draft-ietf-dnsext-mdns-25.txt   draft-ietf-dnsext-mdns-26.txt 
DNSEXT Working Group Levon Esibov DNSEXT Working Group Levon Esibov
INTERNET-DRAFT Bernard Aboba INTERNET-DRAFT Bernard Aboba
Category: Standards Track Dave Thaler Category: Standards Track Dave Thaler
<draft-ietf-dnsext-mdns-25.txt> Microsoft <draft-ietf-dnsext-mdns-26.txt> Microsoft
20 November 2003 11 December 2003
Linklocal Multicast Name Resolution (LLMNR) Linklocal Multicast Name Resolution (LLMNR)
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC 2026. provisions of Section 10 of RFC 2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts. may also distribute working documents as Internet-Drafts.
skipping to change at page 2, line 12 skipping to change at page 2, line 12
operates on the local link, it cannot be considered a substitute for operates on the local link, it cannot be considered a substitute for
DNS. DNS.
Table of Contents Table of Contents
1. Introduction .......................................... 3 1. Introduction .......................................... 3
1.1 Requirements .................................... 4 1.1 Requirements .................................... 4
1.2 Terminology ..................................... 4 1.2 Terminology ..................................... 4
2. Name resolution using LLMNR ........................... 4 2. Name resolution using LLMNR ........................... 4
2.1 Sender behavior ................................. 5 2.1 Sender behavior ................................. 5
2.2 Responder behavior .............................. 5 2.2 Responder behavior .............................. 6
2.3 Unicast queries ................................. 7 2.3 Unicast queries ................................. 7
2.4 Addressing ...................................... 8 2.4 Addressing ...................................... 8
2.5 Off-link detection .............................. 8 2.5 Off-link detection .............................. 8
2.6 Retransmissions ................................. 9 2.6 Retransmissions ................................. 9
2.7 DNS TTL ......................................... 9 2.7 DNS TTL ......................................... 10
2.8 Use of the authority and additional sections .... 10 2.8 Use of the authority and additional sections .... 10
3. Usage model ........................................... 10 3. Usage model ........................................... 11
3.1 Responder responsibility ....................... 11 3.1 Responder responsibility ....................... 11
3.2 LLMNR configuration ............................. 11 3.2 LLMNR configuration ............................. 12
4. Conflict resolution ................................... 13 4. Conflict resolution ................................... 13
4.1 Considerations for multiple interfaces .......... 14 4.1 Considerations for multiple interfaces .......... 15
4.2 API issues ...................................... 15 4.2 API issues ...................................... 16
5. Security considerations ............................... 16 5. Security considerations ............................... 16
5.1 Scope restriction ............................... 16 5.1 Scope restriction ............................... 17
5.2 Usage restriction ............................... 17 5.2 Usage restriction ............................... 18
5.3 Cache and port separation ....................... 18 5.3 Cache and port separation ....................... 18
5.4 Authentication .................................. 18 5.4 Authentication .................................. 19
6. IANA considerations ................................... 18 6. IANA considerations ................................... 19
7. References ............................................ 19 7. References ............................................ 19
7.1 Normative References ............................ 19 7.1 Normative References ............................ 19
7.2 Informative References .......................... 19 7.2 Informative References .......................... 20
Acknowledgments .............................................. 20 Acknowledgments .............................................. 21
Authors' Addresses ........................................... 21 Authors' Addresses ........................................... 21
Intellectual Property Statement .............................. 21 Intellectual Property Statement .............................. 22
Full Copyright Statement ..................................... 22 Full Copyright Statement ..................................... 22
1. Introduction 1. Introduction
This document discusses Link Local Multicast Name Resolution (LLMNR), This document discusses Link Local Multicast Name Resolution (LLMNR),
which operates on a separate port from the Domain Name System (DNS), which utilizes the DNS packet format for both requests and responses,
with a distinct resolver cache, but does not change the format of DNS and supports all current and future DNS formats, types and classes.
packets. LLMNR supports all current and future DNS formats, types and LLMNR operates on a separate port from the Domain Name System (DNS),
classes. with a distinct resolver cache.
The goal of LLMNR is to enable name resolution in scenarios in which The goal of LLMNR is to enable name resolution in scenarios in which
conventional DNS name resolution is not possible. These include conventional DNS name resolution is not possible. These include
scenarios in which hosts are not configured with the address of a DNS scenarios in which hosts are not configured with the address of a DNS
server, where configured DNS servers do not reply to a query, or where server, where configured DNS servers do not reply to a query, or where
they respond with errors, as described in Section 2. Since LLMNR only they respond with errors, as described in Section 2. Since LLMNR only
operates on the local link, it cannot be considered a substitute for operates on the local link, it cannot be considered a substitute for
DNS. DNS.
LLMNR usage MAY be configured manually or automatically on a per
interface basis. By default, LLMNR Responders SHOULD be enabled on all
interfaces, at all times.
LLMNR queries are sent to and received on port TBD. Link-scope LLMNR queries are sent to and received on port TBD. Link-scope
multicast addresses are used to prevent propagation of LLMNR traffic multicast addresses are used to prevent propagation of LLMNR traffic
across routers, potentially flooding the network; for details, see across routers, potentially flooding the network; for details, see
Section 2.4. LLMNR queries can also be sent to a unicast address, as Section 2.4. LLMNR queries can also be sent to a unicast address, as
described in Section 2.3. described in Section 2.3.
Propagation of LLMNR packets on the local link is considered sufficient Propagation of LLMNR packets on the local link is considered sufficient
to enable name resolution in small networks. The assumption is that if to enable name resolution in small networks. The assumption is that if
a network has a gateway, then the network is able to provide DNS server a network has a gateway, then the network is able to provide DNS server
configuration. Configuration issues are discussed in Section 3.2. configuration. Configuration issues are discussed in Section 3.2.
skipping to change at page 4, line 18 skipping to change at page 4, line 18
the specification. These words are often capitalized. The key words the specification. These words are often capitalized. The key words
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD
NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in [RFC2119]. interpreted as described in [RFC2119].
