draft-ietf-dnsext-mdns-26.txt   draft-ietf-dnsext-mdns-27.txt 
DNSEXT Working Group Levon Esibov DNSEXT Working Group Levon Esibov
INTERNET-DRAFT Bernard Aboba INTERNET-DRAFT Bernard Aboba
Category: Standards Track Dave Thaler Category: Standards Track Dave Thaler
<draft-ietf-dnsext-mdns-26.txt> Microsoft <draft-ietf-dnsext-mdns-27.txt> Microsoft
11 December 2003 17 December 2003
Linklocal Multicast Name Resolution (LLMNR) Linklocal Multicast Name Resolution (LLMNR)
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC 2026. provisions of Section 10 of RFC 2026.
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts. may also distribute working documents as Internet-Drafts.
skipping to change at page 2, line 8 skipping to change at page 2, line 8
separate port from DNS, and with a distinct resolver cache. separate port from DNS, and with a distinct resolver cache.
The goal of LLMNR is to enable name resolution in scenarios in which The goal of LLMNR is to enable name resolution in scenarios in which
conventional DNS name resolution is not possible. Since LLMNR only conventional DNS name resolution is not possible. Since LLMNR only
operates on the local link, it cannot be considered a substitute for operates on the local link, it cannot be considered a substitute for
DNS. DNS.
Table of Contents Table of Contents
1. Introduction .......................................... 3 1. Introduction .......................................... 3
1.1 Requirements .................................... 4 1.1 Requirements .................................... 3
1.2 Terminology ..................................... 4 1.2 Terminology ..................................... 4
2. Name resolution using LLMNR ........................... 4 2. Name resolution using LLMNR ........................... 4
2.1 Sender behavior ................................. 5 2.1 Sender behavior ................................. 5
2.2 Responder behavior .............................. 6 2.2 Responder behavior .............................. 6
2.3 Unicast queries ................................. 7 2.3 Unicast queries ................................. 7
2.4 Addressing ...................................... 8 2.4 Off-link detection .............................. 8
2.5 Off-link detection .............................. 8 2.5 Responder responsibility ........................ 9
2.6 Retransmissions ................................. 9 2.6 Retransmissions ................................. 10
2.7 DNS TTL ......................................... 10 2.7 DNS TTL ......................................... 10
2.8 Use of the authority and additional sections .... 10 2.8 Use of the authority and additional sections .... 11
3. Usage model ........................................... 11 3. Usage model ........................................... 11
3.1 Responder responsibility ....................... 11 3.1 LLMNR configuration ............................. 12
3.2 LLMNR configuration ............................. 12
4. Conflict resolution ................................... 13 4. Conflict resolution ................................... 13
4.1 Considerations for multiple interfaces .......... 15 4.1 Considerations for multiple interfaces .......... 15
4.2 API issues ...................................... 16 4.2 API issues ...................................... 16
5. Security considerations ............................... 16 5. Security considerations ............................... 16
5.1 Scope restriction ............................... 17 5.1 Scope restriction ............................... 17
5.2 Usage restriction ............................... 18 5.2 Usage restriction ............................... 18
5.3 Cache and port separation ....................... 18 5.3 Cache and port separation ....................... 18
5.4 Authentication .................................. 19 5.4 Authentication .................................. 19
6. IANA considerations ................................... 19 6. IANA considerations ................................... 19
7. References ............................................ 19 7. References ............................................ 19
skipping to change at page 3, line 21 skipping to change at page 3, line 21
with a distinct resolver cache. with a distinct resolver cache.
The goal of LLMNR is to enable name resolution in scenarios in which The goal of LLMNR is to enable name resolution in scenarios in which
conventional DNS name resolution is not possible. These include conventional DNS name resolution is not possible. These include
scenarios in which hosts are not configured with the address of a DNS scenarios in which hosts are not configured with the address of a DNS
server, where configured DNS servers do not reply to a query, or where server, where configured DNS servers do not reply to a query, or where
they respond with errors, as described in Section 2. Since LLMNR only they respond with errors, as described in Section 2. Since LLMNR only
operates on the local link, it cannot be considered a substitute for operates on the local link, it cannot be considered a substitute for
DNS. DNS.
LLMNR queries are sent to and received on port TBD. Link-scope Link-scope multicast addresses are used to prevent propagation of LLMNR
multicast addresses are used to prevent propagation of LLMNR traffic traffic across routers, potentially flooding the network. LLMNR queries
across routers, potentially flooding the network; for details, see can also be sent to a unicast address, as described in Section 2.3.
Section 2.4. LLMNR queries can also be sent to a unicast address, as
described in Section 2.3.
Propagation of LLMNR packets on the local link is considered sufficient Propagation of LLMNR packets on the local link is considered sufficient
to enable name resolution in small networks. The assumption is that if to enable name resolution in small networks. The assumption is that if
a network has a gateway, then the network is able to provide DNS server a network has a gateway, then the network is able to provide DNS server
configuration. Configuration issues are discussed in Section 3.2. configuration. Configuration issues are discussed in Section 3.1.
