draft-ietf-dnsext-mdns-47.txt   rfc4795.txt 
DNSEXT Working Group Bernard Aboba Network Working Group B. Aboba
INTERNET-DRAFT Dave Thaler Request for Comments: 4795 D. Thaler
Category: Standards Track Levon Esibov Category: Informational L. Esibov
<draft-ietf-dnsext-mdns-47.txt> Microsoft Corporation Microsoft Corporation
13 August 2006 January 2007
Link-local Multicast Name Resolution (LLMNR)
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Link-Local Multicast Name Resolution (LLMNR)
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Status of This Memo
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This memo provides information for the Internet community. It does
http://www.ietf.org/ietf/1id-abstracts.txt. not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
The list of Internet-Draft Shadow Directories can be accessed at Copyright Notice
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 15, 2007. Copyright (C) The IETF Trust (2007).
Copyright Notice IESG Note
Copyright (C) The Internet Society 2006. This document was originally intended for advancement as a Proposed
Standard, but the IETF did not achieve consensus on the approach.
The document has had significant review and input. At time of
publication, early versions were implemented and deployed.
Abstract Abstract
The goal of Link-Local Multicast Name Resolution (LLMNR) is to enable The goal of Link-Local Multicast Name Resolution (LLMNR) is to enable
name resolution in scenarios in which conventional DNS name name resolution in scenarios in which conventional DNS name
resolution is not possible. LLMNR supports all current and future resolution is not possible. LLMNR supports all current and future
DNS formats, types and classes, while operating on a separate port DNS formats, types, and classes, while operating on a separate port
from DNS, and with a distinct resolver cache. Since LLMNR only from DNS, and with a distinct resolver cache. Since LLMNR only
operates on the local link, it cannot be considered a substitute for operates on the local link, it cannot be considered a substitute for
DNS. DNS.
Table of Contents Table of Contents
1. Introduction .......................................... 3 1. Introduction ....................................................3
1.1 Requirements .................................... 3 1.1. Requirements ...............................................3
1.2 Terminology ..................................... 4 1.2. Terminology ................................................4
2. Name Resolution Using LLMNR ........................... 4 2. Name Resolution Using LLMNR .....................................4
2.1 LLMNR Packet Format ............................. 5 2.1. LLMNR Packet Format ........................................5
2.2 Sender Behavior ................................. 8 2.1.1. LLMNR Header Format .................................5
2.3 Responder Behavior .............................. 8 2.2. Sender Behavior ............................................8
2.4 Unicast Queries and Responses ................... 11 2.3. Responder Behavior .........................................9
2.5 Off-link Detection .............................. 11 2.4. Unicast Queries and Responses .............................11
2.6 Responder Responsibilities ...................... 12 2.5. "Off-Link" Detection ......................................11
2.7 Retransmission and Jitter ....................... 13 2.6. Responder Responsibilities ................................12
2.8 RR TTL .......................................... 14 2.7. Retransmission and Jitter .................................13
2.9 Use of the Authority and Additional Sections .... 14 2.8. RR TTL ....................................................14
3. Usage model ........................................... 15 2.9. Use of the Authority and Additional Sections ..............14
3.1 LLMNR Configuration ............................. 16 3. Usage Model ....................................................15
4. Conflict Resolution ................................... 18 3.1. LLMNR Configuration .......................................17
4.1 Uniqueness Verification ......................... 18 4. Conflict Resolution ............................................18
4.2 Conflict Detection and Defense .................. 19 4.1. Uniqueness Verification ...................................19
4.3 Considerations for Multiple Interfaces .......... 20 4.2. Conflict Detection and Defense ............................20
4.4 API issues ...................................... 22 4.3. Considerations for Multiple Interfaces ....................21
5. Security Considerations ............................... 22 4.4. API Issues ................................................22
5.1 Denial of Service ............................... 22 5. Security Considerations ........................................23
5.2 Spoofing ...............,........................ 23 5.1. Denial of Service .........................................23
5.3 Authentication .................................. 24 5.2. Spoofing ..................................................24
5.4 Cache and Port Separation ....................... 24 5.3. Authentication ............................................25
6. IANA considerations ................................... 25 5.4. Cache and Port Separation .................................25
7. Constants ............................................. 25 6. IANA Considerations ............................................26
8. References ............................................ 25 7. Constants ......................................................26
8.1 Normative References ............................ 25 8. References .....................................................27
8.2 Informative References .......................... 26 8.1. Normative References ......................................27
Acknowledgments .............................................. 28 8.2. Informative References ....................................27
Authors' Addresses ........................................... 28 9. Acknowledgments ................................................29
Intellectual Property Statement .............................. 29
Disclaimer of Validity ....................................... 29
Copyright Statement .......................................... 29
1. Introduction 1. Introduction
This document discusses Link Local Multicast Name Resolution (LLMNR), This document discusses Link-Local Multicast Name Resolution (LLMNR),
which is based on the DNS packet format and supports all current and which is based on the DNS packet format and supports all current and
future DNS formats, types and classes. LLMNR operates on a separate future DNS formats, types, and classes. LLMNR operates on a separate
port from the Domain Name System (DNS), with a distinct resolver port from the Domain Name System (DNS), with a distinct resolver
cache. cache.
Since LLMNR only operates on the local link, it cannot be considered Since LLMNR only operates on the local link, it cannot be considered
a substitute for DNS. Link-scope multicast addresses are used to a substitute for DNS. Link-scope multicast addresses are used to
prevent propagation of LLMNR traffic across routers, potentially prevent propagation of LLMNR traffic across routers, potentially
flooding the network. LLMNR queries can also be sent to a unicast flooding the network. LLMNR queries can also be sent to a unicast
address, as described in Section 2.4. address, as described in Section 2.4.
Propagation of LLMNR packets on the local link is considered Propagation of LLMNR packets on the local link is considered
skipping to change at page 3, line 32 skipping to change at page 3, line 33
discussed in Section 3.1. discussed in Section 3.1.
In the future, it may be desirable to consider use of multicast name In the future, it may be desirable to consider use of multicast name
resolution with multicast scopes beyond the link-scope. This could resolution with multicast scopes beyond the link-scope. This could
occur if LLMNR deployment is successful, the need arises for occur if LLMNR deployment is successful, the need arises for
multicast name resolution beyond the link-scope, or multicast routing multicast name resolution beyond the link-scope, or multicast routing
becomes ubiquitous. For example, expanded support for multicast name becomes ubiquitous. For example, expanded support for multicast name
resolution might be required for mobile ad-hoc networks. resolution might be required for mobile ad-hoc networks.
Once we have experience in LLMNR deployment in terms of Once we have experience in LLMNR deployment in terms of
administrative issues, usability and impact on the network, it will administrative issues, usability, and impact on the network, it will
be possible to reevaluate which multicast scopes are appropriate for be possible to reevaluate which multicast scopes are appropriate for
use with multicast name resolution. IPv4 administratively scoped use with multicast name resolution. IPv4 administratively scoped
multicast usage is specified in "Administratively Scoped IP multicast usage is specified in "Administratively Scoped IP
Multicast" [RFC2365]. Multicast" [RFC2365].
Service discovery in general, as well as discovery of DNS servers Service discovery in general, as well as discovery of DNS servers
using LLMNR in particular, is outside of the scope of this document, using LLMNR in particular, is outside the scope of this document, as
as is name resolution over non-multicast capable media. is name resolution over non-multicast capable media.
1.1. Requirements 1.1. Requirements
In this document, several words are used to signify the requirements In this document, several words are used to signify the requirements
of the specification. The key words "MUST", "MUST NOT", "REQUIRED", of the specification. The key words "MUST", "MUST NOT", "REQUIRED",
"SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as described in and "OPTIONAL" in this document are to be interpreted as described in
[RFC2119]. [RFC2119].