1.2. Terminology 1.2. Terminology
This document assumes familiarity with DNS terminology defined in This document assumes familiarity with DNS terminology defined in
[RFC1035]. Other terminology used in this document includes: [RFC1035]. Other terminology used in this document includes:
Responder A host that listens to LLMNR queries, and responds to those Owner A host is said to be the owner of a Resource Record (RR) if it
for which it is authoritative. is configured to respond to an LLMNR query for that RR.
Sender A host that sends an LLMNR query. Typically a host is
configured as both a sender and a responder. However, a host
may be configured as a sender, but not a responder or as a
responder, but not a sender.
Routable address Routable address
An address other than a Link-Local address. This includes An address other than a Link-Local address. This includes
globally routable addresses, as well as private addresses. globally routable addresses, as well as private addresses.
Responder A host that listens to LLMNR queries, and responds to those
for which it is authoritative.
Sender A host that sends an LLMNR query.
2. Name resolution using LLMNR 2. Name resolution using LLMNR
LLMNR is a peer-to-peer name resolution protocol that is not intended as LLMNR is a peer-to-peer name resolution protocol that is not intended as
a replacement for DNS. LLMNR usage MAY be configured manually or a replacement for DNS. This document does not specify how names are
automatically on a per interface basis. By default, LLMNR Responders chosen or configured. This may occur via any mechanism, including
SHOULD be enabled on all interfaces, at all times. DHCPv4 [RFC2131] or DHCPv6 [RFC3315].
Typically a host is configured as both an LLMNR sender and a responder.
A host MAY be configured as a sender, but not a responder. However, a
host configured as a responder MUST act as a sender to verify the
uniqueness of names as described in Section 4.
LLMNR usage MAY be configured manually or automatically on a per
interface basis. By default, LLMNR responders SHOULD be enabled on all
interfaces, at all times.
An LLMNR sender may send a request for any name. However, by default, An LLMNR sender may send a request for any name. However, by default,
LLMNR requests SHOULD be sent only when one of the following conditions LLMNR requests SHOULD be sent only when one of the following conditions
are met: are met:
[1] No manual or automatic DNS configuration has been performed. [1] No manual or automatic DNS configuration has been performed.
If an interface has been configured with DNS server address(es), If an interface has been configured with DNS server address(es),
then LLMNR SHOULD NOT be used as the primary name resolution then LLMNR SHOULD NOT be used as the primary name resolution
mechanism on that interface, although it MAY be used as a name mechanism on that interface, although it MAY be used as a name
resolution mechanism of last resort. resolution mechanism of last resort.
[2] DNS servers do not respond. [2] DNS servers do not respond.
[3] DNS servers respond to a query with RCODE=3 [3] DNS servers respond to a DNS query with RCODE=3
(Authoritative Name Error) or RCODE=0, and an empty (Authoritative Name Error) or RCODE=0, and an empty
answer section. answer section.
A typical sequence of events for LLMNR usage is as follows: A typical sequence of events for LLMNR usage is as follows:
[1] DNS servers are not configured or do not respond to a [1] DNS servers are not configured or do not respond to a
query, or respond with RCODE=3, or RCODE=0 and an empty DNS query, or respond with RCODE=3, or RCODE=0 and an
answer section. empty answer section.
[2] An LLMNR sender sends an LLMNR query to the link-scope multicast [2] An LLMNR sender sends an LLMNR query to the link-scope multicast
address(es) defined in Section 2.4, unless a unicast query is address(es) defined in Section 2.4, unless a unicast query is
indicated. A sender SHOULD send LLMNR queries for PTR RRs indicated. A sender SHOULD send LLMNR queries for PTR RRs
via unicast, as specified in Section 2.3. via unicast, as specified in Section 2.3.
[3] A responder responds to this query only if it is authoritative [3] A responder responds to this query only if it is authoritative
for the domain name in the query. A responder responds to a for the domain name in the query. A responder responds to a
multicast query by sending a unicast UDP response to the sender. multicast query by sending a unicast UDP response to the sender.
Unicast queries are responded to as indicated in Section 2.3. Unicast queries are responded to as indicated in Section 2.3.
skipping to change at page 5, line 31 skipping to change at page 5, line 39
[4] Upon the reception of the response, the sender performs the checks [4] Upon the reception of the response, the sender performs the checks
described in Section 2.5. If these conditions are met, then the described in Section 2.5. If these conditions are met, then the
sender uses and caches the returned response. If not, then the sender uses and caches the returned response. If not, then the
sender ignores the response and continues waiting for the response. sender ignores the response and continues waiting for the response.
Further details of sender and responder behavior are provided in the Further details of sender and responder behavior are provided in the
sections that follow. sections that follow.
2.1. Sender behavior 2.1. Sender behavior
A sender sends an LLMNR query for any legal resource record type (e.g. An LLMNR query is composed in exactly the same manner and with the same
A/AAAA, SRV, PTR, etc.) to the link-scope multicast address. As packet format as a DNS query as specified in [RFC1035]. The RD
(Recursion Desired) bit MUST NOT be set in a query.
A sender may send an LLMNR query for any legal resource record type
(e.g. A, AAAA, SRV, etc.) to the link-scope multicast address. As
described in Section 2.3, a sender may also send a unicast query. described in Section 2.3, a sender may also send a unicast query.
Sections 2 and 3 describe the circumstances in which LLMNR queries may Sections 2 and 3 describe the circumstances in which LLMNR queries may
be sent. be sent.
The RD (Recursion Desired) bit MUST NOT be set in a query. If a
responder receives a query with the header containing RD set bit, the
responder MUST ignore the RD bit.