In the future, it may be desirable to consider use of multicast name In the future, it may be desirable to consider use of multicast name
resolution with multicast scopes beyond the link-scope. This could resolution with multicast scopes beyond the link-scope. This could
occur if LLMNR deployment is successful, the need for multicast name occur if LLMNR deployment is successful, the need for multicast name
resolution beyond the link-scope, or multicast routing becomes resolution beyond the link-scope, or multicast routing becomes
ubiquitous. For example, expanded support for multicast name resolution ubiquitous. For example, expanded support for multicast name resolution
might be required for mobile ad-hoc networking scenarios, or where no might be required for mobile ad-hoc networking scenarios, or where no
DNS server is available that is authoritative for the names of local DNS server is available that is authoritative for the names of local
hosts, and can support dynamic DNS, such as in wireless hotspots. hosts, and can support dynamic DNS, such as in wireless hotspots.
skipping to change at page 4, line 10 skipping to change at page 4, line 4
Service discovery in general, as well as discovery of DNS servers using Service discovery in general, as well as discovery of DNS servers using
LLMNR in particular, is outside of the scope of this document, as is LLMNR in particular, is outside of the scope of this document, as is
name resolution over non-multicast capable media. name resolution over non-multicast capable media.
1.1. Requirements 1.1. Requirements
In this document, several words are used to signify the requirements of In this document, several words are used to signify the requirements of
the specification. These words are often capitalized. The key words the specification. These words are often capitalized. The key words
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD
NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in [RFC2119]. interpreted as described in [RFC2119].
1.2. Terminology 1.2. Terminology
This document assumes familiarity with DNS terminology defined in This document assumes familiarity with DNS terminology defined in
[RFC1035]. Other terminology used in this document includes: [RFC1035]. Other terminology used in this document includes:
Owner A host is said to be the owner of a Resource Record (RR) if it
is configured to respond to an LLMNR query for that RR.
Routable address Routable address
An address other than a Link-Local address. This includes An address other than a Link-Local address. This includes
globally routable addresses, as well as private addresses. globally routable addresses, as well as private addresses.
Responder A host that listens to LLMNR queries, and responds to those Responder A host that listens to LLMNR queries, and responds to those
for which it is authoritative. for which it is authoritative.
Sender A host that sends an LLMNR query. Sender A host that sends an LLMNR query.
2. Name resolution using LLMNR 2. Name resolution using LLMNR
LLMNR is a peer-to-peer name resolution protocol that is not intended as LLMNR is a peer-to-peer name resolution protocol that is not intended as
a replacement for DNS. This document does not specify how names are a replacement for DNS. LLMNR queries are sent to and received on port
chosen or configured. This may occur via any mechanism, including TBD. IPv4 administratively scoped multicast usage is specified in
DHCPv4 [RFC2131] or DHCPv6 [RFC3315]. "Administratively Scoped IP Multicast" [RFC2365]. The IPv4 link-scope
multicast address a given responder listens to, and to which a sender
sends queries, is TBD. The IPv6 link-scope multicast address a given
responder listens to, and to which a sender sends all queries, is TBD.
Typically a host is configured as both an LLMNR sender and a responder. Typically a host is configured as both an LLMNR sender and a responder.
A host MAY be configured as a sender, but not a responder. However, a A host MAY be configured as a sender, but not a responder. However, a
host configured as a responder MUST act as a sender to verify the host configured as a responder MUST act as a sender to verify the
uniqueness of names as described in Section 4. uniqueness of names as described in Section 4. This document does not
specify how names are chosen or configured. This may occur via any
mechanism, including DHCPv4 [RFC2131] or DHCPv6 [RFC3315].
LLMNR usage MAY be configured manually or automatically on a per LLMNR usage MAY be configured manually or automatically on a per
interface basis. By default, LLMNR responders SHOULD be enabled on all interface basis. By default, LLMNR responders SHOULD be enabled on all
interfaces, at all times. interfaces, at all times.
An LLMNR sender may send a request for any name. However, by default, An LLMNR sender may send a request for any name. However, by default,
LLMNR requests SHOULD be sent only when one of the following conditions LLMNR requests SHOULD be sent only when one of the following conditions
are met: are met:
[1] No manual or automatic DNS configuration has been performed. [1] No manual or automatic DNS configuration has been performed. If an
If an interface has been configured with DNS server address(es), interface has been configured with DNS server address(es), then
then LLMNR SHOULD NOT be used as the primary name resolution LLMNR SHOULD NOT be used as the primary name resolution mechanism
mechanism on that interface, although it MAY be used as a name on that interface, although it MAY be used as a name resolution
resolution mechanism of last resort. mechanism of last resort.
[2] DNS servers do not respond. [2] DNS servers do not respond.
[3] DNS servers respond to a DNS query with RCODE=3 [3] DNS servers respond to a DNS query with RCODE=3 (Authoritative Name
(Authoritative Name Error) or RCODE=0, and an empty Error) or RCODE=0, and an empty answer section.
answer section.
A typical sequence of events for LLMNR usage is as follows: A typical sequence of events for LLMNR usage is as follows:
[1] DNS servers are not configured or do not respond to a [a] DNS servers are not configured or do not respond to a DNS query, or
DNS query, or respond with RCODE=3, or RCODE=0 and an respond with RCODE=3, or RCODE=0 and an empty answer section.
empty answer section.