1.2. Terminology 1.2. Terminology
This document assumes familiarity with DNS terminology defined in This document assumes familiarity with DNS terminology defined in
[RFC1035]. Other terminology used in this document includes: [RFC1035]. Other terminology used in this document includes:
Routable Address Routable Address An address other than a link-local address. This
An address other than a Link-Local address. This includes globally includes globally routable addresses, as well as
routable addresses, as well as private addresses. private addresses.
Reachable Reachable An LLMNR responder considers one of its addresses
An LLMNR responder considers one of its addresses reachable over a reachable over a link if it will respond to an
link if it will respond to an ARP or Neighbor Discovery query for Address Resolution Protocol (ARP) or Neighbor
that address received on that link. Discovery query for that address received on that
link.
Responder Responder A host that listens to LLMNR queries, and responds
A host that listens to LLMNR queries, and responds to those for to those for which it is authoritative.
which it is authoritative.
Sender Sender A host that sends an LLMNR query.
A host that sends an LLMNR query.
UNIQUE UNIQUE There are some scenarios when multiple responders
There are some scenarios when multiple responders may respond to may respond to the same query. There are other
the same query. There are other scenarios when only one responder scenarios when only one responder may respond to a
may respond to a query. Names for which only a single responder is query. Names for which only a single responder is
anticipated are referred to as UNIQUE. Name uniqueness is anticipated are referred to as UNIQUE. Name
configured on the responder, and therefore uniqueness verification uniqueness is configured on the responder, and
is the responder's responsibility. therefore uniqueness verification is the responder's
responsibility.
2. Name Resolution Using LLMNR 2. Name Resolution Using LLMNR
LLMNR queries are sent to and received on port 5355. The IPv4 link- LLMNR queries are sent to and received on port 5355. The IPv4 link-
scope multicast address a given responder listens to, and to which a scope multicast address a given responder listens to, and to which a
sender sends queries, is 224.0.0.252. The IPv6 link-scope multicast sender sends queries, is 224.0.0.252. The IPv6 link-scope multicast
address a given responder listens to, and to which a sender sends all address a given responder listens to, and to which a sender sends all
queries, is FF02:0:0:0:0:0:1:3. queries, is FF02:0:0:0:0:0:1:3.
Typically a host is configured as both an LLMNR sender and a Typically, a host is configured as both an LLMNR sender and a
responder. A host MAY be configured as a sender, but not a responder. A host MAY be configured as a sender, but not a
responder. However, a host configured as a responder MUST act as a responder. However, a host configured as a responder MUST act as a
sender, if only to verify the uniqueness of names as described in sender, if only to verify the uniqueness of names as described in
Section 4. This document does not specify how names are chosen or Section 4. This document does not specify how names are chosen or
configured. This may occur via any mechanism, including DHCPv4 configured. This may occur via any mechanism, including DHCPv4
[RFC2131] or DHCPv6 [RFC3315]. [RFC2131] or DHCPv6 [RFC3315].
A typical sequence of events for LLMNR usage is as follows: A typical sequence of events for LLMNR usage is as follows:
[a] An LLMNR sender sends an LLMNR query to the link-scope (a) An LLMNR sender sends an LLMNR query to the link-scope multicast
multicast address(es), unless a unicast query is indicated, address(es), unless a unicast query is indicated, as specified
as specified in Section 2.4. in Section 2.4.
[b] A responder responds to this query only if it is authoritative (b) A responder responds to this query only if it is authoritative
for the name in the query. A responder responds to a for the name in the query. A responder responds to a multicast
multicast query by sending a unicast UDP response to the sender. query by sending a unicast UDP response to the sender. Unicast
Unicast queries are responded to as indicated in Section 2.4. queries are responded to as indicated in Section 2.4.
[c] Upon reception of the response, the sender processes it. (c) Upon reception of the response, the sender processes it.
The sections that follow provide further details on sender and The sections that follow provide further details on sender and
responder behavior. responder behavior.
2.1. LLMNR Packet Format 2.1. LLMNR Packet Format
LLMNR is based on the DNS packet format defined in [RFC1035] Section LLMNR is based on the DNS packet format defined in [RFC1035] Section
4 for both queries and responses. LLMNR implementations SHOULD send 4 for both queries and responses. LLMNR implementations SHOULD send
UDP queries and responses only as large as are known to be UDP queries and responses only as large as are known to be
permissible without causing fragmentation. When in doubt a maximum permissible without causing fragmentation. When in doubt, a maximum
packet size of 512 octets SHOULD be used. LLMNR implementations MUST packet size of 512 octets SHOULD be used. LLMNR implementations MUST
accept UDP queries and responses as large as the smaller of the link accept UDP queries and responses as large as the smaller of the link
MTU or 9194 octets (Ethernet jumbo frame size of 9KB (9216) minus 22 MTU or 9194 octets (Ethernet jumbo frame size of 9KB (9216) minus 22
octets for the header, VLAN tag and CRC). octets for the header, VLAN tag and Cyclic Redundancy Check (CRC)).
2.1.1. LLMNR Header Format 2.1.1. LLMNR Header Format
LLMNR queries and responses utilize the DNS header format defined in LLMNR queries and responses utilize the DNS header format defined in
[RFC1035] with exceptions noted below: [RFC1035] with exceptions noted below:
1 1 1 1 1 1 1 1 1 1 1 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ID | | ID |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR| Opcode | C|TC| T| Z| Z| Z| Z| RCODE | |QR| Opcode | C|TC| T| Z| Z| Z| Z| RCODE |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| QDCOUNT | | QDCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ANCOUNT | | ANCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| NSCOUNT | | NSCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
| ARCOUNT | | ARCOUNT |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where: where:
ID A 16 bit identifier assigned by the program that generates any kind ID A 16-bit identifier assigned by the program that generates
of query. This identifier is copied from the query to the response any kind of query. This identifier is copied from the query
and can be used by the sender to match responses to outstanding to the response and can be used by the sender to match
queries. The ID field in a query SHOULD be set to a pseudo-random responses to outstanding queries. The ID field in a query
value. For advice on generation of pseudo-random values, please SHOULD be set to a pseudo-random value. For advice on
consult [RFC1750]. generation of pseudo-random values, please consult [RFC4086].
QR Query/Response. A one bit field, which if set indicates that the QR Query/Response. A 1-bit field, which, if set, indicates that
message is an LLMNR response; if clear then the message is an LLMNR the message is an LLMNR response; if clear, then the message
query. is an LLMNR query.
OPCODE OPCODE A 4-bit field that specifies the kind of query in this
A four bit field that specifies the kind of query in this message. message. This value is set by the originator of a query and
This value is set by the originator of a query and copied into the copied into the response. This specification defines the
response. This specification defines the behavior of standard behavior of standard queries and responses (opcode value of
queries and responses (opcode value of zero). Future zero). Future specifications may define the use of other
specifications may define the use of other opcodes with LLMNR. opcodes with LLMNR. LLMNR senders and responders MUST
LLMNR senders and responders MUST support standard queries (opcode support standard queries (opcode value of zero). LLMNR
value of zero). LLMNR queries with unsupported OPCODE values MUST queries with unsupported OPCODE values MUST be silently
be silently discarded by responders. discarded by responders.