The sender MUST anticipate receiving no replies to some LLMNR queries, The sender MUST anticipate receiving no replies to some LLMNR queries,
in the event that no responders are available within the link-scope or in the event that no responders are available within the link-scope or
in the event no positive non-null responses exist for the transmitted in the event no positive non-null responses exist for the transmitted
query. If no positive response is received, a resolver treats it as a query. If no positive response is received, a resolver treats it as a
response that no records of the specified type and class exist for the response that no records of the specified type and class exist for the
specified name (it is treated the same as a response with RCODE=0 and an specified name (it is treated the same as a response with RCODE=0 and an
empty answer section). empty answer section).
2.2. Responder behavior 2.2. Responder behavior
A response to an LLMNR query is composed in exactly the same manner and
with the same packet format as a response to a DNS query as specified in
[RFC1035].
Upon configuring an IP address responders typically will synthesize
corresponding A, AAAA and PTR RRs so as to be able to respond to LLMNR
queries for these RRs. However, in general whether RRs are manually or
automatically created is an implementation decision.
Responders MUST NOT respond using cached data, and the AA (Authoritative
Answer) bit MUST be set. The response MUST be sent to the sender via
unicast. If a responder receives a query with the header containing RD
set bit, the responder MUST ignore the RD bit.
A responder MUST listen on UDP port TBD on the link-scope multicast A responder MUST listen on UDP port TBD on the link-scope multicast
address(es) defined in Section 2.4 and on UDP and TCP port TBD on the address(es) defined in Section 2.4 and on UDP and TCP port TBD on the
unicast address(es) that could be set as the source address(es) when the unicast address(es) that could be set as the source address(es) when the
responder responds to the LLMNR query. A host configured as a responder responder responds to the LLMNR query.
MUST act as a sender to verify the uniqueness of names as described in
Section 4.
Responders MUST NOT respond to LLMNR queries for names they are not Responders MUST NOT respond to LLMNR queries for names they are not
authoritative for. Responders SHOULD respond to LLMNR queries for names authoritative for. Responders SHOULD respond to LLMNR queries for names
and addresses they are authoritative for. This applies to both forward and addresses they are authoritative for. This applies to both forward
and reverse lookups. and reverse lookups.
As an example, a computer "foo.example.com." configured to respond to A response to an LLMNR query MUST have RCODE set to zero. Responses
LLMNR queries is authoritative for the name "foo.example.com.". On with RCODE set to zero are referred to in this document as "positively
receiving an LLMNR A/AAAA resource record query for the name resolved". LLMNR responders may respond only to queries which they can
"foo.example.com." the host authoritatively responds with A/AAAA resolve positively. If a responder is authoritative for a name, it MAY
record(s) that contain IP address(es) in the RDATA of the resource respond with RCODE=0 and an empty answer section, if the type of query
record. does not match a RR owned by the responder.
If a responder is authoritative for a name, it MAY respond with RCODE=0 As an example, a host configured to respond to LLMNR queries for the
and an empty answer section, if the type of query does not match a RR name "foo.example.com." is authoritative for the name
owned by the responder. For example, if the responder has a AAAA RR, "foo.example.com.". On receiving an LLMNR query for an A RR with the
but no A RR, and an A RR query is received, the responder would respond name "foo.example.com." the host authoritatively responds with A RR(s)
with RCODE=0 and an empty answer section. that contain IP address(es) in the RDATA of the resource record. If the
responder owns a AAAA RR, but no A RR, and an A RR query is received,
the responder would respond with RCODE=0 and an empty answer section.
If a DNS server is running on a host that supports LLMNR, the DNS server If a DNS server is running on a host that supports LLMNR, the DNS server
MUST respond to LLMNR queries only for the RRSets relating to the host MUST respond to LLMNR queries only for the RRSets relating to the host
on which the server is running, but MUST NOT respond for other records on which the server is running, but MUST NOT respond for other records
for which the server is authoritative. for which the server is authoritative. DNS servers also MUST NOT send
LLMNR queries in order to resolve DNS queries they receive from DNS
clients.
In conventional DNS terminology a DNS server authoritative for a zone is In conventional DNS terminology a DNS server authoritative for a zone is
authoritative for all the domain names under the zone root except for authoritative for all the domain names under the zone root except for
the branches delegated into separate zones. Contrary to conventional the branches delegated into separate zones. Contrary to conventional
DNS terminology, an LLMNR responder is authoritative only for the zone DNS terminology, an LLMNR responder is authoritative only for the zone
root. root.
For example the host "foo.example.com." is not authoritative for the For example the host "foo.example.com." is not authoritative for the
name "child.foo.example.com." unless the host is configured with name "child.foo.example.com." unless the host is configured with
multiple names, including "foo.example.com." and multiple names, including "foo.example.com." and
"child.foo.example.com.". As a result, "foo.example.com." cannot reply "child.foo.example.com.". As a result, "foo.example.com." cannot reply
to a query for "child.foo.example.com." with RCODE=3 (authoritative name to an LLMNR query for "child.foo.example.com." with RCODE=3
error). The purpose of limiting the name authority scope of a responder (authoritative name error). The purpose of limiting the name authority
is to prevent complications that could be caused by coexistence of two scope of a responder is to prevent complications that could be caused by
or more hosts with the names representing child and parent (or coexistence of two or more hosts with the names representing child and
grandparent) nodes in the DNS tree, for example, "foo.example.com." and parent (or grandparent) nodes in the DNS tree, for example,
"child.foo.example.com.". "foo.example.com." and "child.foo.example.com.".
