draft-ietf-dnsext-mdns-15.txt   draft-ietf-dnsext-mdns-16.txt 
DNSEXT Working Group Levon Esibov DNSEXT Working Group Levon Esibov
INTERNET-DRAFT Bernard Aboba INTERNET-DRAFT Bernard Aboba
Category: Standards Track Dave Thaler Category: Standards Track Dave Thaler
<draft-ietf-dnsext-mdns-15.txt> Microsoft <draft-ietf-dnsext-mdns-16.txt> Microsoft
2 April 2003 10 April 2003
Linklocal Multicast Name Resolution (LLMNR) Linklocal Multicast Name Resolution (LLMNR)
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC 2026. provisions of Section 10 of RFC 2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts. may also distribute working documents as Internet-Drafts.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract Abstract
Today, with the rise of home networking, there are an increasing number Today, with the rise of home networking, there are an increasing number
of ad-hoc networks operating without a DNS server. In order to allow of ad-hoc networks operating without a Domain Name Service (DNS) server.
name resolution in such environments, Link-Local Multicast Name In order to allow name resolution in such environments, Link-Local
Resolution (LLMNR) is proposed. LLMNR supports all current and future Multicast Name Resolution (LLMNR) is proposed. LLMNR supports all
DNS formats, types and classes, while operating on a separate port from current and future DNS formats, types and classes, while operating on a
DNS, and with a distinct resolver cache. separate port from DNS, and with a distinct resolver cache.
Table of Contents Table of Contents
1. Introduction .......................................... 3 1. Introduction .......................................... 3
1.1 Requirements .................................... 4 1.1 Requirements .................................... 4
1.2 Terminology ..................................... 4 1.2 Terminology ..................................... 4
2. Name resolution using LLMNR ........................... 4 2. Name resolution using LLMNR ........................... 4
2.1 Sender behavior ................................. 5 2.1 Sender behavior ................................. 5
2.2 Responder behavior .............................. 5 2.2 Responder behavior .............................. 5
2.3 Unicast queries ................................. 6 2.3 Unicast queries ................................. 6
2.4 Addressing ...................................... 7 2.4 Addressing ...................................... 7
2.5 Off-link detection .............................. 7 2.5 Off-link detection .............................. 7
2.6 Retransmissions ................................. 8 2.6 Retransmissions ................................. 8
2.7 DNS TTL ......................................... 8 2.7 DNS TTL ......................................... 8
3. Usage model ........................................... 8 3. Usage model ........................................... 8
3.1 Unqualified names ............................... 9 3.1 Unqualified names ............................... 10
3.2 LLMNR configuration ............................. 10 3.2 LLMNR configuration ............................. 10
4. Conflict resolution ................................... 11 4. Conflict resolution ................................... 11
4.1 Considerations for multiple interfaces .......... 13 4.1 Considerations for multiple interfaces .......... 13
4.2 API issues ...................................... 14 4.2 API issues ...................................... 15
5. Security considerations ............................... 15 5. Security considerations ............................... 15
5.1 Scope restriction ............................... 15 5.1 Scope restriction ............................... 15
5.2 Usage restriction ............................... 16 5.2 Usage restriction ............................... 16
5.3 Cache and port separation ....................... 16 5.3 Cache and port separation ....................... 16
5.4 Authentication .................................. 17 5.4 Authentication .................................. 17
6. IANA considerations ................................... 17 6. IANA considerations ................................... 17
7. Normative References .................................. 17 7. Normative References .................................. 17
8. Informative References ................................ 18 8. Informative References ................................ 18
Acknowledgments .............................................. 19 Acknowledgments .............................................. 19
Authors' Addresses ........................................... 19 Authors' Addresses ........................................... 19
Intellectual Property Statement .............................. 19 Intellectual Property Statement .............................. 19
Full Copyright Statement ..................................... 20 Full Copyright Statement ..................................... 20
1. Introduction 1. Introduction
This document discusses Link Local Multicast Name Resolution (LLMNR), This document discusses Link Local Multicast Name Resolution (LLMNR),
which operates on a separate port from DNS, with a distinct resolver which operates on a separate port from DNS, with a distinct resolver
cache, but does not change the format of DNS packets. LLMNR supports all cache, but does not change the format of DNS packets. LLMNR supports
current and future DNS formats, types and classes. However, since LLMNR all current and future DNS formats, types and classes. However, since
only operates on the local link, it cannot be considered a substitute LLMNR only operates on the local link, it cannot be considered a
for DNS. substitute for DNS.
The goal of LLMNR is to enable name resolution in scenarios in which The goal of LLMNR is to enable name resolution in scenarios in which
conventional DNS name resolution is not possible. These include conventional DNS name resolution is not possible. These include
scenarios in which hosts are not configured with the address of a DNS scenarios in which hosts are not configured with the address of a DNS
server, where configured DNS servers do not reply to a query, or where server, where configured DNS servers do not reply to a query, or where
they respond with errors, as described in Section 3. they respond with errors, as described in Section 3.