[2] An LLMNR sender sends an LLMNR query to the link-scope multicast [b] An LLMNR sender sends an LLMNR query to the link-scope multicast
address(es) defined in Section 2.4, unless a unicast query is address(es) defined in Section 2, unless a unicast query is
indicated. A sender SHOULD send LLMNR queries for PTR RRs indicated. A sender SHOULD send LLMNR queries for PTR RRs via
via unicast, as specified in Section 2.3. unicast, as specified in Section 2.3.
[3] A responder responds to this query only if it is authoritative [c] A responder responds to this query only if it is authoritative for
for the domain name in the query. A responder responds to a the domain name in the query. A responder responds to a multicast
multicast query by sending a unicast UDP response to the sender. query by sending a unicast UDP response to the sender. Unicast
Unicast queries are responded to as indicated in Section 2.3. queries are responded to as indicated in Section 2.3.
[4] Upon the reception of the response, the sender performs the checks [d] Upon reception of the response, the sender processes it.
described in Section 2.5. If these conditions are met, then the
sender uses and caches the returned response. If not, then the
sender ignores the response and continues waiting for the response.
Further details of sender and responder behavior are provided in the Further details of sender and responder behavior are provided in the
sections that follow. sections that follow.
2.1. Sender behavior 2.1. Sender behavior
An LLMNR query is composed in exactly the same manner and with the same An LLMNR query is composed in exactly the same manner and with the same
packet format as a DNS query as specified in [RFC1035]. The RD packet format as a DNS query as specified in [RFC1035]. The RD
(Recursion Desired) bit MUST NOT be set in a query. (Recursion Desired) bit MUST NOT be set in a query.
skipping to change at page 6, line 4 skipping to change at page 5, line 45
A sender may send an LLMNR query for any legal resource record type A sender may send an LLMNR query for any legal resource record type
(e.g. A, AAAA, SRV, etc.) to the link-scope multicast address. As (e.g. A, AAAA, SRV, etc.) to the link-scope multicast address. As
described in Section 2.3, a sender may also send a unicast query. described in Section 2.3, a sender may also send a unicast query.
Sections 2 and 3 describe the circumstances in which LLMNR queries may Sections 2 and 3 describe the circumstances in which LLMNR queries may
be sent. be sent.
The sender MUST anticipate receiving no replies to some LLMNR queries, The sender MUST anticipate receiving no replies to some LLMNR queries,
in the event that no responders are available within the link-scope or in the event that no responders are available within the link-scope or
in the event no positive non-null responses exist for the transmitted in the event no positive non-null responses exist for the transmitted
query. If no positive response is received, a resolver treats it as a query. If no positive response is received, a resolver treats it as a
response that no records of the specified type and class exist for the response that no records of the specified type and class exist for the
specified name (it is treated the same as a response with RCODE=0 and an specified name (it is treated the same as a response with RCODE=0 and an
empty answer section). empty answer section).
Since the responder may order the RRs in the response so as to indicate
preference, the sender SHOULD preserve ordering in the response to the
querying application.
2.2. Responder behavior 2.2. Responder behavior
A response to an LLMNR query is composed in exactly the same manner and A response to an LLMNR query is composed in exactly the same manner and
with the same packet format as a response to a DNS query as specified in with the same packet format as a response to a DNS query as specified in
[RFC1035]. [RFC1035]. The response MUST be sent to the sender via unicast.
Upon configuring an IP address responders typically will synthesize Upon configuring an IP address responders typically will synthesize
corresponding A, AAAA and PTR RRs so as to be able to respond to LLMNR corresponding A, AAAA and PTR RRs so as to be able to respond to LLMNR
queries for these RRs. However, in general whether RRs are manually or queries for these RRs. An SOA RR is synthesized only when a responder
has another RR as well; the SOA RR MUST NOT be the only RR that a
responder has. However, in general whether RRs are manually or
automatically created is an implementation decision. automatically created is an implementation decision.
Responders MUST NOT respond using cached data, and the AA (Authoritative In responding to queries:
Answer) bit MUST be set. The response MUST be sent to the sender via
unicast. If a responder receives a query with the header containing RD
set bit, the responder MUST ignore the RD bit.
A responder MUST listen on UDP port TBD on the link-scope multicast [a] Responders MUST NOT respond using cached data, and the AA
address(es) defined in Section 2.4 and on UDP and TCP port TBD on the (Authoritative Answer) bit MUST be set.
unicast address(es) that could be set as the source address(es) when the
responder responds to the LLMNR query.
Responders MUST NOT respond to LLMNR queries for names they are not [b] If a responder receives a query with the header containing the RD
authoritative for. Responders SHOULD respond to LLMNR queries for names bit set, the responder MUST ignore the RD bit.
and addresses they are authoritative for. This applies to both forward
and reverse lookups.
A response to an LLMNR query MUST have RCODE set to zero. Responses [c] Responders MUST listen on UDP port TBD on the link-scope multicast
with RCODE set to zero are referred to in this document as "positively address(es) defined in Section 2, and on UDP and TCP port TBD on
resolved". LLMNR responders may respond only to queries which they can the unicast address(es) that could be set as the source address(es)
resolve positively. If a responder is authoritative for a name, it MAY when the responder responds to the LLMNR query.
respond with RCODE=0 and an empty answer section, if the type of query
does not match a RR owned by the responder. [d] Responders MUST NOT respond to LLMNR queries for names they are not
authoritative for.
[e] A response to an LLMNR query MUST have RCODE set to zero.