In this example (unless this limitation is introduced) an LLMNR query In this example (unless this limitation is introduced) an LLMNR query
for an A resource record for the name "child.foo.example.com." would for an A resource record for the name "child.foo.example.com." would
result in two authoritative responses: RCODE=3 (authoritative name result in two authoritative responses: RCODE=3 (authoritative name
error) received from "foo.example.com.", and a requested A record - from error) received from "foo.example.com.", and a requested A record - from
"child.foo.example.com.". To prevent this ambiguity, LLMNR enabled "child.foo.example.com.". To prevent this ambiguity, LLMNR enabled
hosts could perform a dynamic update of the parent (or grandparent) zone hosts could perform a dynamic update of the parent (or grandparent) zone
with a delegation to a child zone. In this example a host with a delegation to a child zone. In this example a host
"child.foo.example.com." would send a dynamic update for the NS and glue "child.foo.example.com." would send a dynamic update for the NS and glue
A record to "foo.example.com.", but this approach significantly A record to "foo.example.com.", but this approach significantly
complicates implementation of LLMNR and would not be acceptable for complicates implementation of LLMNR and would not be acceptable for
lightweight hosts. lightweight hosts.
A response to a LLMNR query is composed in exactly the same manner as a
response to the unicast DNS query as specified in [RFC1035]. Responders
MUST NOT respond using cached data, and the AA (Authoritative Answer)
bit MUST be set. The response is sent to the sender via unicast. A
response to an LLMNR query MUST have RCODE set to zero. Responses with
RCODE set to zero are referred to in this document as "positively
resolved". LLMNR responders may respond only to queries which they can
resolve positively.
2.3. Unicast queries and responses 2.3. Unicast queries and responses
Unicast queries SHOULD be sent when: Unicast queries SHOULD be sent when:
a. A sender repeats a query after it received a response a. A sender repeats a query after it received a response
with the TC bit set to the previous LLMNR multicast query, or with the TC bit set to the previous LLMNR multicast query, or
b. The sender queries for a PTR RR of a fully formed IP address b. The sender queries for a PTR RR of a fully formed IP address
within the "in-addr.arpa" or "ip6.arpa" zones. within the "in-addr.arpa" or "ip6.arpa" zones.
skipping to change at page 7, line 37 skipping to change at page 8, line 4
a. A sender repeats a query after it received a response a. A sender repeats a query after it received a response
with the TC bit set to the previous LLMNR multicast query, or with the TC bit set to the previous LLMNR multicast query, or
b. The sender queries for a PTR RR of a fully formed IP address b. The sender queries for a PTR RR of a fully formed IP address
within the "in-addr.arpa" or "ip6.arpa" zones. within the "in-addr.arpa" or "ip6.arpa" zones.
If a TC (truncation) bit is set in the response, then the sender MAY use If a TC (truncation) bit is set in the response, then the sender MAY use
the response if it contains all necessary information, or the sender MAY the response if it contains all necessary information, or the sender MAY
discard the response and resend the query over TCP using the unicast discard the response and resend the query over TCP using the unicast
address of the responder. The RA (Recursion Available) bit in the address of the responder. The RA (Recursion Available) bit in the
header of the response MUST NOT be set. If the RA bit is set in the header of the response MUST NOT be set. If the RA bit is set in the
response header, the sender MUST ignore the RA bit. response header, the sender MUST ignore the RA bit.
Unicast LLMNR queries SHOULD be sent using TCP. Responses to TCP Unicast LLMNR queries SHOULD be sent using TCP. Responses to TCP
unicast LLMNR queries MUST be sent using TCP, using the same connection unicast LLMNR queries MUST be sent using TCP, using the same connection
as the query. If the sender of a TCP query receives a response not as the query. If the sender of a TCP query receives a response not
using TCP, the response MUST be silently discarded. Unicast UDP queries using TCP, the response MUST be silently discarded.
MAY be responded to with a UDP response containing an empty answer
section and the TC bit set, so as to require the sender to resend the Unicast UDP queries MAY be responded to with a UDP response containing
query using TCP. Senders MUST support sending TCP queries, and an empty answer section and the TC bit set, so as to require the sender
Responders MUST support listening for TCP queries. The Responder SHOULD to resend the query using TCP. Senders MUST support sending TCP
set the TTL or Hop Limit settings on the TCP listen socket to one (1) so queries, and Responders MUST support listening for TCP queries. The
that SYN-ACK packets will have TTL (IPv4) or Hop Limit (IPv6) set to one Responder SHOULD set the TTL or Hop Limit settings on the TCP listen
(1). This prevents an incoming connection from off-link since the socket to one (1) so that SYN-ACK packets will have TTL (IPv4) or Hop
Sender will not receive a SYN-ACK from the Responder. Limit (IPv6) set to one (1). This prevents an incoming connection from
off-link since the Sender will not receive a SYN-ACK from the Responder.
If an ICMP "Time Exceeded" message is received in response to a unicast If an ICMP "Time Exceeded" message is received in response to a unicast
UDP query, or if TCP connection setup cannot be completed in order to UDP query, or if TCP connection setup cannot be completed in order to
send a unicast TCP query, this is treated as a response that no records send a unicast TCP query, this is treated as a response that no records
of the specified type and class exist for the specified name (it is of the specified type and class exist for the specified name (it is
treated the same as a response with RCODE=0 and an empty answer treated the same as a response with RCODE=0 and an empty answer
section). The UDP sender receiving an ICMP "Time Exceeded" message section). The UDP sender receiving an ICMP "Time Exceeded" message
SHOULD verify that the ICMP error payload contains a valid LLMNR query SHOULD verify that the ICMP error payload contains a valid LLMNR query
packet, which matches a query that is currently in progress, so as to packet, which matches a query that is currently in progress, so as to
guard against a potential Denial of Service (DoS) attack. If a match guard against a potential Denial of Service (DoS) attack. If a match
skipping to change at page 8, line 27 skipping to change at page 8, line 44
2.4. Addressing 2.4. Addressing
IPv4 administratively scoped multicast usage is specified in IPv4 administratively scoped multicast usage is specified in
"Administratively Scoped IP Multicast" [RFC2365]. The IPv4 link-scope "Administratively Scoped IP Multicast" [RFC2365]. The IPv4 link-scope
multicast address a given responder listens to, and to which a sender multicast address a given responder listens to, and to which a sender
sends queries, is TBD. The IPv6 link-scope multicast address a given sends queries, is TBD. The IPv6 link-scope multicast address a given
responder listens to, and to which a sender sends all queries, is TBD. responder listens to, and to which a sender sends all queries, is TBD.