LLMNR queries are sent to and received on port TBD using a link-scope LLMNR queries are sent to and received on port TBD using a link-scope
multicast address as specified in "Administratively Scoped IP Multicast" multicast address as specified in "Administratively Scoped IP Multicast"
[RFC2365] for IPv4. The LLMNR link-scope multicast address to be used [RFC2365] for IPv4. The LLMNR link-scope multicast address to be used
for IPv4 is 224.0.0.251. For IPv6, the "solicited name" link-scope for IPv4 is 224.0.0.251. For IPv6, the "solicited name" link-scope
multicast addresses are used for A/AAAA queries, and a separate link- multicast addresses are used for A/AAAA queries, and a separate link-
scope multicast address TBD for all other queries. Link-scope multicast scope multicast address TBD for all other queries. Link-scope multicast
addresses are used to prevent propagation of LLMNR traffic across addresses are used to prevent propagation of LLMNR traffic across
routers, potentially flooding the network; for details, see Section 2.4. routers, potentially flooding the network; for details, see Section 2.4.
In circumstances described in Section 2.3, LLMNR queries can also be In circumstances described in Section 2.3, LLMNR queries can also be
sent to a unicast address. sent to a unicast address.
Propagation of LLMNR packets on the local link is considered sufficient Propagation of LLMNR packets on the local link is considered sufficient
to enable name resolution in small networks. The assumption is that if a to enable name resolution in small networks. The assumption is that if
network has a home gateway, then the network either has a DNS server or a network has a home gateway, then the network either has a DNS server
the home gateway can function as a DNS proxy. By implementing DHCPv4 as or the home gateway can function as a DNS proxy. By implementing
well as a DNS proxy and dynamic DNS, home gateways can provide name Dynamic Host Configuration Service for IPv4 (DHCPv4) as well as a DNS
resolution for the names of hosts over IPv4 on the local network. proxy and dynamic DNS, home gateways can provide name resolution for the
names of hosts over IPv4 on the local network.
For small IPv6 networks, equivalent functionality can be provided by a For small IPv6 networks, equivalent functionality can be provided by a
home gateway implementing DHCPv6 for DNS configuration [DHCPv6DNS], as home gateway implementing Dynamic Host Configuration Service for IPv6
well as a DNS proxy supporting AAAA RRs and dynamic DNS, providing name (DHCPv6) for DNS configuration [DHCPv6DNS], as well as a DNS proxy
resolution for the names of hosts over IPv6 on the local network. supporting AAAA RRs and dynamic DNS, providing name resolution for the
names of hosts over IPv6 on the local network.
This should be adequate as long as home gateways implementing DNS This should be adequate as long as home gateways implementing DNS
configuration also support dynamic DNS in some form. configuration also support dynamic DNS in some form.
In the future, LLMNR may be defined to support greater than link-scope In the future, LLMNR may be defined to support greater than link-scope
multicast. This would occur if LLMNR deployment is successful, the multicast. This would occur if LLMNR deployment is successful, the
assumption that LLMNR is not needed on multiple links proves incorrect, assumption that LLMNR is not needed on multiple links proves incorrect,
and multicast routing becomes ubiquitous. For example, it is not clear and multicast routing becomes ubiquitous. For example, it is not clear
that this assumption will be valid in large adhoc networking scenarios. that this assumption will be valid in large adhoc networking scenarios.
Once we have experience in LLMNR deployment in terms of administrative Once we have experience in LLMNR deployment in terms of administrative
issues, usability and impact on the network it will be possible issues, usability and impact on the network it will be possible to
reevaluate which multicast scopes are appropriate for use with multicast reevaluate which multicast scopes are appropriate for use with multicast
name resolution mechanisms. name resolution mechanisms.
Service discovery in general, as well as discovery of DNS servers using Service discovery in general, as well as discovery of DNS servers using
LLMNR in particular is outside of the scope of this document, as is name LLMNR in particular, is outside of the scope of this document, as is
resolution over non-multicast capable media. name resolution over non-multicast capable media.
1.1. Requirements 1.1. Requirements
In this document, several words are used to signify the requirements of In this document, several words are used to signify the requirements of
the specification. These words are often capitalized. The key words the specification. These words are often capitalized. The key words
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD
NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in [RFC2119]. interpreted as described in [RFC2119].
1.2. Terminology 1.2. Terminology
skipping to change at page 5, line 10 skipping to change at page 5, line 10
packet originated on-link (see Section 2.5 for details). If these packet originated on-link (see Section 2.5 for details). If these
conditions are met, then the sender uses and caches the returned conditions are met, then the sender uses and caches the returned
response. If not, then the sender ignores the response and continues response. If not, then the sender ignores the response and continues
waiting for the response. waiting for the response.
Further details of sender and responder behavior are provided in the Further details of sender and responder behavior are provided in the
sections that follow. sections that follow.
2.1. Sender behavior 2.1. Sender behavior
A sender sends an LLMNR query for any legal Type of resource record A sender sends an LLMNR query for any legal type of resource record
(e.g. A, PTR, etc.) to the link-scope multicast address. An LLMNR (e.g. A, PTR, etc.) to the link-scope multicast address. An LLMNR
sender MAY send requests for any name. sender MAY send requests for any name.
Under conditions described in Section 2.3, a sender may also send a Under conditions described in Section 2.3, a sender may also send a
unicast query. The RD (Recursion Desired) bit MUST NOT be set. If a unicast query. The RD (Recursion Desired) bit MUST NOT be set. If a
responder receives a query with the header containing RD set bit, the responder receives a query with the header containing RD set bit, the
responder MUST ignore the RD bit. responder MUST ignore the RD bit.