Responses with RCODE set to zero are referred to in this document
as "positively resolved".
[f] Responders MUST respond to LLMNR queries for names and addresses
they are authoritative for. This applies to both forward and
reverse lookups.
[g] If a DNS server is running on a host that supports LLMNR, the DNS
server MUST respond to LLMNR queries only for the RRSets relating
to the host on which the server is running, but MUST NOT respond
for other records for which the server is authoritative. DNS
servers also MUST NOT send LLMNR queries in order to resolve DNS
queries.
[h] If a responder is authoritative for a name, it MAY respond with
RCODE=0 and an empty answer section, if the type of query does not
match a RR that the responder has.
As an example, a host configured to respond to LLMNR queries for the As an example, a host configured to respond to LLMNR queries for the
name "foo.example.com." is authoritative for the name name "foo.example.com." is authoritative for the name
"foo.example.com.". On receiving an LLMNR query for an A RR with the "foo.example.com.". On receiving an LLMNR query for an A RR with the
name "foo.example.com." the host authoritatively responds with A RR(s) name "foo.example.com." the host authoritatively responds with A RR(s)
that contain IP address(es) in the RDATA of the resource record. If the that contain IP address(es) in the RDATA of the resource record. If the
responder owns a AAAA RR, but no A RR, and an A RR query is received, responder has a AAAA RR, but no A RR, and an A RR query is received, the
the responder would respond with RCODE=0 and an empty answer section. responder would respond with RCODE=0 and an empty answer section.
If a DNS server is running on a host that supports LLMNR, the DNS server
MUST respond to LLMNR queries only for the RRSets relating to the host
on which the server is running, but MUST NOT respond for other records
for which the server is authoritative. DNS servers also MUST NOT send
LLMNR queries in order to resolve DNS queries they receive from DNS
clients.
In conventional DNS terminology a DNS server authoritative for a zone is In conventional DNS terminology a DNS server authoritative for a zone is
authoritative for all the domain names under the zone root except for authoritative for all the domain names under the zone appex except for
the branches delegated into separate zones. Contrary to conventional the branches delegated into separate zones. Contrary to conventional
DNS terminology, an LLMNR responder is authoritative only for the zone DNS terminology, an LLMNR responder is authoritative only for the zone
root. appex.
For example the host "foo.example.com." is not authoritative for the For example the host "foo.example.com." is not authoritative for the
name "child.foo.example.com." unless the host is configured with name "child.foo.example.com." unless the host is configured with
multiple names, including "foo.example.com." and multiple names, including "foo.example.com." and
"child.foo.example.com.". As a result, "foo.example.com." cannot reply "child.foo.example.com.". As a result, "foo.example.com." cannot reply
to an LLMNR query for "child.foo.example.com." with RCODE=3 to an LLMNR query for "child.foo.example.com." with RCODE=3
(authoritative name error). The purpose of limiting the name authority (authoritative name error). The purpose of limiting the name authority
scope of a responder is to prevent complications that could be caused by scope of a responder is to prevent complications that could be caused by
coexistence of two or more hosts with the names representing child and coexistence of two or more hosts with the names representing child and
parent (or grandparent) nodes in the DNS tree, for example, parent (or grandparent) nodes in the DNS tree, for example,
skipping to change at page 7, line 43 skipping to change at page 7, line 46
with a delegation to a child zone. In this example a host with a delegation to a child zone. In this example a host
"child.foo.example.com." would send a dynamic update for the NS and glue "child.foo.example.com." would send a dynamic update for the NS and glue
A record to "foo.example.com.", but this approach significantly A record to "foo.example.com.", but this approach significantly
complicates implementation of LLMNR and would not be acceptable for complicates implementation of LLMNR and would not be acceptable for
lightweight hosts. lightweight hosts.
2.3. Unicast queries and responses 2.3. Unicast queries and responses
Unicast queries SHOULD be sent when: Unicast queries SHOULD be sent when:
a. A sender repeats a query after it received a response [a] A sender repeats a query after it received a response with the TC
with the TC bit set to the previous LLMNR multicast query, or bit set to the previous LLMNR multicast query, or
b. The sender queries for a PTR RR of a fully formed IP address [b] The sender queries for a PTR RR of a fully formed IP address within
within the "in-addr.arpa" or "ip6.arpa" zones. the "in-addr.arpa" or "ip6.arpa" zones.
If a TC (truncation) bit is set in the response, then the sender MAY use If a TC (truncation) bit is set in the response, then the sender MAY use
the response if it contains all necessary information, or the sender MAY the response if it contains all necessary information, or the sender MAY
discard the response and resend the query over TCP using the unicast discard the response and resend the query over TCP using the unicast
address of the responder. The RA (Recursion Available) bit in the address of the responder. The RA (Recursion Available) bit in the
header of the response MUST NOT be set. If the RA bit is set in the header of the response MUST NOT be set. If the RA bit is set in the
response header, the sender MUST ignore the RA bit. response header, the sender MUST ignore the RA bit.
Unicast LLMNR queries SHOULD be sent using TCP. Responses to TCP Unicast LLMNR queries SHOULD be sent using TCP. Responses to TCP
unicast LLMNR queries MUST be sent using TCP, using the same connection unicast LLMNR queries MUST be sent using TCP, using the same connection
as the query. If the sender of a TCP query receives a response not as the query. If the sender of a TCP query receives a response to that
using TCP, the response MUST be silently discarded. query not using TCP, the response MUST be silently discarded.