2.5. Off-link detection 2.5. Off-link detection
For IPv4, an "on link" address is defined as a link-local address
[IPv4Link] or an address whose prefix belongs to a subnet on the local
link. For IPv6 [RFC2460] an "on link" address is either a link-local
address, defined in [RFC2373], or an address whose prefix belongs to a
subnet on the local link.
A sender MUST select a source address for LLMNR queries that is "on A sender MUST select a source address for LLMNR queries that is "on
link". The destination address of an LLMNR query MUST be a link-scope link". The destination address of an LLMNR query MUST be a link-scope
multicast address or an "on link" unicast address. multicast address or an "on link" unicast address.
A responder MUST select a source address for responses that is "on A responder MUST select a source address for responses that is "on
link". The destination address of an LLMNR response MUST be an "on link". The destination address of an LLMNR response MUST be an "on link"
link" unicast address. On receiving an LLMNR query, the responder MUST unicast address.
check whether it was sent to a LLMNR multicast addresses defined in
Section 2.4. If it was sent to another multicast address, then the
query MUST be silently discarded.
For IPv4, an "on link" address is defined as a link-local address or an On receiving an LLMNR query, the responder MUST check whether it was
address whose prefix belongs to a subnet on the local link. For IPv6 sent to a LLMNR multicast addresses defined in Section 2.4. If it was
[RFC2460] an "on link" address is either a link-local address, defined sent to another multicast address, then the query MUST be silently
in [RFC2373], or an address whose prefix belongs to a subnet on the discarded.
local link. A sender SHOULD prefer RRs including reachable addresses
where RRs involving both reachable and unreachable addresses are A sender SHOULD prefer RRs including reachable addresses where RRs
returned in response to a query. involving both reachable and unreachable addresses are returned in
response to a query.
In composing LLMNR queries, the sender MUST set the Hop Limit field in In composing LLMNR queries, the sender MUST set the Hop Limit field in
the IPv6 header and the TTL field in IPv4 header of the response to one the IPv6 header and the TTL field in IPv4 header of the response to one
(1). Even when LLMNR queries are sent to a link-scope multicast (1). Even when LLMNR queries are sent to a link-scope multicast
address, it is possible that some routers may not properly implement address, it is possible that some routers may not properly implement
link-scope multicast, or that link-scope multicast addresses may leak link-scope multicast, or that link-scope multicast addresses may leak
into the multicast routing system. Therefore setting the IPv6 Hop Limit into the multicast routing system. Therefore setting the IPv6 Hop Limit
or IPv4 TTL field to one provides an additional precaution against or IPv4 TTL field to one provides an additional precaution against
leakage of LLMNR queries. leakage of LLMNR queries.
In composing a response to an LLMNR query, the responder MUST set the In composing a response to an LLMNR query, the responder MUST set the
Hop Limit field in the IPv6 header and the TTL field in IPv4 header of Hop Limit field in the IPv6 header and the TTL field in IPv4 header of
the response to one (1). This is done so as to prevent the use of LLMNR the response to one (1). This is done so as to prevent the use of LLMNR
for denial of service attacks across the Internet. for denial of service attacks across the Internet.
Implementation note: Implementation note:
In the sockets API for IPv4, the IP_TTL and IP_MULTICAST_TTL socket In the sockets API for IPv4 [POSIX], the IP_TTL and IP_MULTICAST_TTL
options are used to set the TTL of outgoing unicast and multicast socket options are used to set the TTL of outgoing unicast and
packets. The IP_RECVTTL socket option is available on some platforms multicast packets. The IP_RECVTTL socket option is available on some
to retrieve the IPv4 TTL of received packets with recvmsg(). platforms to retrieve the IPv4 TTL of received packets with
[RFC2292] specifies similar options for setting and retrieving the recvmsg(). [RFC2292] specifies similar options for setting and
IPv6 Hop Limit. retrieving the IPv6 Hop Limit.
2.6. Retransmissions 2.6. Retransmissions
In order to avoid synchronization, LLMNR queries and responses are In order to avoid synchronization, LLMNR queries and responses are
delayed by a time randomly selected from the interval 0 to 200 ms. delayed by a time randomly selected from the interval 0 to 200 ms.
If an LLMNR query sent over UDP is not resolved within the timeout If an LLMNR query sent over UDP is not resolved within the timeout
interval (LLMNR_TIMEOUT), then a sender MAY repeat the transmission of interval (LLMNR_TIMEOUT), then a sender MAY repeat the transmission of
the query in order to assure that it was received by a host capable of the query in order to assure that it was received by a host capable of
responding to it. Retransmission of UDP queries SHOULD NOT be attempted responding to it. Retransmission of UDP queries SHOULD NOT be attempted
skipping to change at page 9, line 41 skipping to change at page 10, line 13
retransmission is handled by the transport layer. retransmission is handled by the transport layer.
Since a multicast query sender cannot know beforehand whether it will Since a multicast query sender cannot know beforehand whether it will
receive no response, one response, or more than one response, it SHOULD receive no response, one response, or more than one response, it SHOULD
wait for LLMNR_TIMEOUT in order to collect all possible responses, wait for LLMNR_TIMEOUT in order to collect all possible responses,
rather than considering the multicast query answered after the first rather than considering the multicast query answered after the first
response is received. A unicast query sender considers the query response is received. A unicast query sender considers the query
answered after the first response is received, so that it only waits for answered after the first response is received, so that it only waits for
LLMNR_TIMEOUT if no response has been received. LLMNR_TIMEOUT if no response has been received.