The sender MUST anticipate receiving no replies to some LLMNR queries, The sender MUST anticipate receiving no replies to some LLMNR queries,
in the event that no responders are available within the linklocal in the event that no responders are available within the linklocal
multicast scope, or in the event that no positive non-null responses multicast scope, or in the event no positive non-null responses exist
exist for the transmitted query. If no positive response is received, a for the transmitted query. If no positive response is received, a
resolver treats it as a response that no records of the specified type resolver treats it as a response that no records of the specified type
and class for the specified name exist (that is, it is treated the same and class exist for the specified name (it is treated the same as a
as a response with RCODE=0 and an empty answer section). response with RCODE=0 and an empty answer section).
2.2. Responder behavior 2.2. Responder behavior
A responder listens on port TBD on the link-scope multicast address(es) A responder listens on port TBD on the link-scope multicast address(es)
and on the unicast address(es) that could be set as the source and on the unicast address(es) that could be set as the source
address(es) when the responder responds to the LLMNR query. The host address(es) when the responder responds to the LLMNR query. The host
configured as a responder MUST act as a sender to verify the uniqueness configured as a responder MUST act as a sender to verify the uniqueness
of names as described in Section 4. of names as described in Section 4.
Responders MUST NOT respond to LLMNR queries for names they are not Responders MUST NOT respond to LLMNR queries for names they are not
skipping to change at page 6, line 12 skipping to change at page 6, line 12
A RR, and an A RR query is received, the host would respond with RCODE=0 A RR, and an A RR query is received, the host would respond with RCODE=0
and an empty answer section. and an empty answer section.
If a DNS server is running on a host that supports LLMNR, the DNS server If a DNS server is running on a host that supports LLMNR, the DNS server
MUST respond to LLMNR queries only for the RRSets owned by the host on MUST respond to LLMNR queries only for the RRSets owned by the host on
which the server is running, but MUST NOT respond for other records for which the server is running, but MUST NOT respond for other records for
which the server is authoritative. which the server is authoritative.
In conventional DNS terminology a DNS server authoritative for a zone is In conventional DNS terminology a DNS server authoritative for a zone is
authoritative for all the domain names under the zone root except for authoritative for all the domain names under the zone root except for
the branches delegated into separate zones. Contrary to conventional DNS the branches delegated into separate zones. Contrary to conventional
terminology, an LLMNR responder is authoritative only for the zone root. DNS terminology, an LLMNR responder is authoritative only for the zone
root.
For example the host "host.example.com." is not authoritative for the For example the host "host.example.com." is not authoritative for the
name "child.host.example.com." unless the host is configured with name "child.host.example.com." unless the host is configured with
multiple names, including "host.example.com." and multiple names, including "host.example.com." and
"child.host.example.com.". As a result, "host" cannot reply to a query "child.host.example.com.". As a result, "host" cannot reply to a query
for "child" with NXDOMAIN. The purpose of limiting the name authority for "child" with NXDOMAIN. The purpose of limiting the name authority
scope of a responder is to prevent complications that could be caused by scope of a responder is to prevent complications that could be caused by
coexistence of two or more hosts with the names representing child and coexistence of two or more hosts with the names representing child and
parent (or grandparent) nodes in the DNS tree, for example, parent (or grandparent) nodes in the DNS tree, for example,
"host.example.com." and "child.host.example.com.". "host.example.com." and "child.host.example.com.".
skipping to change at page 7, line 36 skipping to change at page 7, line 36
algorithm, described in [RFC1321]. The first 32 bits of the resultant algorithm, described in [RFC1321]. The first 32 bits of the resultant
128-bit hash is then appended to the prefix FF02:0:0:0:0:2::/96 to yield 128-bit hash is then appended to the prefix FF02:0:0:0:0:2::/96 to yield
the 128-bit "solicited name multicast address". (Note: this procedure the 128-bit "solicited name multicast address". (Note: this procedure
is intended to be the same as that specified in section 3 of "IPv6 Node is intended to be the same as that specified in section 3 of "IPv6 Node
Information Queries" [NodeInfo]). A responder that listens for queries Information Queries" [NodeInfo]). A responder that listens for queries
for multiple names with different first labels will necessarily listen for multiple names with different first labels will necessarily listen
to multiple of these solicited name multicast addresses. to multiple of these solicited name multicast addresses.
2.5. Off-link detection 2.5. Off-link detection
The source address of LLMNR queries and responses MUST be "on link". The The source address of LLMNR queries and responses MUST be "on link".
destination address of an LLMNR query MUST be a link-scope multicast The destination address of an LLMNR query MUST be a link-scope multicast
address or an "on link" unicast address; the destination address of an address or an "on link" unicast address; the destination address of an
LLMNR response MUST be an "on link" unicast address. For IPv4, an "on LLMNR response MUST be an "on link" unicast address. For IPv4, an "on
link" address is defined as a link-local address or an address whose link" address is defined as a link-local address or an address whose
prefix belongs to a subnet on the local link; for IPv6 [RFC2460] an "on prefix belongs to a subnet on the local link; for IPv6 [RFC2460] an "on
link" address is either a link-local address, defined in [RFC2373], or link" address is either a link-local address, defined in [RFC2373], or
an address whose prefix belongs to a subnet on the local link. A sender an address whose prefix belongs to a subnet on the local link. A sender
SHOULD prefer RRs including reachable addresses where RRs involving both SHOULD prefer RRs including reachable addresses where RRs involving both
reachable and unreachable addresses are returned in response to a query. reachable and unreachable addresses are returned in response to a query.