Unicast UDP queries MAY be responded to with a UDP response containing Unicast UDP queries MAY be responded to with a UDP response containing
an empty answer section and the TC bit set, so as to require the sender an empty answer section and the TC bit set, so as to require the sender
to resend the query using TCP. Senders MUST support sending TCP to resend the query using TCP. Senders MUST support sending TCP
queries, and Responders MUST support listening for TCP queries. The queries, and Responders MUST support listening for TCP queries.
Responder SHOULD set the TTL or Hop Limit settings on the TCP listen
socket to one (1) so that SYN-ACK packets will have TTL (IPv4) or Hop
Limit (IPv6) set to one (1). This prevents an incoming connection from
off-link since the Sender will not receive a SYN-ACK from the Responder.
If an ICMP "Time Exceeded" message is received in response to a unicast If an ICMP "Time Exceeded" message is received in response to a unicast
UDP query, or if TCP connection setup cannot be completed in order to UDP query, or if TCP connection setup cannot be completed in order to
send a unicast TCP query, this is treated as a response that no records send a unicast TCP query, this is treated as a response that no records
of the specified type and class exist for the specified name (it is of the specified type and class exist for the specified name (it is
treated the same as a response with RCODE=0 and an empty answer treated the same as a response with RCODE=0 and an empty answer
section). The UDP sender receiving an ICMP "Time Exceeded" message section). The UDP sender receiving an ICMP "Time Exceeded" message
SHOULD verify that the ICMP error payload contains a valid LLMNR query SHOULD verify that the ICMP error payload contains a valid LLMNR query
packet, which matches a query that is currently in progress, so as to packet, which matches a query that is currently in progress, so as to
guard against a potential Denial of Service (DoS) attack. If a match guard against a potential Denial of Service (DoS) attack. If a match
cannot be made, then the sender relies on the retransmission and timeout cannot be made, then the sender relies on the retransmission and timeout
behavior described in Section 2.6. behavior described in Section 2.6.
2.4. Addressing 2.4. "Off link" detection
IPv4 administratively scoped multicast usage is specified in
"Administratively Scoped IP Multicast" [RFC2365]. The IPv4 link-scope
multicast address a given responder listens to, and to which a sender
sends queries, is TBD. The IPv6 link-scope multicast address a given
responder listens to, and to which a sender sends all queries, is TBD.
2.5. Off-link detection
For IPv4, an "on link" address is defined as a link-local address For IPv4, an "on link" address is defined as a link-local address
[IPv4Link] or an address whose prefix belongs to a subnet on the local [IPv4Link] or an address whose prefix belongs to a subnet on the local
link. For IPv6 [RFC2460] an "on link" address is either a link-local link. For IPv6 [RFC2460] an "on link" address is either a link-local
address, defined in [RFC2373], or an address whose prefix belongs to a address, defined in [RFC2373], or an address whose prefix belongs to a
subnet on the local link. subnet on the local link.
A sender MUST select a source address for LLMNR queries that is "on A sender MUST select a source address for LLMNR queries that is "on
link". The destination address of an LLMNR query MUST be a link-scope link". The destination address of an LLMNR query MUST be a link-scope
multicast address or an "on link" unicast address. multicast address or an "on link" unicast address.
A responder MUST select a source address for responses that is "on A responder MUST select a source address for responses that is "on
link". The destination address of an LLMNR response MUST be an "on link" link". The destination address of an LLMNR response MUST be an "on link"
unicast address. unicast address.
On receiving an LLMNR query, the responder MUST check whether it was On receiving an LLMNR query, the responder MUST check whether it was
sent to a LLMNR multicast addresses defined in Section 2.4. If it was sent to a LLMNR multicast addresses defined in Section 2. If it was
sent to another multicast address, then the query MUST be silently sent to another multicast address, then the query MUST be silently
discarded.
A sender SHOULD prefer RRs including reachable addresses where RRs discarded.
involving both reachable and unreachable addresses are returned in
response to a query.
In composing LLMNR queries, the sender MUST set the Hop Limit field in In composing LLMNR queries, the sender MUST set the Hop Limit field in
the IPv6 header and the TTL field in IPv4 header of the response to one the IPv6 header and the TTL field in IPv4 header of the response to one
(1). Even when LLMNR queries are sent to a link-scope multicast (1). Even when LLMNR queries are sent to a link-scope multicast
address, it is possible that some routers may not properly implement address, it is possible that some routers may not properly implement
link-scope multicast, or that link-scope multicast addresses may leak link-scope multicast, or that link-scope multicast addresses may leak
into the multicast routing system. Therefore setting the IPv6 Hop Limit into the multicast routing system. Therefore setting the IPv6 Hop Limit
or IPv4 TTL field to one provides an additional precaution against or IPv4 TTL field to one provides an additional precaution against
leakage of LLMNR queries. leakage of LLMNR queries.
In composing a response to an LLMNR query, the responder MUST set the In composing a response to an LLMNR query, the responder MUST set the
Hop Limit field in the IPv6 header and the TTL field in IPv4 header of Hop Limit field in the IPv6 header and the TTL field in IPv4 header of
the response to one (1). This is done so as to prevent the use of LLMNR the response to one (1). This is done so as to prevent the use of LLMNR
for denial of service attacks across the Internet. for denial of service attacks across the Internet.