C Conflict. When set within a query, the 'C'onflict bit indicates C Conflict. When set within a query, the 'C'onflict bit
that a sender has received multiple LLMNR responses to this query. indicates that a sender has received multiple LLMNR responses
In an LLMNR response, if the name is considered UNIQUE, then the to this query. In an LLMNR response, if the name is
'C' bit is clear, otherwise it is set. LLMNR senders do not considered UNIQUE, then the 'C' bit is clear; otherwise, it
retransmit queries with the 'C' bit set. Responders MUST NOT is set. LLMNR senders do not retransmit queries with the 'C'
respond to LLMNR queries with the 'C' bit set, but may start the bit set. Responders MUST NOT respond to LLMNR queries with
uniqueness verification process, as described in Section 4.2. the 'C' bit set, but may start the uniqueness verification
process, as described in Section 4.2.
TC TrunCation - specifies that this message was truncated due to TC TrunCation. The 'TC' bit specifies that this message was
length greater than that permitted on the transmission channel. truncated due to length greater than that permitted on the
The TC bit MUST NOT be set in an LLMNR query and if set is ignored transmission channel. The 'TC' bit MUST NOT be set in an
by an LLMNR responder. If the TC bit is set in an LLMNR response, LLMNR query and, if set, is ignored by an LLMNR responder.
then the sender SHOULD resend the LLMNR query over TCP using the If the 'TC' bit is set in an LLMNR response, then the sender
unicast address of the responder as the destination address. If SHOULD resend the LLMNR query over TCP using the unicast
the sender receives a response to the TCP query, then it SHOULD address of the responder as the destination address. If the
discard the UDP response with the TC bit set. See [RFC2181] and sender receives a response to the TCP query, then it SHOULD
Section 2.4 of this specification for further discussion of the TC discard the UDP response with the TC bit set. See [RFC2181]
bit. and Section 2.4 of this specification for further discussion
of the 'TC' bit.
T Tentative. The 'T'entative bit is set in a response if the T Tentative. The 'T'entative bit is set in a response if the
responder is authoritative for the name, but has not yet verified responder is authoritative for the name, but has not yet
the uniqueness of the name. A responder MUST ignore the 'T' bit in verified the uniqueness of the name. A responder MUST ignore
a query, if set. A response with the 'T' bit set is silently the 'T' bit in a query, if set. A response with the 'T' bit
discarded by the sender, except if it is a uniqueness query, in set is silently discarded by the sender, except if it is a
which case a conflict has been detected and a responder MUST uniqueness query, in which case, a conflict has been detected
resolve the conflict as described in Section 4.1. and a responder MUST resolve the conflict as described in
Section 4.1.
Z Reserved for future use. Implementations of this specification Z Reserved for future use. Implementations of this
MUST set these bits to zero in both queries and responses. If specification MUST set these bits to zero in both queries and
these bits are set in a LLMNR query or response, implementations of responses. If these bits are set in a LLMNR query or
this specification MUST ignore them. Since reserved bits could response, implementations of this specification MUST ignore
conceivably be used for different purposes than in DNS, them. Since reserved bits could conceivably be used for
implementors are advised not to enable processing of these bits in different purposes than in DNS, implementers are advised not
an LLMNR implementation starting from a DNS code base. to enable processing of these bits in an LLMNR implementation
starting from a DNS code base.
RCODE RCODE Response code. This 4-bit field is set as part of LLMNR
Response code -- this 4 bit field is set as part of LLMNR responses. In an LLMNR query, the sender MUST set RCODE to
responses. In an LLMNR query, the sender MUST set RCODE to zero; zero; the responder ignores the RCODE and assumes it to be
the responder ignores the RCODE and assumes it to be zero. The zero. The response to a multicast LLMNR query MUST have
response to a multicast LLMNR query MUST have RCODE set to zero. A RCODE set to zero. A sender MUST silently discard an LLMNR
sender MUST silently discard an LLMNR response with a non-zero response with a non-zero RCODE sent in response to a
RCODE sent in response to a multicast query. multicast query.
If an LLMNR responder is authoritative for the name in a multicast If an LLMNR responder is authoritative for the name in a
query, but an error is encountered, the responder SHOULD send an multicast query, but an error is encountered, the responder
LLMNR response with an RCODE of zero, no RRs in the answer section, SHOULD send an LLMNR response with an RCODE of zero, no RRs
and the TC bit set. This will cause the query to be resent using in the answer section, and the TC bit set. This will cause
TCP, and allow the inclusion of a non-zero RCODE in the response to the query to be resent using TCP, and allow the inclusion of
the TCP query. Responding with the TC bit set is preferable to not a non-zero RCODE in the response to the TCP query.
sending a response, since it enables errors to be diagnosed. This Responding with the TC bit set is preferable to not sending a
may be required, for example, when an LLMNR query includes a TSIG response, since it enables errors to be diagnosed. This may
RR in the additional section, and the responder encounters a be required, for example, when an LLMNR query includes a TSIG
problem that requires returning a non-zero RCODE. TSIG error RR in the additional section, and the responder encounters a
conditions defined in [RFC2845] include a TSIG RR in an problem that requires returning a non-zero RCODE. TSIG error
unacceptable position (RCODE=1) or a TSIG RR which does not conditions defined in [RFC2845] include a TSIG RR in an
validate (RCODE=9 with TSIG ERROR 17 (BADKEY) or 16 (BADSIG)). unacceptable position (RCODE=1) or a TSIG RR that does not
validate (RCODE=9 with TSIG ERROR 17 (BADKEY) or 16
(BADSIG)).
Since LLMNR responders only respond to LLMNR queries for names for Since LLMNR responders only respond to LLMNR queries for
which they are authoritative, LLMNR responders MUST NOT respond names for which they are authoritative, LLMNR responders MUST
with an RCODE of 3; instead, they should not respond at all. NOT respond with an RCODE of 3; instead, they should not
respond at all.
LLMNR implementations MUST support EDNS0 [RFC2671] and extended LLMNR implementations MUST support EDNS0 [RFC2671] and
RCODE values. extended RCODE values.
QDCOUNT QDCOUNT An unsigned 16-bit integer specifying the number of entries
An unsigned 16 bit integer specifying the number of entries in the in the question section. A sender MUST place only one
question section. A sender MUST place only one question into the question into the question section of an LLMNR query. LLMNR
question section of an LLMNR query. LLMNR responders MUST silently responders MUST silently discard LLMNR queries with QDCOUNT
discard LLMNR queries with QDCOUNT not equal to one. LLMNR senders not equal to one. LLMNR senders MUST silently discard LLMNR
MUST silently discard LLMNR responses with QDCOUNT not equal to responses with QDCOUNT not equal to one.
one.
ANCOUNT ANCOUNT An unsigned 16-bit integer specifying the number of resource
An unsigned 16 bit integer specifying the number of resource records in the answer section. LLMNR responders MUST
records in the answer section. LLMNR responders MUST silently silently discard LLMNR queries with ANCOUNT not equal to
discard LLMNR queries with ANCOUNT not equal to zero. zero.
NSCOUNT NSCOUNT An unsigned 16-bit integer specifying the number of name
An unsigned 16 bit integer specifying the number of name server server resource records in the authority records section.
resource records in the authority records section. Authority Authority record section processing is described in Section
record section processing is described in Section 2.9. LLMNR 2.9. LLMNR responders MUST silently discard LLMNR queries
responders MUST silently discard LLMNR queries with NSCOUNT not with NSCOUNT not equal to zero.
equal to zero.
ARCOUNT ARCOUNT An unsigned 16-bit integer specifying the number of resource
An unsigned 16 bit integer specifying the number of resource records in the additional records section. Additional record
records in the additional records section. Additional record section processing is described in Section 2.9.
section processing is described in Section 2.9.
2.2. Sender Behavior 2.2. Sender Behavior
A sender MAY send an LLMNR query for any legal resource record type A sender MAY send an LLMNR query for any legal resource record type
(e.g., A, AAAA, PTR, SRV, etc.) to the link-scope multicast address. (e.g., A, AAAA, PTR, SRV) to the link-scope multicast address. As
As described in Section 2.4, a sender MAY also send a unicast query. described in Section 2.4, a sender MAY also send a unicast query.