LLMNR implementations SHOULD dynamically estimate the timeout value LLMNR implementations SHOULD dynamically compute the timeout value
(LLMNR_TIMEOUT) based on the last response received for a query, on a (LLMNR_TIMEOUT). It is suggested that this be based on the last
per-interface basis. The algorithms described in [RFC2988] are response received for a query, on a per-interface basis. For example,
suggested (including exponential backoff). Smaller values of the algorithms described in [RFC2988] (including exponential backoff)
RTOinitial, RTOmin and RTOmax MAY be used. Recommended values are may be used to estimate RTO, which when combined with jittering, is used
RTOinitial=1 second, RTOmin=200ms, RTOmax=20 seconds. as the value of LLMNR_TIMEOUT. Smaller values MAY be used for the
initial RTO (discussed in Section 2 of [RFC2988], paragraph 2.1), the
minimum RTO (discussed in Section 2 of [RFC2988], paragraph 2.4), and
the maximum RTO (discussed in Section 2 of [RFC2988], paragraph 2.5).
Recommended values are an initial RTO of 1 second, a minimum RTO of
200ms, and a maximum RTO of 20 seconds.
2.7. DNS TTL 2.7. DNS TTL
The responder should use a pre-configured TTL value in the records The responder should use a pre-configured TTL value in the records
returned in the LLMNR query response. A default value of 0 is returned in the LLMNR query response. A default value of 0 is
recommended in highly dynamic environments (such as mobile ad-hoc recommended in highly dynamic environments (such as mobile ad-hoc
networks). In less dynamic environments, LLMNR traffic can be reduced networks). In less dynamic environments, LLMNR traffic can be reduced
by setting the TTL to a higher value. by setting the TTL to a higher value.
Due to the TTL minimalization necessary when caching an RRset, all TTLs Due to the TTL minimalization necessary when caching an RRset, all TTLs
in an RRset MUST be set to the same value. in an RRset MUST be set to the same value.
2.8. Use of the authority and additional sections 2.8. Use of the authority and additional sections
Unlike the DNS, LLMNR is a peer-to-peer protocol and does not have a Unlike the DNS, LLMNR is a peer-to-peer protocol and does not have a
concept of delegation. In LLMNR, the NS resource record type may be concept of delegation. In LLMNR, the NS resource record type may be
skipping to change at page 10, line 16 skipping to change at page 10, line 41
by setting the TTL to a higher value. by setting the TTL to a higher value.
Due to the TTL minimalization necessary when caching an RRset, all TTLs Due to the TTL minimalization necessary when caching an RRset, all TTLs
in an RRset MUST be set to the same value. in an RRset MUST be set to the same value.
2.8. Use of the authority and additional sections 2.8. Use of the authority and additional sections
Unlike the DNS, LLMNR is a peer-to-peer protocol and does not have a Unlike the DNS, LLMNR is a peer-to-peer protocol and does not have a
concept of delegation. In LLMNR, the NS resource record type may be concept of delegation. In LLMNR, the NS resource record type may be
stored and queried for like any other type, but it has no special stored and queried for like any other type, but it has no special
delegation semantics as it does in the DNS. Responders MAY have NS delegation semantics as it does in the DNS. Responders MAY own NS
records associated with the names for which they are authoritative, but records associated with the names for which they are authoritative, but
they SHOULD NOT include these NS records in the authority sections of they SHOULD NOT include these NS records in the authority sections of
responses. responses.
Responders SHOULD insert an SOA record into the authority section of a Responders SHOULD insert an SOA record into the authority section of a
negative response, to facilitate negative caching as specified in negative response, to facilitate negative caching as specified in
[RFC2308]. The owner name of of this SOA record MUST be equal to the [RFC2308]. The owner name of this SOA record MUST be equal to the query
query name. name.
Responders SHOULD NOT perform DNS additional section processing. Responders SHOULD NOT perform DNS additional section processing.
Senders MUST NOT cache RRs from the authority or additional section of a Senders MUST NOT cache RRs from the authority or additional section of a
response as answers, though they may be used for other purposes such as response as answers, though they may be used for other purposes such as
negative caching. negative caching.
3. Usage model 3. Usage model
Since LLMNR is a secondary name resolution mechanism, its usage is in Since LLMNR is a secondary name resolution mechanism, its usage is in
skipping to change at page 11, line 51 skipping to change at page 12, line 27
Since IPv4 and IPv6 utilize distinct configuration mechanisms, it is Since IPv4 and IPv6 utilize distinct configuration mechanisms, it is
possible for a dual stack host to be configured with the address of a possible for a dual stack host to be configured with the address of a
DNS server over IPv4, while remaining unconfigured with a DNS server DNS server over IPv4, while remaining unconfigured with a DNS server
suitable for use over IPv6. suitable for use over IPv6.
In these situations, a dual stack host will send AAAA queries to the In these situations, a dual stack host will send AAAA queries to the
configured DNS server over IPv4. However, an IPv6-only host configured DNS server over IPv4. However, an IPv6-only host
unconfigured with a DNS server suitable for use over IPv6 will be unable unconfigured with a DNS server suitable for use over IPv6 will be unable
to resolve names using DNS. Automatic IPv6 DNS configuration mechanisms to resolve names using DNS. Automatic IPv6 DNS configuration mechanisms
(such as [DHCPv6DNS] and [DNSDisc]) are not yet widely deployed, and not (such as [RFC3315] and [DNSDisc]) are not yet widely deployed, and not
all DNS servers support IPv6. Therefore lack of IPv6 DNS configuration all DNS servers support IPv6. Therefore lack of IPv6 DNS configuration
may be a common problem in the short term, and LLMNR may prove useful in may be a common problem in the short term, and LLMNR may prove useful in
enabling linklocal name resolution over IPv6. enabling linklocal name resolution over IPv6.