Section 2.3 discusses use of TCP for LLMNR queries and responses. The
responder SHOULD set the TTL or Hop Limit settings on the TCP listen
socket to one (1) so that SYN-ACK packets will have TTL (IPv4) or Hop
Limit (IPv6) set to one (1). This prevents an incoming connection from
off-link since the sender will not receive a SYN-ACK from the responder.
Implementation note: Implementation note:
In the sockets API for IPv4 [POSIX], the IP_TTL and IP_MULTICAST_TTL In the sockets API for IPv4 [POSIX], the IP_TTL and IP_MULTICAST_TTL
socket options are used to set the TTL of outgoing unicast and socket options are used to set the TTL of outgoing unicast and
multicast packets. The IP_RECVTTL socket option is available on some multicast packets. The IP_RECVTTL socket option is available on some
platforms to retrieve the IPv4 TTL of received packets with platforms to retrieve the IPv4 TTL of received packets with
recvmsg(). [RFC2292] specifies similar options for setting and recvmsg(). [RFC2292] specifies similar options for setting and
retrieving the IPv6 Hop Limit. retrieving the IPv6 Hop Limit.
2.5. Responder responsibilities
It is the responsibility of the responder to ensure that RRs returned in
LLMNR responses MUST only include values that are valid on the local
interface, such as IPv4 or IPv6 addresses valid on the local link or
names defended using the mechanism described in Section 4. In
particular:
[a] If a link-scope IPv6 address is returned in a AAAA RR, that address
MUST be valid on the local link over which LLMNR is used.
[b] If an IPv4 address is returned, it MUST be reachable through the
link over which LLMNR is used.
[c] If a name is returned (for example in a CNAME, MX or SRV RR), the
name MUST be resolvable on the local link over which LLMNR is used.
Routable addresses MUST be included first in the response, if available.
This encourages use of routable address(es) for establishment of new
connections.
2.6. Retransmissions 2.6. Retransmissions
In order to avoid synchronization, LLMNR queries and responses are In order to avoid synchronization, LLMNR queries and responses are
delayed by a time randomly selected from the interval 0 to 200 ms. delayed by a time randomly selected from the interval 0 to 200 ms.
If an LLMNR query sent over UDP is not resolved within the timeout If an LLMNR query sent over UDP is not resolved within the timeout
interval (LLMNR_TIMEOUT), then a sender MAY repeat the transmission of interval (LLMNR_TIMEOUT), then a sender MAY repeat the transmission of
the query in order to assure that it was received by a host capable of the query in order to assure that it was received by a host capable of
responding to it. Retransmission of UDP queries SHOULD NOT be attempted responding to it. Retransmission of UDP queries SHOULD NOT be attempted
more than 3 times. Where LLMNR queries are sent using TCP, more than 3 times. Where LLMNR queries are sent using TCP,
skipping to change at page 10, line 28 skipping to change at page 10, line 44
as the value of LLMNR_TIMEOUT. Smaller values MAY be used for the as the value of LLMNR_TIMEOUT. Smaller values MAY be used for the
initial RTO (discussed in Section 2 of [RFC2988], paragraph 2.1), the initial RTO (discussed in Section 2 of [RFC2988], paragraph 2.1), the
minimum RTO (discussed in Section 2 of [RFC2988], paragraph 2.4), and minimum RTO (discussed in Section 2 of [RFC2988], paragraph 2.4), and
the maximum RTO (discussed in Section 2 of [RFC2988], paragraph 2.5). the maximum RTO (discussed in Section 2 of [RFC2988], paragraph 2.5).
Recommended values are an initial RTO of 1 second, a minimum RTO of Recommended values are an initial RTO of 1 second, a minimum RTO of
200ms, and a maximum RTO of 20 seconds. 200ms, and a maximum RTO of 20 seconds.
2.7. DNS TTL 2.7. DNS TTL
The responder should use a pre-configured TTL value in the records The responder should use a pre-configured TTL value in the records
returned in the LLMNR query response. A default value of 0 is returned in the LLMNR query response. A default value of 30 seconds is
recommended in highly dynamic environments (such as mobile ad-hoc RECOMMENDED. In highly dynamic environments (such as mobile ad-hoc
networks). In less dynamic environments, LLMNR traffic can be reduced networks), the TTL value may need to be reduced.
by setting the TTL to a higher value.
Due to the TTL minimalization necessary when caching an RRset, all TTLs Due to the TTL minimalization necessary when caching an RRset, all TTLs
in an RRset MUST be set to the same value. in an RRset MUST be set to the same value.
2.8. Use of the authority and additional sections 2.8. Use of the authority and additional sections
Unlike the DNS, LLMNR is a peer-to-peer protocol and does not have a Unlike the DNS, LLMNR is a peer-to-peer protocol and does not have a
concept of delegation. In LLMNR, the NS resource record type may be concept of delegation. In LLMNR, the NS resource record type may be
stored and queried for like any other type, but it has no special stored and queried for like any other type, but it has no special
delegation semantics as it does in the DNS. Responders MAY own NS delegation semantics as it does in the DNS. Responders MAY have NS
records associated with the names for which they are authoritative, but records associated with the names for which they are authoritative, but
they SHOULD NOT include these NS records in the authority sections of they SHOULD NOT include these NS records in the authority sections of
responses. responses.