The sender MUST anticipate receiving no responses to some LLMNR The sender MUST anticipate receiving no responses to some LLMNR
queries, in the event that no responders are available within the queries, in the event that no responders are available within the
link-scope. If no response is received, a resolver treats it as a link-scope. If no response is received, a resolver treats it as a
response that the name does not exist (RCODE=3 is returned). A response that the name does not exist (RCODE=3 is returned). A
sender can handle duplicate responses by discarding responses with a sender can handle duplicate responses by discarding responses with a
source IP address and ID field that duplicate a response already source IP address and ID field that duplicate a response already
received. received.
When multiple valid LLMNR responses are received with the 'C' bit When multiple valid LLMNR responses are received with the 'C' bit
skipping to change at page 9, line 5 skipping to change at page 9, line 13
response to the querying application. response to the querying application.
2.3. Responder Behavior 2.3. Responder Behavior
An LLMNR response MUST be sent to the sender via unicast. An LLMNR response MUST be sent to the sender via unicast.
Upon configuring an IP address, responders typically will synthesize Upon configuring an IP address, responders typically will synthesize
corresponding A, AAAA and PTR RRs so as to be able to respond to corresponding A, AAAA and PTR RRs so as to be able to respond to
LLMNR queries for these RRs. An SOA RR is synthesized only when a LLMNR queries for these RRs. An SOA RR is synthesized only when a
responder has another RR in addition to the SOA RR; the SOA RR MUST responder has another RR in addition to the SOA RR; the SOA RR MUST
NOT be the only RR that a responder has. However, in general whether NOT be the only RR that a responder has. However, in general,
RRs are manually or automatically created is an implementation whether RRs are manually or automatically created is an
decision. implementation decision.
For example, a host configured to have computer name "host1" and to For example, a host configured to have computer name "host1" and to
be a member of the "example.com" domain, and with IPv4 address be a member of the "example.com" domain, with IPv4 address 192.0.2.1
192.0.2.1 and IPv6 address 2001:0DB8::1:2:3:FF:FE:4:5:6 might be and IPv6 address 2001:0DB8::1:2:3:FF:FE:4:5:6, might be authoritative
authoritative for the following records: for the following records:
host1. IN A 192.0.2.1 host1. IN A 192.0.2.1
IN AAAA 2001:0DB8::1:2:3:FF:FE:4:5:6 IN AAAA 2001:0DB8::1:2:3:FF:FE:4:5:6
host1.example.com. IN A 192.0.2.1 host1.example.com. IN A 192.0.2.1
IN AAAA 2001:0DB8::1:2:3:FF:FE:4:5:6 IN AAAA 2001:0DB8::1:2:3:FF:FE:4:5:6
1.2.0.192.in-addr.arpa. IN PTR host1. 1.2.0.192.in-addr.arpa. IN PTR host1.
IN PTR host1.example.com. IN PTR host1.example.com.
6.0.5.0.4.0.E.F.F.F.3.0.2.0.1.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2. 6.0.5.0.4.0.E.F.F.F.3.0.2.0.1.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.
ip6.arpa IN PTR host1. (line split for formatting reasons) ip6.arpa IN PTR host1. (line split for formatting reasons)
IN PTR host1.example.com. IN PTR host1.example.com.
An LLMNR responder might be further manually configured with the name An LLMNR responder might be further manually configured with the name
of a local mail server with an MX RR included in the "host1." and of a local mail server with an MX RR included in the "host1." and
"host1.example.com." records. "host1.example.com." records.
In responding to queries: In responding to queries:
[a] Responders MUST listen on UDP port 5355 on the link-scope multicast (a) Responders MUST listen on UDP port 5355 on the link-scope
address(es) defined in Section 2, and on TCP port 5355 on the multicast address(es) defined in Section 2, and on TCP port 5355
unicast address(es) that could be set as the source address(es) on the unicast address(es) that could be set as the source
when the responder responds to the LLMNR query. address(es) when the responder responds to the LLMNR query.
[b] Responders MUST direct responses to the port from which the query (b) Responders MUST direct responses to the port from which the
was sent. When queries are received via TCP this is an inherent query was sent. When queries are received via TCP, this is an
part of the transport protocol. For queries received by UDP the inherent part of the transport protocol. For queries received
responder MUST take note of the source port and use that as the by UDP, the responder MUST take note of the source port and use
destination port in the response. Responses MUST always be sent that as the destination port in the response. Responses MUST
from the port to which they were directed. always be sent from the port to which they were directed.
[c] Responders MUST respond to LLMNR queries for names and addresses (c) Responders MUST respond to LLMNR queries for names and addresses
they are authoritative for. This applies to both forward and for which they are authoritative. This applies to both forward
reverse lookups, with the exception of queries with the 'C' bit and reverse lookups, with the exception of queries with the 'C'
set, which do not elicit a response. bit set, which do not elicit a response.
[d] Responders MUST NOT respond to LLMNR queries for names they are not (d) Responders MUST NOT respond to LLMNR queries for names for which
authoritative for. they are not authoritative.
[e] Responders MUST NOT respond using data from the LLMNR or DNS (e) Responders MUST NOT respond using data from the LLMNR or DNS
resolver cache. resolver cache.
[f] If a responder is authoritative for a name, it MUST respond with (f) If a responder is authoritative for a name, it MUST respond with
RCODE=0 and an empty answer section, if the type of query does not RCODE=0 and an empty answer section, if the type of query does
match a RR that the responder has. not match an RR that the responder has.
As an example, a host configured to respond to LLMNR queries for the As an example, a host configured to respond to LLMNR queries for the
name "foo.example.com." is authoritative for the name name "foo.example.com." is authoritative for the name
"foo.example.com.". On receiving an LLMNR query for an A RR with the "foo.example.com.". On receiving an LLMNR query for an A RR with the
name "foo.example.com." the host authoritatively responds with A name "foo.example.com.", the host authoritatively responds with an A
RR(s) that contain IP address(es) in the RDATA of the resource RR(s) that contain IP address(es) in the RDATA of the resource
record. If the responder has a AAAA RR, but no A RR, and an A RR record. If the responder has an AAAA RR, but no A RR, and an A RR
query is received, the responder would respond with RCODE=0 and an query is received, the responder would respond with RCODE=0 and an
empty answer section. empty answer section.
In conventional DNS terminology a DNS server authoritative for a zone In conventional DNS terminology, a DNS server authoritative for a
is authoritative for all the domain names under the zone apex except zone is authoritative for all the domain names under the zone apex
for the branches delegated into separate zones. Contrary to except for the branches delegated into separate zones. Contrary to
conventional DNS terminology, an LLMNR responder is authoritative conventional DNS terminology, an LLMNR responder is authoritative
only for the zone apex. only for the zone apex.
For example the host "foo.example.com." is not authoritative for the For example, the host "foo.example.com." is not authoritative for the
name "child.foo.example.com." unless the host is configured with name "child.foo.example.com." unless the host is configured with
multiple names, including "foo.example.com." and multiple names, including "foo.example.com." and
"child.foo.example.com.". As a result, "foo.example.com." cannot "child.foo.example.com.". As a result, "foo.example.com." cannot
respond to an LLMNR query for "child.foo.example.com." with RCODE=3 respond to an LLMNR query for "child.foo.example.com." with RCODE=3
(authoritative name error). The purpose of limiting the name (authoritative name error). The purpose of limiting the name
authority scope of a responder is to prevent complications that could authority scope of a responder is to prevent complications that could
be caused by coexistence of two or more hosts with the names be caused by coexistence of two or more hosts with the names
representing child and parent (or grandparent) nodes in the DNS tree, representing child and parent (or grandparent) nodes in the DNS tree,
for example, "foo.example.com." and "child.foo.example.com.". for example, "foo.example.com." and "child.foo.example.com.".