In composing an LLMNR response, the responder MUST set the Hop Limit In composing an LLMNR response, the responder MUST set the Hop Limit
field in the IPv6 header and the TTL field in IPv4 header of the LLMNR field in the IPv6 header and the TTL field in IPv4 header of the LLMNR
response to 255. The sender MUST verify that the Hop Limit field in IPv6 response to 255. The sender MUST verify that the Hop Limit field in
header and TTL field in IPv4 header of each response to the LLMNR query IPv6 header and TTL field in IPv4 header of each response to the LLMNR
is set to 255. If it is not, then sender MUST ignore the response. query is set to 255. If it is not, then sender MUST ignore the
response.
Since routers decrement the Hop Limit on all packets they forward, Since routers decrement the Hop Limit on all packets they forward,
received packets containing a Hop Limit of 255 must have originated from received packets containing a Hop Limit of 255 must have originated from
a neighbor. a neighbor.
Implementation note: Implementation note:
In the sockets API for IPv4, the IP_TTL and IP_MULTICAST_TTL socket In the sockets API for IPv4, the IP_TTL and IP_MULTICAST_TTL socket
options are used to set the TTL of outgoing unicast and multicast options are used to set the TTL of outgoing unicast and multicast
packets. The IP_RECVTTL socket option is available on some platforms packets. The IP_RECVTTL socket option is available on some platforms
skipping to change at page 9, line 17 skipping to change at page 9, line 20
in a negative responses due to missing inverse mappings or NS records in a negative responses due to missing inverse mappings or NS records
that point to nonexistent or inappropriate hosts. Given this, support that point to nonexistent or inappropriate hosts. Given this, support
for LLMNR as a secondary name resolution mechanism has the potential to for LLMNR as a secondary name resolution mechanism has the potential to
result in a large number of inappropriate queries without the following result in a large number of inappropriate queries without the following
additional restrictions: additional restrictions:
[1] If a DNS query does not receive a response, prior to falling [1] If a DNS query does not receive a response, prior to falling
back to LLMNR, the query SHOULD be retransmitted at least back to LLMNR, the query SHOULD be retransmitted at least
once. once.
[2] A sender SHOULD send LLMNR queries only for names that are [2] Where a DNS server is configured, by default a sender
either unqualified or exist within the default domain. SHOULD send LLMNR queries only for names that are either
unqualified or exist within the default domain. Where no
DNS server is configured, an LLMNR query MAY be sent for
any name.
[3] A responder with both link-local and routable addresses [3] A responder with both link-local and routable addresses
MUST respond to LLMNR queries for A/AAAA RRs only with MUST respond to LLMNR queries for A/AAAA RRs only with
routable address(es). This encourages use of routable routable address(es). This encourages use of routable
address(es) for establishment of new connections. address(es) for establishment of new connections.
[4] A sender SHOULD only send LLMNR queries for PTR RRs
that represent addresses reachable through the link
over which LLMNR is used.
RRs returned in LLMNR responses MUST only include values that are valid RRs returned in LLMNR responses MUST only include values that are valid
on the local interface, such as IPv4 or IPv6 addresses valid on the on the local interface, such as IPv4 or IPv6 addresses valid on the
local link or names defended using the mechanism described in Section 4. local link or names defended using the mechanism described in Section 4.
In particular: In particular:
[1] If a link-scope IPv6 address is returned in a AAAA RR, that [1] If a link-scope IPv6 address is returned in a AAAA RR, that
address MUST be valid on the local link over which LLMNR is address MUST be valid on the local link over which LLMNR is
used. used.
[2] If an IPv4 address is returned, it must be reachable through [2] If an IPv4 address is returned, it must be reachable through
skipping to change at page 11, line 18 skipping to change at page 11, line 30
after the outage will not. Alternatively, it is possible for the DNS after the outage will not. Alternatively, it is possible for the DNS
configuration mechanism to continue functioning while configured DNS configuration mechanism to continue functioning while configured DNS
servers fail. servers fail.
Unless unconfigured hosts periodically retry configuration, an outage in Unless unconfigured hosts periodically retry configuration, an outage in
the DNS configuration mechanism will result in hosts continuing to the DNS configuration mechanism will result in hosts continuing to
prefer LLMNR even once the outage is repaired. Since LLMNR only enables prefer LLMNR even once the outage is repaired. Since LLMNR only enables
linklocal name resolution, this represents an unnecessary degradation in linklocal name resolution, this represents an unnecessary degradation in
capabilities. As a result, it is recommended that hosts without a capabilities. As a result, it is recommended that hosts without a
configured DNS server periodically attempt to obtain DNS configuration. configured DNS server periodically attempt to obtain DNS configuration.
A default retry interval of two (2) minutes is recommended. A default retry interval of two (2) minutes is RECOMMENDED.
4. Conflict resolution 4. Conflict resolution
The sender MUST anticipate receiving multiple replies to the same LLMNR The sender MUST anticipate receiving multiple replies to the same LLMNR
query, in the event that several LLMNR enabled computers receive the query, in the event that several LLMNR enabled computers receive the
query and respond with valid answers. When this occurs, the responses query and respond with valid answers. When this occurs, the responses
MAY first be concatenated, and then treated in the same manner that MAY first be concatenated, and then treated in the same manner that
multiple RRs received from the same DNS server would, ordinarily. multiple RRs received from the same DNS server would.