Responders SHOULD insert an SOA record into the authority section of a Responders SHOULD insert an SOA record into the authority section of a
negative response, to facilitate negative caching as specified in negative response, to facilitate negative caching as specified in
[RFC2308]. The owner name of this SOA record MUST be equal to the query [RFC2308]. The owner name of this SOA record MUST be equal to the query
name. name.
Responders SHOULD NOT perform DNS additional section processing. Responders SHOULD NOT perform DNS additional section processing.
skipping to change at page 11, line 43 skipping to change at page 12, line 12
when they don't receive a response to a query. These policies are when they don't receive a response to a query. These policies are
likely to avoid unnecessary LLMNR queries. likely to avoid unnecessary LLMNR queries.
[RFC1536] Section 3 describes zero answer bugs, which if addressed will [RFC1536] Section 3 describes zero answer bugs, which if addressed will
also reduce unnecessary LLMNR queries. also reduce unnecessary LLMNR queries.
[RFC1536] Section 6 describes name error bugs and recommended searchlist [RFC1536] Section 6 describes name error bugs and recommended searchlist
processing that will reduce unnecessary RCODE=3 (authoritative name) processing that will reduce unnecessary RCODE=3 (authoritative name)
errors, thereby also reducing unnecessary LLMNR queries. errors, thereby also reducing unnecessary LLMNR queries.
3.1. Responder responsibilities 3.1. LLMNR configuration
It is the responsibility of the responder to ensure that RRs returned in
LLMNR responses MUST only include values that are valid on the local
interface, such as IPv4 or IPv6 addresses valid on the local link or
names defended using the mechanism described in Section 4. In
particular:
[1] If a link-scope IPv6 address is returned in a AAAA RR, that
address MUST be valid on the local link over which LLMNR is
used.
[2] If an IPv4 address is returned, it MUST be reachable through
the link over which LLMNR is used.
[3] If a name is returned (for example in a CNAME, MX
or SRV RR), the name MUST be valid on the local interface.
Routable addresses MUST be included first in the response, if available.
This encourages use of routable address(es) for establishment of new
connections.
3.2. LLMNR configuration
Since IPv4 and IPv6 utilize distinct configuration mechanisms, it is Since IPv4 and IPv6 utilize distinct configuration mechanisms, it is
possible for a dual stack host to be configured with the address of a possible for a dual stack host to be configured with the address of a
DNS server over IPv4, while remaining unconfigured with a DNS server DNS server over IPv4, while remaining unconfigured with a DNS server
suitable for use over IPv6. suitable for use over IPv6.
In these situations, a dual stack host will send AAAA queries to the In these situations, a dual stack host will send AAAA queries to the
configured DNS server over IPv4. However, an IPv6-only host configured DNS server over IPv4. However, an IPv6-only host
unconfigured with a DNS server suitable for use over IPv6 will be unable unconfigured with a DNS server suitable for use over IPv6 will be unable
to resolve names using DNS. Automatic IPv6 DNS configuration mechanisms to resolve names using DNS. Automatic IPv6 DNS configuration mechanisms
skipping to change at page 13, line 32 skipping to change at page 13, line 27
after the outage will not. Alternatively, it is possible for the DNS after the outage will not. Alternatively, it is possible for the DNS
configuration mechanism to continue functioning while configured DNS configuration mechanism to continue functioning while configured DNS
servers fail. servers fail.
Unless unconfigured hosts periodically retry configuration, an outage in Unless unconfigured hosts periodically retry configuration, an outage in
the DNS configuration mechanism will result in hosts continuing to use the DNS configuration mechanism will result in hosts continuing to use
LLMNR even once the outage is repaired. Since LLMNR only enables LLMNR even once the outage is repaired. Since LLMNR only enables
linklocal name resolution, this represents an unnecessary degradation in linklocal name resolution, this represents an unnecessary degradation in
capabilities. As a result, it is recommended that hosts without a capabilities. As a result, it is recommended that hosts without a
configured DNS server periodically attempt to obtain DNS configuration. configured DNS server periodically attempt to obtain DNS configuration.
A default retry interval of one (1) minute is RECOMMENDED. For example, where DHCP is used for DNS configuration, [RFC2131]
recommends a maximum retry interval of 64 seconds. In the absence of
other guidance, a default retry interval of one (1) minute is
RECOMMENDED.
4. Conflict resolution 4. Conflict resolution
The sender MUST anticipate receiving multiple replies to the same LLMNR The sender MUST anticipate receiving multiple replies to the same LLMNR
query, in the event that several LLMNR enabled computers receive the query, in the event that several LLMNR enabled computers receive the
query and respond with valid answers. When this occurs, the responses query and respond with valid answers. When this occurs, the responses
may first be concatenated, and then treated in the same manner that may first be concatenated, and then treated in the same manner that
multiple RRs received from the same DNS server would; the sender multiple RRs received from the same DNS server would; the sender
perceives no inherent conflict in the receipt of multiple responses. perceives no inherent conflict in the receipt of multiple responses.
skipping to change at page 14, line 11 skipping to change at page 14, line 9
- multiple hosts may respond to a query for an SRV type record - multiple hosts may respond to a query for an SRV type record
- multiple hosts may respond to a query for an A or AAAA type - multiple hosts may respond to a query for an A or AAAA type
record for a cluster name (assigned to multiple hosts in record for a cluster name (assigned to multiple hosts in
the cluster) the cluster)
- only a single host may respond to a query for an A or AAAA - only a single host may respond to a query for an A or AAAA
type record for a name. type record for a name.