Where a DHCPv4 server is available but not a DHCPv6 server [DHCPv6DNS], Where a DHCPv4 server is available but not a DHCPv6 server [RFC3315],
IPv6-only hosts may not be configured with a DNS server. Where there is IPv6-only hosts may not be configured with a DNS server. Where there is
no DNS server authoritative for the name of a host or the authoritative no DNS server authoritative for the name of a host or the authoritative
DNS server does not support dynamic client update over IPv6 or DNS server does not support dynamic client update over IPv6 or
DHCPv6-based dynamic update, then an IPv6-only host will not be able to DHCPv6-based dynamic update, then an IPv6-only host will not be able to
do DNS dynamic update, and other hosts will not be able to resolve its do DNS dynamic update, and other hosts will not be able to resolve its
name. name.
For example, if the configured DNS server responds to AAAA RR queries For example, if the configured DNS server responds to AAAA RR queries
sent over IPv4 or IPv6 with an authoritative name error (RCODE=3), then sent over IPv4 or IPv6 with an authoritative name error (RCODE=3), then
it will not be possible to resolve the names of IPv6-only hosts. In it will not be possible to resolve the names of IPv6-only hosts. In
skipping to change at page 13, line 4 skipping to change at page 13, line 30
DHCP servers can fail. As a result, hosts configured prior to the DHCP servers can fail. As a result, hosts configured prior to the
outage will be configured with a DNS server, while hosts configured outage will be configured with a DNS server, while hosts configured
after the outage will not. Alternatively, it is possible for the DNS after the outage will not. Alternatively, it is possible for the DNS
configuration mechanism to continue functioning while configured DNS configuration mechanism to continue functioning while configured DNS
servers fail. servers fail.
Unless unconfigured hosts periodically retry configuration, an outage in Unless unconfigured hosts periodically retry configuration, an outage in
the DNS configuration mechanism will result in hosts continuing to use the DNS configuration mechanism will result in hosts continuing to use
LLMNR even once the outage is repaired. Since LLMNR only enables LLMNR even once the outage is repaired. Since LLMNR only enables
linklocal name resolution, this represents an unnecessary degradation in linklocal name resolution, this represents an unnecessary degradation in
capabilities. As a result, it is recommended that hosts without a capabilities. As a result, it is recommended that hosts without a
configured DNS server periodically attempt to obtain DNS configuration. configured DNS server periodically attempt to obtain DNS configuration.
A default retry interval of one (1) minute is RECOMMENDED. A default retry interval of one (1) minute is RECOMMENDED.
4. Conflict resolution 4. Conflict resolution
The sender MUST anticipate receiving multiple replies to the same LLMNR The sender MUST anticipate receiving multiple replies to the same LLMNR
query, in the event that several LLMNR enabled computers receive the query, in the event that several LLMNR enabled computers receive the
query and respond with valid answers. When this occurs, the responses query and respond with valid answers. When this occurs, the responses
MAY first be concatenated, and then treated in the same manner that may first be concatenated, and then treated in the same manner that
multiple RRs received from the same DNS server would; the sender multiple RRs received from the same DNS server would; the sender
perceives no inherent conflict in the receipt of multiple responses. perceives no inherent conflict in the receipt of multiple responses.
There are some scenarios when multiple responders MAY respond to the There are some scenarios when multiple responders MAY respond to the
same query. There are other scenarios when only one responder MAY same query. There are other scenarios when only one responder MAY
respond to a query. Resource records for which the latter queries are respond to a query. Resource records for which the latter queries are
submitted are referred as UNIQUE throughout this document. The submitted are referred as UNIQUE throughout this document. The
uniqueness of a resource record depends on a nature of the name in the uniqueness of a resource record depends on a nature of the name in the
query and type of the query. For example it is expected that: query and type of the query. For example it is expected that:
skipping to change at page 17, line 21 skipping to change at page 17, line 48
Utilizing a TTL of one (1) in LLMNR responses ensures that they will not Utilizing a TTL of one (1) in LLMNR responses ensures that they will not
be forwarded off-link. Using a TTL of one (1) to set up a TCP connection be forwarded off-link. Using a TTL of one (1) to set up a TCP connection
in order to send a unicast LLMNR query reduces the likelihood of both in order to send a unicast LLMNR query reduces the likelihood of both
denial of service attacks and spoofed responses. Checking that an LLMNR denial of service attacks and spoofed responses. Checking that an LLMNR
query is sent to a link-scope multicast address should prevent spoofing query is sent to a link-scope multicast address should prevent spoofing
of multicast queries by off-link attackers. of multicast queries by off-link attackers.
While this limits the ability of off-link attackers to spoof LLMNR While this limits the ability of off-link attackers to spoof LLMNR
queries and responses, it does not eliminate it. For example, it is queries and responses, it does not eliminate it. For example, it is
possible for an attacker to spoof a response to a frequent query (such possible for an attacker to spoof a response to a frequent query (such
as an A/AAAA query for a popular Internet host), and by using a TTL or as an A or AAAA query for a popular Internet host), and by using a TTL
Hop Limit field larger than one (1), for the forged response to reach or Hop Limit field larger than one (1), for the forged response to reach
the LLMNR sender. There also are scenarios such as public "hotspots" the LLMNR sender.
where attackers can be present on the same link.
These threats are most serious in wireless networks such as 802.11, There also are scenarios such as public "hotspots" where attackers can
since attackers on a wired network will require physical access to the
home network, while wireless attackers may reside outside the home. be present on the same link. These threats are most serious in wireless
Link-layer security can be of assistance against these threats if it is networks such as 802.11, since attackers on a wired network will require
available. physical access to the home network, while wireless attackers may reside
outside the home. Link-layer security can be of assistance against
these threats if it is available.