There are some scenarios when multiple responders MAY respond to the There are some scenarios when multiple responders MAY respond to the
same query. There are other scenarios when only one responder may same query. There are other scenarios when only one responder MAY
respond to a query. Resource records for which the latter queries are respond to a query. Resource records for which the latter queries are
submitted are referred as UNIQUE throughout this document. The submitted are referred as UNIQUE throughout this document. The
uniqueness of a resource record depends on a nature of the name in the uniqueness of a resource record depends on a nature of the name in the
query and type of the query. For example it is expected that: query and type of the query. For example it is expected that:
- multiple hosts may respond to a query for an SRV type record - multiple hosts may respond to a query for an SRV type record
- multiple hosts may respond to a query for an A or AAAA type record for a - multiple hosts may respond to a query for an A or AAAA type
cluster name (assigned to multiple hosts in the cluster) record for a cluster name (assigned to multiple hosts in
- only a single host may respond to a query for an A or AAAA type record for the cluster)
a hostname. - only a single host may respond to a query for an A or AAAA
type record for a hostname.
Every responder that responds to a LLMNR query and/or dynamic update Every responder that responds to a LLMNR query and/or dynamic update
request AND includes a UNIQUE record in the response: request AND includes a UNIQUE record in the response:
1. MUST verify that there is no other host within the scope of the 1. MUST verify that there is no other host within the scope of the
LLMNR query propagation that can return a resource record LLMNR query propagation that can return a resource record
for the same name, type and class. for the same name, type and class.
2. MUST NOT include a UNIQUE resource record in the 2. MUST NOT include a UNIQUE resource record in the
response without having verified its uniqueness. response without having verified its uniqueness.
skipping to change at page 12, line 25 skipping to change at page 12, line 37
UNIQUE resource records. UNIQUE resource records.
The data to be specified in the dynamic update request is as follows: The data to be specified in the dynamic update request is as follows:
Header section Header section
contains values according to [RFC2136]. contains values according to [RFC2136].
Zone section Zone section
The zone name in the zone section MUST be set to the name of the The zone name in the zone section MUST be set to the name of the
UNIQUE record. The zone type in the zone section MUST be set to UNIQUE record. The zone type in the zone section MUST be set to
SOA. The zone class in the zone section MUST be set to the class of SOA. The zone class in the zone section MUST be set to the class
the UNIQUE record. of the UNIQUE record.
Prerequisite section Prerequisite section
This section MUST contain a record set whose semantics are This section MUST contain a record set whose semantics are
described in [RFC2136], Section 2.4.3 "RRset Does Not Exist" described in [RFC2136], Section 2.4.3 "RRset Does Not Exist"
(NXRRSET), requesting that RRs with the NAME and TYPE of the UNIQUE (NXRRSET), requesting that RRs with the NAME and TYPE of the UNIQUE
record do not exist. record do not exist.
Update section Update section
This section MUST be left empty. This section MUST be left empty.
Additional section Additional section
This section is set according to [RFC2136]. This section is set according to [RFC2136].
When a host that owns a UNIQUE record receives a dynamic update request When a host that owns a UNIQUE record receives a dynamic update request
that requests that the UNIQUE resource record set does not exist, the that requests that the UNIQUE resource record set does not exist, the
host MUST respond via unicast with the YXRRSET error, according to the host MUST respond via unicast with the YXRRSET error, according to the
rules described in Section 3 of [RFC2136]. rules described in Section 3 of [RFC2136].
After the client receives an YXRRSET response to its dynamic update After the client receives an YXRRSET response to its dynamic update
request stating that a UNIQUE resource record does not exist, the host request stating that a UNIQUE resource record does not exist, the host
MUST check whether the response arrived on another interface. If this is MUST check whether the response arrived on another interface. If this
the case, then the client can use the UNIQUE resource record in response is the case, then the client can use the UNIQUE resource record in
to LLMNR queries and dynamic update requests. If not, then it MUST NOT response to LLMNR queries and dynamic update requests. If not, then it
use the UNIQUE resource record in response to LLMNR queries and dynamic MUST NOT use the UNIQUE resource record in response to LLMNR queries and
update requests. dynamic update requests.
Note that this name conflict detection mechanism doesn't prevent name Note that this name conflict detection mechanism doesn't prevent name
conflicts when previously partitioned segments are connected by a conflicts when previously partitioned segments are connected by a
bridge. In such a situation, name conflicts are detected when a sender bridge. In such a situation, name conflicts are detected when a sender
receives more than one response to its LLMNR query. receives more than one response to its LLMNR query.
In this case, the sender sends the first response that it received to In this case, the sender sends the first response that it received to
all responders that responded to this query except the first one, using all responders that responded to this query except the first one, using
unicast. A host that receives a query response containing a UNIQUE unicast. A host that receives a query response containing a UNIQUE
resource record that it owns, even if it didn't send such a query, MUST resource record that it owns, even if it didn't send such a query, MUST
verify that no other host within the LLMNR scope is authoritative for verify that no other host within the LLMNR scope is authoritative for
the same name, using the dynamic LLMNR update request mechanism the same name, using the dynamic LLMNR update request mechanism
described above. Based on the result, the host detects whether there is described above. Based on the result, the host detects whether there is
a name conflict and acts as described above. a name conflict and acts as described above.
