implementation and [RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", RFC 1035, November 1987. Specification", RFC 1035, November 1987.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2136] Vixie, P., Thomson, S., Rekhter, Y., Bound, J., "Dynamic [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., Bound, J., "Dynamic
Updates in the Domain Name System (DNS UPDATE)", RFC Updates in the Domain Name System (DNS UPDATE)", RFC
2136, April 1997. 2136, April 1997.
[RFC2365] Meyer, D., "Administratively Scoped IP Multicast", BCP [RFC2365] Meyer, D., "Administratively Scoped IP Multicast", BCP
23, RFC 2365, July 1998. 23, RFC 2365, July 1998.
[RFC2373] Hinden, R., Deering, S., "IP Version 6 Addressing [RFC2373] Hinden, R., Deering, S., "IP Version 6 Addressing
Architecture", RFC 2373, July 1998. Architecture", RFC 2373, July 1998.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2535] Eastlake, D., "Domain Name System Security Extensions", [RFC2535] Eastlake, D., "Domain Name System Security Extensions",
RFC 2535, March 1999. RFC 2535, March 1999.
[RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC
2937, September 2000.
[IPV4Link] Cheshire, S., Aboba, B., "Dynamic Configuration of IPv4 [IPV4Link] Cheshire, S., Aboba, B., "Dynamic Configuration of IPv4
Link-Local Addresses", Internet draft (work in progress), Link-Local Addresses", Internet draft (work in progress),
draft-ietf-zeroconf-ipv4-linklocal-05.txt, November 2001. draft-ietf-zeroconf-ipv4-linklocal-05.txt, November 2001.
[mDNSEnable] Guttman, E., "DHCP mDNS Enable Option", Internet [LLMNREnable] Guttman, E., "DHCP LLMNR Enable Option", Internet draft
draft (work in progress), draft-guttman-mdns- (work in progress), draft-guttman-mdns-enable-02.txt,
enable-01.txt, July 2001. April 2002.
9. Informative References 9. Informative References
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.
[RFC1536] Kumar, A., et. al. "DNS Implementation Errors and [RFC1536] Kumar, A., et. al. "DNS Implementation Errors and
Suggested Fixes", RFC 1536, October 1993. Suggested Fixes", RFC 1536, October 1993.
[RFC2292] Stevens, W., Thomas, M., "Advanced Sockets API for IPv6", [RFC2292] Stevens, W., Thomas, M., "Advanced Sockets API for IPv6",
RFC 2292, February 1998. RFC 2292, February 1998.
[RFC2434] Alvestrand, H. and T. Narten, "Guidelines for Writing an [RFC2434] Alvestrand, H. and T. Narten, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434, IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998. October 1998.
[RFC2553] Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic [RFC2553] Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic
Socket Interface Extensions for IPv6", RFC 2553, March Socket Interface Extensions for IPv6", RFC 2553, March
1999. 1999.
[IEEE80211] Information technology - Telecommunications and [RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC
information exchange between systems - Local and 2937, September 2000.
metropolitan area networks - Specific Requirements Part
11: Wireless LAN Medium Access Control (MAC) and [DHCPv6DNS] Droms, R., Narten, T., and Aboba, B. "Using DHCPv6 for
Physical Layer (PHY) Specifications, IEEE Std. DNS Configuration in Hosts", draft-droms-dnsconfig-
802.11-1997, 1997. dhcpv6-01.txt, Internet draft (work in progress), March
2002.
[DNSDisc] Thaler, D., Hagino, I., "IPv6 Stateless DNS Discovery", [DNSDisc] Thaler, D., Hagino, I., "IPv6 Stateless DNS Discovery",
Internet draft (work in progress), draft-ietf-ipngwg-dns- Internet draft (work in progress), draft-ietf-ipngwg-dns-
discovery-02.txt, July 2001. discovery-03.txt, November 2001.
[NodeInfo] Crawford, Matt, "IPv6 Node Information Queries", Internet [NodeInfo] Crawford, Matt, "IPv6 Node Information Queries", Internet
draft (work in progress), draft-ietf-ipn-gwg-icmp-name- draft (work in progress), draft-ietf-ipn-gwg-icmp-name-
lookups-07.txt, August 2000. lookups-08.txt, July 2001.
Acknowledgments Acknowledgments
This work builds upon original work done on multicast DNS by Bill This work builds upon original work done on multicast DNS by Bill
Manning and Bill Woodcock. Bill Manning's work was funded under DARPA Manning and Bill Woodcock. Bill Manning's work was funded under DARPA
grant #F30602-99-1-0523. The authors gratefully acknowledge their grant #F30602-99-1-0523. The authors gratefully acknowledge their
contribution to the current specification. Constructive input has also contribution to the current specification. Constructive input has also
been received from Mark Andrews, Stuart Cheshire, Robert Elz, Rob been received from Mark Andrews, Stuart Cheshire, Robert Elz, Rob
Austein, James Gilroy, Olafur Gudmundsson, Erik Guttman, Myron Hattig, Austein, James Gilroy, Olafur Gudmundsson, Erik Guttman, Myron Hattig,
Thomas Narten, Erik Nordmark, Sander Van-Valkenburg, Tomohide Thomas Narten, Erik Nordmark, Sander Van-Valkenburg, Tomohide Nagashima
Nagashima and Brian Zill. and Brian Zill.
Authors' Addresses Authors' Addresses
Levon Esibov Levon Esibov
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052 Redmond, WA 98052
EMail: levone@microsoft.com EMail: levone@microsoft.com
skipping to change at page 15, line 45 skipping to change at page 18, line 29
IETF Secretariat. IETF Secretariat.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary rights copyrights, patents or patent applications, or other proprietary rights
which may cover technology that may be required to practice this which may cover technology that may be required to practice this
standard. Please address the information to the IETF Executive standard. Please address the information to the IETF Executive
Director. Director.
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind, distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included provided that the above copyright notice and this paragraph are included
on all such copies and derivative works. However, this document itself on all such copies and derivative works. However, this document itself
may not be modified in any way, such as by removing the copyright notice may not be modified in any way, such as by removing the copyright notice
or references to the Internet Society or other Internet organizations, or references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into Standards process must be followed, or as required to translate it into
languages other than English. The limited permissions granted above are languages other than English. The limited permissions granted above are
perpetual and will not be revoked by the Internet Society or its perpetual and will not be revoked by the Internet Society or its
successors or assigns. This document and the information contained successors or assigns. This document and the information contained
herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
skipping to change at page 16, line 20 skipping to change at page 19, line 7
perpetual and will not be revoked by the Internet Society or its perpetual and will not be revoked by the Internet Society or its
successors or assigns. This document and the information contained successors or assigns. This document and the information contained
herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
Expiration Date Expiration Date
This memo is filed as <draft-ietf-dnsext-mdns-09.txt>, and expires This memo is filed as <draft-ietf-dnsext-mdns-10.txt>, and expires
August 21, 2002. October 22, 2002.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/