Without the restriction on authority an LLMNR query for an A resource Without the restriction on authority, an LLMNR query for an A
record for the name "child.foo.example.com." would result in two resource record for the name "child.foo.example.com." would result in
authoritative responses: RCODE=3 (authoritative name error) received two authoritative responses: RCODE=3 (authoritative name error)
from "foo.example.com.", and a requested A record - from received from "foo.example.com.", and a requested A record from
"child.foo.example.com.". To prevent this ambiguity, LLMNR enabled "child.foo.example.com.". To prevent this ambiguity, LLMNR-enabled
hosts could perform a dynamic update of the parent (or grandparent) hosts could perform a dynamic update of the parent (or grandparent)
zone with a delegation to a child zone; for example a host zone with a delegation to a child zone; for example, a host
"child.foo.example.com." could send a dynamic update for the NS and "child.foo.example.com." could send a dynamic update for the NS and
glue A record to "foo.example.com.". However, this approach glue A record to "foo.example.com.". However, this approach
significantly complicates implementation of LLMNR and would not be significantly complicates implementation of LLMNR and would not be
acceptable for lightweight hosts. acceptable for lightweight hosts.
2.4. Unicast Queries and Responses 2.4. Unicast Queries and Responses
Unicast queries SHOULD be sent when: Unicast queries SHOULD be sent when:
[a] A sender repeats a query after it received a response (a) A sender repeats a query after it received a response with the TC
with the TC bit set to the previous LLMNR multicast query, or bit set to the previous LLMNR multicast query, or
[b] The sender queries for a PTR RR of a fully formed IP address (b) The sender queries for a PTR RR of a fully formed IP address
within the "in-addr.arpa" or "ip6.arpa" zones. within the "in-addr.arpa" or "ip6.arpa" zones.
Unicast LLMNR queries MUST be done using TCP and the responses MUST Unicast LLMNR queries MUST be done using TCP and the responses MUST
be sent using the same TCP connection as the query. Senders MUST be sent using the same TCP connection as the query. Senders MUST
support sending TCP queries, and responders MUST support listening support sending TCP queries, and responders MUST support listening
for TCP queries. If the sender of a TCP query receives a response to for TCP queries. If the sender of a TCP query receives a response to
that query not using TCP, the response MUST be silently discarded. that query not using TCP, the response MUST be silently discarded.
Unicast UDP queries MUST be silently discarded. Unicast UDP queries MUST be silently discarded.
A unicast PTR RR query for an off-link address will not elicit a A unicast PTR RR query for an off-link address will not elicit a
response, but instead an ICMP TTL or Hop Limit exceeded message will response, but instead, an ICMP Time to Live (TTL) or Hop Limit
be received. An implementation receiving an ICMP message in response exceeded message will be received. An implementation receiving an
to a TCP connection setup attempt can return immediately, treating ICMP message in response to a TCP connection setup attempt can return
this as a response that no such name exists (RCODE=3 is returned). immediately, treating this as a response that no such name exists
An implementation that cannot process ICMP messages MAY send (RCODE=3 is returned). An implementation that cannot process ICMP
multicast UDP queries for PTR RRs. Since TCP implementations will messages MAY send multicast UDP queries for PTR RRs. Since TCP
not retransmit prior to RTOmin, a considerable period will elapse implementations will not retransmit prior to RTOmin, a considerable
before TCP retransmits multiple times, resulting in a long timeout period will elapse before TCP retransmits multiple times, resulting
for TCP PTR RR queries sent to an off-link destination. in a long timeout for TCP PTR RR queries sent to an off-link
destination.
2.5. "Off link" Detection 2.5. "Off-Link" Detection
A sender MUST select a source address for LLMNR queries that is A sender MUST select a source address for LLMNR queries that is
assigned on the interface on which the query is sent. The assigned on the interface on which the query is sent. The
destination address of an LLMNR query MUST be a link-scope multicast destination address of an LLMNR query MUST be a link-scope multicast
address or a unicast address. address or a unicast address.
A responder MUST select a source address for responses that is A responder MUST select a source address for responses that is
assigned on the interface on which the query was received. The assigned on the interface on which the query was received. The
destination address of an LLMNR response MUST be a unicast address. destination address of an LLMNR response MUST be a unicast address.
On receiving an LLMNR query, the responder MUST check whether it was On receiving an LLMNR query, the responder MUST check whether it was
sent to a LLMNR multicast addresses defined in Section 2. If it was sent to an LLMNR multicast addresses defined in Section 2. If it was
sent to another multicast address, then the query MUST be silently sent to another multicast address, then the query MUST be silently
discarded. discarded.
Section 2.4 discusses use of TCP for LLMNR queries and responses. In Section 2.4 discusses use of TCP for LLMNR queries and responses. In
composing an LLMNR query using TCP, the sender MUST set the Hop Limit composing an LLMNR query using TCP, the sender MUST set the Hop Limit
field in the IPv6 header and the TTL field in the IPv4 header of the field in the IPv6 header and the TTL field in the IPv4 header of the
response to one (1). The responder SHOULD set the TTL or Hop Limit response to one (1). The responder SHOULD set the TTL or Hop Limit
settings on the TCP listen socket to one (1) so that SYN-ACK packets settings on the TCP listen socket to one (1) so that SYN-ACK packets
will have TTL (IPv4) or Hop Limit (IPv6) set to one (1). This will have TTL (IPv4) or Hop Limit (IPv6) set to one (1). This
prevents an incoming connection from off-link since the sender will prevents an incoming connection from off-link since the sender will
not receive a SYN-ACK from the responder. not receive a SYN-ACK from the responder.
For UDP queries and responses, the Hop Limit field in the IPv6 header For UDP queries and responses, the Hop Limit field in the IPv6 header
and the TTL field in the IPV4 header MAY be set to any value. and the TTL field in the IPV4 header MAY be set to any value.
However, it is RECOMMENDED that the value 255 be used for However, it is RECOMMENDED that the value 255 be used for
compatibility with early implementations of [RFC3927]. compatibility with early implementations of [RFC3927].
Implementation note: Implementation note:
In the sockets API for IPv4 [POSIX], the IP_TTL and In the sockets API for IPv4 [POSIX], the IP_TTL and
IP_MULTICAST_TTL socket options are used to set the TTL of IP_MULTICAST_TTL socket options are used to set the TTL of
outgoing unicast and multicast packets. The IP_RECVTTL socket outgoing unicast and multicast packets. The IP_RECVTTL socket
option is available on some platforms to retrieve the IPv4 TTL of option is available on some platforms to retrieve the IPv4 TTL of
received packets with recvmsg(). [RFC2292] specifies similar received packets with recvmsg(). [RFC3542] specifies similar
options for setting and retrieving the IPv6 Hop Limit. options for setting and retrieving the IPv6 Hop Limit.
2.6. Responder Responsibilities 2.6. Responder Responsibilities
It is the responsibility of the responder to ensure that RRs returned It is the responsibility of the responder to ensure that RRs returned
in LLMNR responses MUST only include values that are valid on the in LLMNR responses MUST only include values that are valid on the
local interface, such as IPv4 or IPv6 addresses valid on the local local interface, such as IPv4 or IPv6 addresses valid on the local
link or names defended using the mechanism described in Section 4. link or names defended using the mechanism described in Section 4.
IPv4 Link-Local addresses are defined in [RFC3927]. IPv6 Link-Local IPv4 Link-Local addresses are defined in [RFC3927]. IPv6 Link-Local
addresses are defined in [RFC2373]. In particular: addresses are defined in [RFC4291]. In particular:
[a] If a link-scope IPv6 address is returned in a AAAA RR,
that address MUST be valid on the local link over which
LLMNR is used.