5.2. Usage restriction 5.2. Usage restriction
As noted in Sections 2 and 3, LLMNR is intended for usage in a limited As noted in Sections 2 and 3, LLMNR is intended for usage in a limited
set of scenarios. set of scenarios.
If an LLMNR query is sent whenever a DNS server does not respond in a If an LLMNR query is sent whenever a DNS server does not respond in a
timely way, then an attacker can poison the LLMNR cache by responding to timely way, then an attacker can poison the LLMNR cache by responding to
the query with incorrect information. To some extent, these the query with incorrect information. To some extent, these
vulnerabilities exist today, since DNS response spoofing tools are vulnerabilities exist today, since DNS response spoofing tools are
skipping to change at page 19, line 45 skipping to change at page 20, line 19
2535, March 1999. 2535, March 1999.
[RFC2988] Paxson, V. and M. Allman, "Computing TCP's Retransmission [RFC2988] Paxson, V. and M. Allman, "Computing TCP's Retransmission
Timer", RFC 2988, November 2000. Timer", RFC 2988, November 2000.
7.2. Informative References 7.2. Informative References
[RFC1536] Kumar, A., et. al., "DNS Implementation Errors and Suggested [RFC1536] Kumar, A., et. al., "DNS Implementation Errors and Suggested
Fixes", RFC 1536, October 1993. Fixes", RFC 1536, October 1993.
[RFC2136] Vixie, P., et al., "Dynamic Updates in the Domain Name System [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
(DNS UPDATE)", RFC 2136, April 1997. March 1997.
[RFC2136] Vixie, P., Thomson, S., Rekhter, Y. and J. Bound, "Dynamic
Updates in the Domain Name System (DNS UPDATE)", RFC 2136,
April 1997.
[RFC2292] Stevens, W. and M. Thomas, "Advanced Sockets API for IPv6", [RFC2292] Stevens, W. and M. Thomas, "Advanced Sockets API for IPv6",
RFC 2292, February 1998. RFC 2292, February 1998.
[RFC2553] Gilligan, R., Thomson, S., Bound, J. and W. Stevens, "Basic [RFC2553] Gilligan, R., Thomson, S., Bound, J. and W. Stevens, "Basic
Socket Interface Extensions for IPv6", RFC 2553, March 1999. Socket Interface Extensions for IPv6", RFC 2553, March 1999.
[RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC [RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC
2937, September 2000. 2937, September 2000.
[DHCPv6DNS] [RFC3315] Droms, R., et al., "Dynamic Host Configuration Protocol for
Droms, R., "A Guide to Implementing Stateless DHCPv6 Service", IPv6 (DHCPv6)", RFC 3315, July 2003.
Internet draft (work in progress), draft-droms-
dhcpv6-stateless-guide-01.txt, October 2002.
[DNSPerf] Jung, J., et al., "DNS Performance and the Effectiveness of [DNSPerf] Jung, J., et al., "DNS Performance and the Effectiveness of
Caching", IEEE/ACM Transactions on Networking, Volume 10, Caching", IEEE/ACM Transactions on Networking, Volume 10,
Number 5, pp. 589, October 2002. Number 5, pp. 589, October 2002.
[DNSDisc] Durand, A., Hagino, I. and D. Thaler, "Well known site local [DNSDisc] Durand, A., Hagino, I. and D. Thaler, "Well known site local
unicast addresses to communicate with recursive DNS servers", unicast addresses to communicate with recursive DNS servers",
Internet draft (work in progress), draft-ietf-ipv6-dns- Internet draft (work in progress), draft-ietf-ipv6-dns-
discovery-07.txt, October 2002. discovery-07.txt, October 2002.
[IPV4Link] [IPV4Link]
Cheshire, S., Aboba, B. and E. Guttman, "Dynamic Configuration Cheshire, S., Aboba, B. and E. Guttman, "Dynamic Configuration
of IPv4 Link-Local Addresses", Internet draft (work in of IPv4 Link-Local Addresses", Internet draft (work in
progress), draft-ietf-zeroconf-ipv4-linklocal-10.txt, October progress), draft-ietf-zeroconf-ipv4-linklocal-10.txt, October
2003. 2003.
[POSIX] IEEE Std. 1003.1-2001 Standard for Information Technology --
Portable Operating System Interface (POSIX). Open Group
Technical Standard: Base Specifications, Issue 6, December
2001. ISO/IEC 9945:2002. http://www.opengroup.org/austin
[LLMNREnable] [LLMNREnable]
Guttman, E., "DHCP LLMNR Enable Option", Internet draft (work Guttman, E., "DHCP LLMNR Enable Option", Internet draft (work
in progress), draft-guttman-mdns-enable-02.txt, April 2002. in progress), draft-guttman-mdns-enable-02.txt, April 2002.
[NodeInfo] [NodeInfo]
Crawford, M., "IPv6 Node Information Queries", Internet draft Crawford, M., "IPv6 Node Information Queries", Internet draft
(work in progress), draft-ietf-ipn-gwg-icmp-name- (work in progress), draft-ietf-ipn-gwg-icmp-name-
lookups-09.txt, May 2002. lookups-09.txt, May 2002.
Acknowledgments Acknowledgments
skipping to change at page 22, line 37 skipping to change at page 23, line 14
Open Issues Open Issues
Open issues with this specification are tracked on the following web Open issues with this specification are tracked on the following web
site: site:
http://www.drizzle.com/~aboba/DNSEXT/llmnrissues.html http://www.drizzle.com/~aboba/DNSEXT/llmnrissues.html
Expiration Date Expiration Date
This memo is filed as <draft-ietf-dnsext-mdns-25.txt>, and expires May This memo is filed as <draft-ietf-dnsext-mdns-26.txt>, and expires
22, 2004. June 22, 2004.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/