Every responder that responds to an LLMNR query AND includes a UNIQUE Every responder that responds to an LLMNR query AND includes a UNIQUE
record in the response: record in the response:
1. MUST verify that there is no other host within the scope of the [1] MUST verify that there is no other host within the scope of the
LLMNR query propagation that can return a resource record LLMNR query propagation that can return a resource record for the
for the same name, type and class. same name, type and class.
2. MUST NOT include a UNIQUE resource record in the
response without having verified its uniqueness. [2] MUST NOT include a UNIQUE resource record in the response without
having verified its uniqueness.
Where a host is configured to issue LLMNR queries on more than one Where a host is configured to issue LLMNR queries on more than one
interface, each interface should have its own independent LLMNR cache. interface, each interface should have its own independent LLMNR cache.
For each UNIQUE resource record in a given interface's configuration, For each UNIQUE resource record in a given interface's configuration,
the host MUST verify resource record uniqueness on that interface. To the host MUST verify resource record uniqueness on that interface. To
accomplish this, the host MUST send an LLMNR query for each UNIQUE accomplish this, the host MUST send an LLMNR query for each UNIQUE
resource record, as described in Section 2.6. resource record, as described in Section 2.6.
By default, a host SHOULD be configured to behave as though all RRs are By default, a host SHOULD be configured to behave as though all RRs are
UNIQUE. Uniqueness verification is carried out when the host: UNIQUE. Uniqueness verification is carried out when the host:
- starts up or is rebooted - starts up or is rebooted
- wakes from sleep (if the network interface was inactive during sleep) - wakes from sleep (if the network interface was inactive during sleep)
- is configured to respond to the LLMNR queries on an interface - is configured to respond to the LLMNR queries on an interface
enabled for transmission and reception of IP traffic enabled for transmission and reception of IP traffic
- is configured to respond to the LLMNR queries using additional - is configured to respond to the LLMNR queries using additional
UNIQUE resource records UNIQUE resource records
When a host that owns a UNIQUE record receives an LLMNR query for that When a host that has a UNIQUE record receives an LLMNR query for that
record, the host MUST respond. After the client receives a response, it record, the host MUST respond. After the client receives a response, it
MUST check whether the response arrived on an interface different from MUST check whether the response arrived on an interface different from
the one on which the query was sent. If the response arrives on a the one on which the query was sent. If the response arrives on a
different interface, the client can use the UNIQUE resource record in different interface, the client can use the UNIQUE resource record in
response to LLMNR queries. If not, then it MUST NOT use the UNIQUE response to LLMNR queries. If not, then it MUST NOT use the UNIQUE
resource record in response to LLMNR queries. resource record in response to LLMNR queries.
The name conflict detection mechanism doesn't prevent name conflicts The name conflict detection mechanism doesn't prevent name conflicts
when previously partitioned segments are connected by a bridge. In order when previously partitioned segments are connected by a bridge. In order
to minimize the chance of conflicts in such a situation, it is to minimize the chance of conflicts in such a situation, it is
skipping to change at page 19, line 25 skipping to change at page 19, line 25
null-transform MAY be used to authenticate LLMNR responses. In a small null-transform MAY be used to authenticate LLMNR responses. In a small
network without a certificate authority, this can be most easily network without a certificate authority, this can be most easily
accomplished through configuration of a group pre-shared key for trusted accomplished through configuration of a group pre-shared key for trusted
hosts. hosts.
6. IANA Considerations 6. IANA Considerations
This specification does not create any new name spaces for IANA This specification does not create any new name spaces for IANA
administration. LLMNR requires allocation of a port TBD for both TCP administration. LLMNR requires allocation of a port TBD for both TCP
and UDP. Assignment of the same port for both transports is requested. and UDP. Assignment of the same port for both transports is requested.
LLMNR requires allocation of a link-scope multicast IPv4 address as well
as a link-scope multicast IPv6 address TBD. LLMNR requires allocation of a link-scope multicast IPv4 address TBD.
LLMNR also requires allocation of a link-scope multicast IPv6 address
TBD.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC1035] Mockapetris, P., "Domain Names - Implementation and [RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", RFC 1035, November 1987. Specification", RFC 1035, November 1987.
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992. April 1992.
skipping to change at page 23, line 14 skipping to change at page 23, line 18
Open Issues Open Issues
Open issues with this specification are tracked on the following web Open issues with this specification are tracked on the following web
site: site:
http://www.drizzle.com/~aboba/DNSEXT/llmnrissues.html http://www.drizzle.com/~aboba/DNSEXT/llmnrissues.html
Expiration Date Expiration Date
This memo is filed as <draft-ietf-dnsext-mdns-26.txt>, and expires This memo is filed as <draft-ietf-dnsext-mdns-27.txt>, and expires
June 22, 2004. June 22, 2004.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/