[b] If an IPv4 address is returned, it MUST be reachable (a) If a link-scope IPv6 address is returned in a AAAA RR, that
through the link over which LLMNR is used. address MUST be valid on the local link over which LLMNR is used.
[c] If a name is returned (for example in a CNAME, MX (b) If an IPv4 address is returned, it MUST be reachable through the
or SRV RR), the name MUST be resolvable on the local
link over which LLMNR is used. link over which LLMNR is used.
(c) If a name is returned (for example in a CNAME, MX, or SRV RR),
the name MUST be resolvable on the local link over which LLMNR is
used.
Where multiple addresses represent valid responses to a query, the Where multiple addresses represent valid responses to a query, the
order in which the addresses are returned is as follows: order in which the addresses are returned is as follows:
[d] If the source address of the query is a link-scope address, (d) If the source address of the query is a link-scope address, then
then the responder SHOULD include a link-scope address first the responder SHOULD include a link-scope address first in the
in the response, if available. response, if available.
[e] If the source address of the query is a routable address, (e) If the source address of the query is a routable address, then
then the responder MUST include a routable address first the responder MUST include a routable address first in the
in the response, if available. response, if available.
2.7. Retransmission and Jitter 2.7. Retransmission and Jitter
An LLMNR sender uses the timeout interval LLMNR_TIMEOUT to determine An LLMNR sender uses the timeout interval LLMNR_TIMEOUT to determine
when to retransmit an LLMNR query. An LLMNR sender SHOULD either when to retransmit an LLMNR query. An LLMNR sender SHOULD either
estimate the LLMNR_TIMEOUT for each interface, or set a reasonably estimate the LLMNR_TIMEOUT for each interface or set a reasonably
high initial timeout. Suggested constants are described in Section high initial timeout. Suggested constants are described in Section
7. 7.
If an LLMNR query sent over UDP is not resolved within LLMNR_TIMEOUT, If an LLMNR query sent over UDP is not resolved within LLMNR_TIMEOUT,
then a sender SHOULD repeat the transmission of the query in order to then a sender SHOULD repeat the transmission of the query in order to
assure that it was received by a host capable of responding to it. ensure that it was received by a host capable of responding to it.
An LLMNR query SHOULD NOT be sent more than three times. An LLMNR query SHOULD NOT be sent more than three times.
Where LLMNR queries are sent using TCP, retransmission is handled by Where LLMNR queries are sent using TCP, retransmission is handled by
the transport layer. Queries with the 'C' bit set MUST be sent using the transport layer. Queries with the 'C' bit set MUST be sent using
multicast UDP and MUST NOT be retransmitted. multicast UDP and MUST NOT be retransmitted.
An LLMNR sender cannot know in advance if a query sent using An LLMNR sender cannot know in advance if a query sent using
multicast will receive no response, one response, or more than one multicast will receive no response, one response, or more than one
response. An LLMNR sender MUST wait for LLMNR_TIMEOUT if no response response. An LLMNR sender MUST wait for LLMNR_TIMEOUT if no response
has been received, or if it is necessary to collect all potential has been received, or if it is necessary to collect all potential
responses, such as if a uniqueness verification query is being made. responses, such as if a uniqueness verification query is being made.
Otherwise an LLMNR sender SHOULD consider a multicast query answered Otherwise, an LLMNR sender SHOULD consider a multicast query answered
after the first response is received, if that response has the 'C' after the first response is received, if that response has the 'C'
bit clear. bit clear.
However, if the first response has the 'C' bit set, then the sender However, if the first response has the 'C' bit set, then the sender
SHOULD wait for LLMNR_TIMEOUT + JITTER_INTERVAL in order to collect SHOULD wait for LLMNR_TIMEOUT + JITTER_INTERVAL in order to collect
all possible responses. When multiple valid answers are received, all possible responses. When multiple valid answers are received,
they may first be concatenated, and then treated in the same manner they may first be concatenated, and then treated in the same manner
that multiple RRs received from the same DNS server would. A unicast that multiple RRs received from the same DNS server would. A unicast
query sender considers the query answered after the first response is query sender considers the query answered after the first response is
received. received.
Since it is possible for a response with the 'C' bit clear to be Since it is possible for a response with the 'C' bit clear to be
followed by a response with the 'C' bit set, an LLMNR sender SHOULD followed by a response with the 'C' bit set, an LLMNR sender SHOULD
be prepared to process additional responses for the purposes of be prepared to process additional responses for the purposes of
conflict detection, even after it has considered a query answered. conflict detection, even after it has considered a query answered.
In order to avoid synchronization, the transmission of each LLMNR In order to avoid synchronization, the transmission of each LLMNR
query and response SHOULD delayed by a time randomly selected from query and response SHOULD be delayed by a time randomly selected from
the interval 0 to JITTER_INTERVAL. This delay MAY be avoided by the interval 0 to JITTER_INTERVAL. This delay MAY be avoided by
responders responding with names which they have previously responders responding with names that they have previously determined
determined to be UNIQUE (see Section 4 for details). to be UNIQUE (see Section 4 for details).
2.8. RR TTL 2.8. RR TTL
The responder should insert a pre-configured TTL value in the records The responder should insert a pre-configured TTL value in the records
returned in an LLMNR response. A default value of 30 seconds is returned in an LLMNR response. A default value of 30 seconds is
RECOMMENDED. In highly dynamic environments (such as mobile ad-hoc RECOMMENDED. In highly dynamic environments (such as mobile ad-hoc
networks), the TTL value may need to be reduced. networks), the TTL value may need to be reduced.
Due to the TTL minimalization necessary when caching an RRset, all Due to the TTL minimalization necessary when caching an RRset, all
TTLs in an RRset MUST be set to the same value. TTLs in an RRset MUST be set to the same value.
skipping to change at page 14, line 27 skipping to change at page 14, line 38
Unlike the DNS, LLMNR is a peer-to-peer protocol and does not have a Unlike the DNS, LLMNR is a peer-to-peer protocol and does not have a
concept of delegation. In LLMNR, the NS resource record type may be concept of delegation. In LLMNR, the NS resource record type may be
stored and queried for like any other type, but it has no special stored and queried for like any other type, but it has no special
delegation semantics as it does in the DNS. Responders MAY have NS delegation semantics as it does in the DNS. Responders MAY have NS
records associated with the names for which they are authoritative, records associated with the names for which they are authoritative,
but they SHOULD NOT include these NS records in the authority but they SHOULD NOT include these NS records in the authority
sections of responses. sections of responses.
Responders SHOULD insert an SOA record into the authority section of Responders SHOULD insert an SOA record into the authority section of
a negative response, to facilitate negative caching as specified in a negative response, to facilitate negative caching as specified in
[RFC2308]. The TTL of this record is set from the minimum of the [RFC2308]. The TTL of this record is set from the minimum of the
MINIMUM field of the SOA record and the TTL of the SOA itself, and MINIMUM field of the SOA record and the TTL of the SOA itself, and
indicates how long a resolver may cache the negative answer. The indicates how long a resolver may cache the negative answer. The
owner name of the SOA record (MNAME) MUST be set to the query name. owner name of the SOA record (MNAME) MUST be set to the query name.
The RNAME, SERIAL, REFRESH, RETRY and EXPIRE values MUST be ignored The RNAME, SERIAL, REFRESH, RETRY, and EXPIRE values MUST be ignored
by senders. Negative responses without SOA records SHOULD NOT be by senders. Negative responses without SOA records SHOULD NOT be
cached. cached.