4.1. Considerations for Multiple Interfaces 4.1. Considerations for Multiple Interfaces
A multi-homed host may elect to configure LLMNR on only one of its A multi-homed host may elect to configure LLMNR on only one of its
active interfaces. In many situations this will be adequate. However, active interfaces. In many situations this will be adequate. However,
should a host wish to configure LLMNR on more than one of its active should a host need to configure LLMNR on more than one of its active
interfaces, there are some additional precautions it MUST take. interfaces, there are some additional precautions it MUST take.
Implementers who are not planning to support LLMNR on multiple Implementers who are not planning to support LLMNR on multiple
interfaces simultaneously may skip this section. interfaces simultaneously may skip this section.
A multi-homed host checks the uniqueness of UNIQUE records as described A multi-homed host checks the uniqueness of UNIQUE records as described
in Section 4. The situation is illustrated in figure 1. in Section 4. The situation is illustrated in figure 1.
---------- ---------- ---------- ----------
| | | | | | | |
[A] [myhost] [myhost] [A] [myhost] [myhost]
Figure 1. Link-scope name conflict Figure 1. Link-scope name conflict
In this situation, the multi-homed myhost will probe for, and defend, In this situation, the multi-homed myhost will probe for, and defend,
its host name on both interfaces. A conflict will be detected on one its host name on both interfaces. A conflict will be detected on one
interface, but not the other. The multi-homed myhost will not be able to interface, but not the other. The multi-homed myhost will not be able
respond with a host RR for "myhost" on the interface on the right (see
Figure 1). The multi-homed host may, however, be configured to use the to respond with a host RR for "myhost" on the interface on the right
"myhost" name on the interface on the left. (see Figure 1). The multi-homed host may, however, be configured to use
the "myhost" name on the interface on the left.
Since names are only unique per-link, hosts on different links could be Since names are only unique per-link, hosts on different links could be
using the same name. If an LLMNR client sends requests over multiple using the same name. If an LLMNR client sends requests over multiple
interfaces, and receives replies from more than one, the result returned interfaces, and receives replies from more than one, the result returned
to the client is defined by the implementation. The situation is to the client is defined by the implementation. The situation is
illustrated in figure 2. illustrated in figure 2.
---------- ---------- ---------- ----------
| | | | | | | |
[A] [myhost] [A] [A] [myhost] [A]
skipping to change at page 15, line 15 skipping to change at page 15, line 27
multiple addrinfo structures, each with an associated sockaddr_in6 multiple addrinfo structures, each with an associated sockaddr_in6
structure. This list will thus contain the IPv4 and IPv6 addresses of structure. This list will thus contain the IPv4 and IPv6 addresses of
both hosts responding to the name 'A'. Link-local addresses will have a both hosts responding to the name 'A'. Link-local addresses will have a
sin6_scope_id value that disambiguates which interface is used to reach sin6_scope_id value that disambiguates which interface is used to reach
the address. Of course, to the application, Figures 2 and 3 are still the address. Of course, to the application, Figures 2 and 3 are still
indistinguishable, but this API allows the application to communicate indistinguishable, but this API allows the application to communicate
successfully with any address in the list. successfully with any address in the list.
5. Security Considerations 5. Security Considerations
LLMNR is by nature a peer to peer name resolution protocol. It is LLMNR is by nature a peer-to-peer name resolution protocol. It is
therefore inherently more vulnerable than DNS, since existing DNS therefore inherently more vulnerable than DNS, since existing DNS
security mechanisms are difficult to apply to LLMNR and an attacker only security mechanisms are difficult to apply to LLMNR and an attacker only
needs to be misconfigured to answer an LLMNR query with incorrect needs to be misconfigured to answer an LLMNR query with incorrect
information. information.
In order to address the security vulnerabilities, the following In order to address the security vulnerabilities, the following
mechanisms are contemplated: mechanisms are contemplated:
[1] Scope restrictions. [1] Scope restrictions.
skipping to change at page 15, line 43 skipping to change at page 16, line 7
5.1. Scope restriction 5.1. Scope restriction
With LLMNR it is possible that hosts will allocate conflicting names for With LLMNR it is possible that hosts will allocate conflicting names for
a period of time, or that attackers will attempt to deny service to a period of time, or that attackers will attempt to deny service to
other hosts by allocating the same name. Such attacks also allow hosts other hosts by allocating the same name. Such attacks also allow hosts
to receive packets destined for other hosts. to receive packets destined for other hosts.
In the absence of authentication, LLMNR reduces the exposure to such In the absence of authentication, LLMNR reduces the exposure to such
threats by ignoring LLMNR query response packets received from off-link threats by ignoring LLMNR query response packets received from off-link
senders. While restricting ignoring packets received from off-link senders. While ignoring packets received from off-link senders reduces
senders reduces the level of vulnerability, it does not eliminate it. the level of vulnerability, it does not eliminate it. There are
There are scenarios such as public "hotspots" where attackers can be scenarios such as public "hotspots" where attackers can be present on
present on the same link. These threats are most serious in wireless the same link. These threats are most serious in wireless networks such
networks such as 802.11, since attackers on a wired network will require as 802.11, since attackers on a wired network will require physical
physical access to the home network, while wireless attackers may reside access to the home network, while wireless attackers may reside outside
outside the home. Link-layer security can be of assistance against the home. Link-layer security can be of assistance against these
these threats if it is available. threats if it is available.
5.2. Usage restriction 5.2. Usage restriction
As noted in Section 3, LLMNR is intended for usage in a limited set of As noted in Section 3, LLMNR is intended for usage in a limited set of
scenarios. scenarios.