In LLMNR, the additional section is primarily intended for use by In LLMNR, the additional section is primarily intended for use by
EDNS0, TSIG and SIG(0). As a result, unless the 'C' bit is set, EDNS0, TSIG, and SIG(0). As a result, unless the 'C' bit is set,
senders MAY only include pseudo RR-types in the additional section of senders MAY only include pseudo RR-types in the additional section of
a query; unless the 'C' bit is set, responders MUST ignore the a query; unless the 'C' bit is set, responders MUST ignore the
additional section of queries containing other RR types. additional section of queries containing other RR types.
In queries where the 'C' bit is set, the sender SHOULD include the In queries where the 'C' bit is set, the sender SHOULD include the
conflicting RRs in the additional section. Since conflict conflicting RRs in the additional section. Since conflict
notifications are advisory, responders SHOULD log information from notifications are advisory, responders SHOULD log information from
the additional section, but otherwise MUST ignore the additional the additional section, but otherwise MUST ignore the additional
section. section.
Senders MUST NOT cache RRs from the authority or additional section Senders MUST NOT cache RRs from the authority or additional section
of a response as answers, though they may be used for other purposes of a response as answers, though they may be used for other purposes,
such as negative caching. such as negative caching.
3. Usage Model 3. Usage Model
By default, an LLMNR sender SHOULD send LLMNR queries only for By default, an LLMNR sender SHOULD send LLMNR queries only for
single-label names. Stub resolvers supporting both DNS and LLMNR single-label names. Stub resolvers supporting both DNS and LLMNR
SHOULD avoid sending DNS queries for single-label names, in order to SHOULD avoid sending DNS queries for single-label names, in order to
reduce unnecessary DNS queries. An LLMNR sender SHOULD NOT be reduce unnecessary DNS queries. An LLMNR sender SHOULD NOT be
enabled to send a query for any name, except where security enabled to send a query for any name, except where security
mechanisms (described in Section 5.3) can be utilized. An LLMNR mechanisms (described in Section 5.3) can be utilized. An LLMNR
query SHOULD only be sent for the originally requested name; a query SHOULD only be sent for the originally requested name; a
searchlist is not used to form additional LLMNR queries. searchlist is not used to form additional LLMNR queries.
LLMNR is a peer-to-peer name resolution protocol that is not intended LLMNR is a peer-to-peer name resolution protocol that is not intended
as a replacement for DNS; rather, it enables name resolution in as a replacement for DNS; rather, it enables name resolution in
scenarios in which conventional DNS name resolution is not possible. scenarios in which conventional DNS name resolution is not possible.
Where LLMNR security is not enabled as described in Section 5.3, if Where LLMNR security is not enabled as described in Section 5.3, if
LLMNR is given higher priority than DNS among the enabled name LLMNR is given higher priority than DNS among the enabled name
resolution mechanisms, this would allow the LLMNR cache, once resolution mechanisms, this would allow the LLMNR cache, once
poisoned, to take precedence over the DNS cache. As a result, use of poisoned, to take precedence over the DNS cache. As a result, use of
LLMNR as a primary name resolution mechanism is NOT RECOMMENDED. LLMNR as a primary name resolution mechanism is NOT RECOMMENDED.
Instead, it is recommended that LLMNR be utilized as a secondary name Instead, it is recommended that LLMNR be utilized as a secondary name
resolution mechanism, for use in situations where hosts are not resolution mechanism, for use in situations where hosts are not
configured with the address of a DNS server; where the DNS server is configured with the address of a DNS server, where the DNS server is
unavailable or unreachable; where there is no DNS server unavailable or unreachable, where there is no DNS server
authoritative for the name of a host, or where the authoritative DNS authoritative for the name of a host, or where the authoritative DNS
server does not have the desired RRs. server does not have the desired RRs.
When LLMNR is configured as a secondary name resolution mechanism, When LLMNR is configured as a secondary name resolution mechanism,
LLMNR queries SHOULD only be sent when all of the following LLMNR queries SHOULD only be sent when all of the following
conditions are met: conditions are met:
[1] No manual or automatic DNS configuration has been performed. (1) No manual or automatic DNS configuration has been performed. If
If DNS server address(es) have been configured, a DNS server address(es) have been configured, a host SHOULD
host SHOULD attempt to reach DNS servers over all protocols attempt to reach DNS servers over all protocols on which DNS
on which DNS server address(es) are configured, prior to sending server address(es) are configured, prior to sending LLMNR
LLMNR queries. For dual stack hosts configured with DNS server queries. For dual-stack hosts configured with DNS server
address(es) for one protocol but not another, this implies that address(es) for one protocol but not another, this implies that
DNS queries SHOULD be sent over the protocol configured with DNS queries SHOULD be sent over the protocol configured with a
a DNS server, prior to sending LLMNR queries. DNS server, prior to sending LLMNR queries.
[2] All attempts to resolve the name via DNS on all interfaces (2) All attempts to resolve the name via DNS on all interfaces have
have failed after exhausting the searchlist. This can occur failed after exhausting the searchlist. This can occur because
because DNS servers did not respond, or because they DNS servers did not respond, or because they responded to DNS
responded to DNS queries with RCODE=3 (Authoritative Name queries with RCODE=3 (Authoritative Name Error) or RCODE=0, and
Error) or RCODE=0, and an empty answer section. Where a an empty answer section. Where a single resolver call generates
single resolver call generates DNS queries for A and AAAA RRs, DNS queries for A and AAAA RRs, an implementation MAY choose not
an implementation MAY choose not to send LLMNR queries if any to send LLMNR queries if any of the DNS queries is successful.
of the DNS queries is successful.
Where LLMNR is used as a secondary name resolution mechanism, its Where LLMNR is used as a secondary name resolution mechanism, its
usage is in part determined by the behavior of DNS resolver usage is in part determined by the behavior of DNS resolver
implementations; robust resolver implementations are more likely to implementations; robust resolver implementations are more likely to
avoid unnecessary LLMNR queries. avoid unnecessary LLMNR queries.
[RFC1536] describes common DNS implementation errors and fixes. If [RFC1536] describes common DNS implementation errors and fixes. If
the proposed fixes are implemented, unnecessary LLMNR queries will be the proposed fixes are implemented, unnecessary LLMNR queries will be
reduced substantially, and so implementation of [RFC1536] is reduced substantially, so implementation of [RFC1536] is recommended.
recommended.
For example, [RFC1536] Section 1 describes issues with retransmission For example, [RFC1536] Section 1 describes issues with retransmission
and recommends implementation of a retransmission policy based on and recommends implementation of a retransmission policy based on
round trip estimates, with exponential back-off. [RFC1536] Section 4 round trip estimates, with exponential back-off. [RFC1536] Section 4
describes issues with failover, and recommends that resolvers try describes issues with failover, and recommends that resolvers try
another server when they don't receive a response to a query. These another server when they don't receive a response to a query. These
policies are likely to avoid unnecessary LLMNR queries. policies are likely to avoid unnecessary LLMNR queries.
[RFC1536] Section 3 describes zero answer bugs, which if addressed [RFC1536] Section 3 describes zero answer bugs, which if addressed
will also reduce unnecessary LLMNR queries. will also reduce unnecessary LLMNR queries.
[RFC1536] Section 6 describes name error bugs and recommended [RFC1536] Section 6 describes name error bugs and recommended
searchlist processing that will reduce unnecessary RCODE=3 searchlist processing that will reduce unnecessary RCODE=3
(authoritative name) errors, thereby also reducing unnecessary LLMNR (authoritative name) errors, thereby also reducing unnecessary LLMNR
queries. queries.