If an interface has been configured via any automatic configuration If an interface has been configured via any automatic configuration
mechanism which is able to supply DNS configuration information, then mechanism which is able to supply DNS configuration information, then
LLMNR SHOULD NOT be used as the primary name resolution mechanism on LLMNR SHOULD NOT be used as the primary name resolution mechanism on
that interface, although it MAY be used as a secondary mechanism. that interface, although it MAY be used as a name resolution mechanism
of last resort.
Note: enabling LLMNR for use in situations where a DNS server has been Note: enabling LLMNR for use in situations where a DNS server has been
configured will result in upgraded hosts changing their default behavior configured will result in upgraded hosts changing their default behavior
without a simultaneous update to configuration information. Where this without a simultaneous update to configuration information. Where this
is considered undesirable, LLMNR SHOULD NOT be enabled by default, so is considered undesirable, LLMNR SHOULD NOT be enabled by default, so
that hosts will neither listen on the LINKLOCAL multicast address, nor that hosts will neither listen on the LINKLOCAL multicast address, nor
will it send queries to that address. will it send queries to that address.
Use of LLMNR as a secondary name resolution mechanism increases security Use of LLMNR as a name resolution mechanism increases security
vulnerabilities. For example, if an LLMNR query is sent whenever a DNS vulnerabilities. For example, if an LLMNR query is sent whenever a DNS
server does not respond in a timely way, then an attacker can execute a server does not respond in a timely way, then an attacker can execute a
denial of service attack on the DNS server(s) and then poison the LLMNR denial of service attack on the DNS server(s) and then poison the LLMNR
cache by responding to the resulting LLMNR queries with incorrect cache by responding to the resulting LLMNR queries with incorrect
information. information.
The vulnerability is more serious if LLMNR is given higher priority than The vulnerability is more serious if LLMNR is given higher priority than
DNS among the enabled name resolution mechanisms. In such a DNS among the enabled name resolution mechanisms. In such a
configuration, a denial of service attack on the DNS server would not be configuration, a denial of service attack on the DNS server would not be
necessary in order to poison the LLMNR cache, since LLMNR queries would necessary in order to poison the LLMNR cache, since LLMNR queries would
be sent even when the DNS server is available. In addition, the LLMNR be sent even when the DNS server is available. In addition, the LLMNR
cache, once poisoned, would take precedence over the DNS cache, cache, once poisoned, would take precedence over the DNS cache,
eliminating the benefits of cache separation. As a result, LLMNR is best eliminating the benefits of cache separation. As a result, LLMNR is
thought of as a secondary name resolution mechanism. best thought of as a name resolution mechanism of last resort.
5.3. Cache and port separation 5.3. Cache and port separation
In order to prevent responses to LLMNR queries from polluting the DNS In order to prevent responses to LLMNR queries from polluting the DNS
cache, LLMNR implementations MUST use a distinct, isolated cache for cache, LLMNR implementations MUST use a distinct, isolated cache for
LLMNR on each interface. The use of separate caches is most effective LLMNR on each interface. The use of separate caches is most effective
when LLMNR is used as a name resolution mechanism of last resort, since when LLMNR is used as a name resolution mechanism of last resort, since
the this minimizes the opportunities for poisoning the LLMNR cache, and this minimizes the opportunities for poisoning the LLMNR cache, and
decreases reliance on it. decreases reliance on it.
LLMNR operates on a separate port from DNS, reducing the likelihood that LLMNR operates on a separate port from DNS, reducing the likelihood that
a DNS server will unintentionally respond to an LLMNR query. a DNS server will unintentionally respond to an LLMNR query.
5.4. Authentication 5.4. Authentication
LLMNR does not require use of DNSSEC, and as a result, responses to LLMNR does not require use of DNSSEC, and as a result, responses to
LLMNR queries may be unauthenticated. If authentication is desired, and LLMNR queries may be unauthenticated. If authentication is desired, and
a pre-arranged security configuration is possible, then IPsec ESP with a a pre-arranged security configuration is possible, then IPsec ESP with a
null-transform MAY be used to authenticate LLMNR responses. In a small null-transform MAY be used to authenticate LLMNR responses. In a small
network without a certificate authority, this can be most easily network without a certificate authority, this can be most easily
accomplished through configuration of a group pre-shared key for trusted accomplished through configuration of a group pre-shared key for trusted
hosts. hosts.
6. IANA Considerations 6. IANA Considerations
This specification does not create any new name spaces for IANA This specification does not create any new name spaces for IANA
administration. LLMNR requires allocation of a port for both TCP and administration. LLMNR requires allocation of a port TBD for both TCP
UDP. LLMNR utilizes a link-scope multicast IPv4 address (224.0.0.251) and UDP. Assignment of the same port for both transports is requested.
that has been previously allocated to LLMNR by IANA. It also requires LLMNR utilizes a link-scope multicast IPv4 address (224.0.0.251) that
has been previously allocated to LLMNR by IANA. It also requires
allocation of a link scope multicast IPv6 address, for use with queries allocation of a link scope multicast IPv6 address, for use with queries
of types other than A/AAAA. of types other than A/AAAA.
7. Normative References 7. Normative References
[RFC1035] Mockapetris, P., "Domain Names - Implementation and [RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", RFC 1035, November 1987. Specification", RFC 1035, November 1987.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992. April 1992.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2136] Vixie, P., Thomson, S., Rekhter, Y., Bound, J., "Dynamic [RFC2136] Vixie, P., et al., "Dynamic Updates in the Domain Name
Updates in the Domain Name System (DNS UPDATE)", RFC System (DNS UPDATE)", RFC 2136, April 1997.
2136, April 1997.
[RFC2365] Meyer, D., "Administratively Scoped IP Multicast", BCP [RFC2365] Meyer, D., "Administratively Scoped IP Multicast", BCP
23, RFC 2365, July 1998. 23, RFC 2365, July 1998.
[RFC2373] Hinden, R., Deering, S., "IP Version 6 Addressing [RFC2373] Hinden, R., and S. Deering, "IP Version 6 Addressing
Architecture", RFC 2373, July 1998. Architecture", RFC 2373, July 1998.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2535] Eastlake, D., "Domain Name System Security Extensions", [RFC2535] Eastlake, D., "Domain Name System Security Extensions",
RFC 2535, March 1999. RFC 2535, March 1999.
[RFC2988] Paxson, V., Allman, M., "Computing TCP's Retransmission [RFC2988] Paxson, V., and M. Allman, "Computing TCP's
Timer", RFC 2988, November 2000. Retransmission Timer", RFC 2988, November 2000.
8. Informative References 8. Informative References
[RFC1536] Kumar, A., et. al. "DNS Implementation Errors and [RFC1536] Kumar, A., et. al., "DNS Implementation Errors and
Suggested Fixes", RFC 1536, October 1993. Suggested Fixes", RFC 1536, October 1993.
[RFC2292] Stevens, W., Thomas, M., "Advanced Sockets API for IPv6", [RFC2292] Stevens, W., Thomas, M., "Advanced Sockets API for IPv6",
RFC 2292, February 1998. RFC 2292, February 1998.
[RFC2434] Alvestrand, H. and T. Narten, "Guidelines for Writing an [RFC2434] Alvestrand, H. and T. Narten, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434, IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998. October 1998.
[RFC2553] Gilligan, R., Thomson, S., Bound, J., Stevens, W., "Basic [RFC2553] Gilligan, R., Thomson, S., Bound, J., and W. Stevens,
Socket Interface Extensions for IPv6", RFC 2553, March "Basic Socket Interface Extensions for IPv6", RFC 2553,
1999. March 1999.
[RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC [RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC
2937, September 2000. 2937, September 2000.
[DHCPv6DNS] Droms, R., "A Guide to Implementing Stateless DHCPv6 [DHCPv6DNS] Droms, R., "A Guide to Implementing Stateless DHCPv6
Service", Internet draft (work in progress), draft-droms- Service", Internet draft (work in progress), draft-droms-
dhcpv6-stateless-guide-01.txt, October 2002. dhcpv6-stateless-guide-01.txt, October 2002.
[DNSPerf] Jung, J., et al., "DNS Performance and the Effectiveness [DNSPerf] Jung, J., et al., "DNS Performance and the Effectiveness
of Caching", IEEE/ACM Transactions on Networking, Volume of Caching", IEEE/ACM Transactions on Networking, Volume
10, Number 5, pp. 589, October 2002. 10, Number 5, pp. 589, October 2002.
[DNSDisc] Durand, A., Hagino, I., Thaler, D., "Well known site [DNSDisc] Durand, A., Hagino, I., and D. Thaler, "Well known site
local unicast addresses to communicate with recursive DNS local unicast addresses to communicate with recursive DNS
servers", Internet draft (work in progress), draft-ietf- servers", Internet draft (work in progress), draft-ietf-
ipv6-dns-discovery-07.txt, October 2002. ipv6-dns-discovery-07.txt, October 2002.
[IPV4Link] Cheshire, S., Aboba, B.,Guttman, E., "Dynamic [IPV4Link] Cheshire, S., Aboba, B., and E. Guttman, "Dynamic
Configuration of IPv4 Link-Local Addresses", Internet Configuration of IPv4 Link-Local Addresses", Internet
draft (work in progress), draft-ietf-zeroconf- draft (work in progress), draft-ietf-zeroconf-
ipv4-linklocal-07.txt, August 2002. ipv4-linklocal-07.txt, August 2002.
[LLMNREnable] Guttman, E., "DHCP LLMNR Enable Option", Internet draft [LLMNREnable] Guttman, E., "DHCP LLMNR Enable Option", Internet draft
(work in progress), draft-guttman-mdns-enable-02.txt, (work in progress), draft-guttman-mdns-enable-02.txt,
April 2002. April 2002.
[NodeInfo] Crawford, M., "IPv6 Node Information Queries", Internet [NodeInfo] Crawford, M., "IPv6 Node Information Queries", Internet
draft (work in progress), draft-ietf-ipn-gwg-icmp-name- draft (work in progress), draft-ietf-ipn-gwg-icmp-name-
skipping to change at page 20, line 36 skipping to change at page 20, line 44
except as needed for the purpose of developing Internet standards in except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into Standards process must be followed, or as required to translate it into
languages other than English. The limited permissions granted above are languages other than English. The limited permissions granted above are
perpetual and will not be revoked by the Internet Society or its perpetual and will not be revoked by the Internet Society or its
successors or assigns. This document and the information contained successors or assigns. This document and the information contained
herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Expiration Date Expiration Date
This memo is filed as <draft-ietf-dnsext-mdns-15.txt>, and expires This memo is filed as <draft-ietf-dnsext-mdns-16.txt>, and expires
November 22, 2003. November 22, 2003.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/