As noted in [DNSPerf] significant fraction of DNS queries do not As noted in [DNSPerf], a significant fraction of DNS queries do not
receive a response, or result in negative responses due to missing receive a response, or result in negative responses due to missing
inverse mappings or NS records that point to nonexistent or inverse mappings or NS records that point to nonexistent or
inappropriate hosts. Therefore a reduction in missing records can inappropriate hosts. Therefore, a reduction in missing records can
prevent many unnecessary LLMNR queries. prevent many unnecessary LLMNR queries.
3.1. LLMNR Configuration 3.1. LLMNR Configuration
LLMNR usage MAY be configured manually or automatically on a per LLMNR usage MAY be configured manually or automatically on a per-
interface basis. By default, LLMNR responders SHOULD be enabled on interface basis. By default, LLMNR responders SHOULD be enabled on
all interfaces, at all times. Where this is considered undesirable, all interfaces, at all times. Where this is considered undesirable,
LLMNR SHOULD be disabled, so that hosts will neither listen on the LLMNR SHOULD be disabled, so that hosts will neither listen on the
link-scope multicast address, nor will they send queries to that link-scope multicast address, nor will they send queries to that
address. address.
Where DHCPv4 or DHCPv6 is implemented, DHCP options can be used to Where DHCPv4 or DHCPv6 is implemented, DHCP options can be used to
configure LLMNR on an interface. The LLMNR Enable Option, described configure LLMNR on an interface. The LLMNR Enable Option, described
in [LLMNREnable], can be used to explicitly enable or disable use of in [LLMNREnable], can be used to explicitly enable or disable use of
LLMNR on an interface. The LLMNR Enable Option does not determine LLMNR on an interface. The LLMNR Enable Option does not determine
whether or in which order DNS itself is used for name resolution. whether, or in which order, DNS itself is used for name resolution.
The order in which various name resolution mechanisms should be used The order in which various name resolution mechanisms should be used
can be specified using the Name Service Search Option (NSSO) for DHCP can be specified using the Name Service Search Option (NSSO) for DHCP
[RFC2937], using the LLMNR Enable Option code carried in the NSSO [RFC2937], using the LLMNR Enable Option code carried in the NSSO
data. data.
In situations where LLMNR is configured as a secondary name In situations where LLMNR is configured as a secondary name
resolution protocol on a dual-stack host, behavior will be governed resolution protocol on a dual-stack host, behavior will be governed
by both IPv4 and IPv6 configuration mechanisms. Since IPv4 and IPv6 by both IPv4 and IPv6 configuration mechanisms. Since IPv4 and IPv6
utilize distinct configuration mechanisms, it is possible for a dual utilize distinct configuration mechanisms, it is possible for a
stack host to be configured with the address of a DNS server over dual-stack host to be configured with the address of a DNS server
IPv4, while remaining unconfigured with a DNS server suitable for use over IPv4, while remaining unconfigured with a DNS server suitable
over IPv6. for use over IPv6.
In these situations, a dual stack host will send AAAA queries to the In these situations, a dual-stack host will send AAAA queries to the
configured DNS server over IPv4. However, an IPv6-only host configured DNS server over IPv4. However, an IPv6-only host
unconfigured with a DNS server suitable for use over IPv6 will be unconfigured with a DNS server suitable for use over IPv6 will be
unable to resolve names using DNS. Automatic IPv6 DNS configuration unable to resolve names using DNS. Automatic IPv6 DNS configuration
mechanisms (such as [RFC3315] and [DNSDisc]) are not yet widely mechanisms (such as [RFC3315] and [DNSDisc]) are not yet widely
deployed, and not all DNS servers support IPv6. Therefore lack of deployed, and not all DNS servers support IPv6. Therefore, lack of
IPv6 DNS configuration may be a common problem in the short term, and IPv6 DNS configuration may be a common problem in the short term, and
LLMNR may prove useful in enabling link-local name resolution over LLMNR may prove useful in enabling link-local name resolution over
IPv6. IPv6.
Where a DHCPv4 server is available but not a DHCPv6 server [RFC3315], Where a DHCPv4 server is available but not a DHCPv6 server [RFC3315],
IPv6-only hosts may not be configured with a DNS server. Where there IPv6-only hosts may not be configured with a DNS server. Where there
is no DNS server authoritative for the name of a host or the is no DNS server authoritative for the name of a host or the
authoritative DNS server does not support dynamic client update over authoritative DNS server does not support dynamic client update over
IPv6 or DHCPv6-based dynamic update, then an IPv6-only host will not IPv6 or DHCPv6-based dynamic update, then an IPv6-only host will not
be able to do DNS dynamic update, and other hosts will not be able to be able to do DNS dynamic update, and other hosts will not be able to
resolve its name. resolve its name.
For example, if the configured DNS server responds to a AAAA RR query For example, if the configured DNS server responds to an AAAA RR
sent over IPv4 or IPv6 with an authoritative name error (RCODE=3) or query sent over IPv4 or IPv6 with an authoritative name error
RCODE=0 and an empty answer section, then a AAAA RR query sent using (RCODE=3) or RCODE=0 and an empty answer section, then an AAAA RR
LLMNR over IPv6 may be successful in resolving the name of an query sent using LLMNR over IPv6 may be successful in resolving the
IPv6-only host on the local link. name of an IPv6-only host on the local link.
Similarly, if a DHCPv4 server is available providing DNS server Similarly, if a DHCPv4 server is available providing DNS server
configuration, and DNS server(s) exist which are authoritative for configuration, and DNS server(s) exist which are authoritative for
the A RRs of local hosts and support either dynamic client update the A RRs of local hosts and support either dynamic client update
over IPv4 or DHCPv4-based dynamic update, then the names of local over IPv4 or DHCPv4-based dynamic update, then the names of local
IPv4 hosts can be resolved over IPv4 without LLMNR. However, if no IPv4 hosts can be resolved over IPv4 without LLMNR. However, if no
DNS server is authoritative for the names of local hosts, or the DNS server is authoritative for the names of local hosts, or the
authoritative DNS server(s) do not support dynamic update, then LLMNR authoritative DNS server(s) do not support dynamic update, then LLMNR
enables link-local name resolution over IPv4. enables link-local name resolution over IPv4.
It is possible that DNS configuration mechanisms will go in and out It is possible that DNS configuration mechanisms will go in and out
of service. In these circumstances, it is possible for hosts within of service. In these circumstances, it is possible for hosts within
an administrative domain to be inconsistent in their DNS an administrative domain to be inconsistent in their DNS
configuration. configuration.
For example, where DHCP is used for configuring DNS servers, one or For example, where DHCP is used for configuring DNS servers, one or
skipping to change at page 18, line 31 skipping to change at page 19, line 6
4. Conflict Resolution 4. Conflict Resolution
By default, a responder SHOULD be configured to behave as though its By default, a responder SHOULD be configured to behave as though its
name is UNIQUE on each interface on which LLMNR is enabled. However, name is UNIQUE on each interface on which LLMNR is enabled. However,
it is also possible to configure multiple responders to be it is also possible to configure multiple responders to be
authoritative for the same name. For example, multiple responders authoritative for the same name. For example, multiple responders
MAY respond to a query for an A or AAAA type record for a cluster MAY respond to a query for an A or AAAA type record for a cluster
name (assigned to multiple hosts in the cluster). name (assigned to multiple hosts in the cluster).
To detect duplicate use of a name, an administrator can use a name To detect duplicate use of a name, an administrator can use a name
resolution utility which employs LLMNR and lists both responses and resolution utility that employs LLMNR and lists both responses and
responders. This would allow an administrator to diagnose behavior responders. This would allow an administrator to diagnose behavior
and potentially to intervene and reconfigure LLMNR responders who and potentially intervene and reconfigure LLMNR responders that
should not be configured to respond to the same name. should not be configured to respond to the same name.
4.1. Uniqueness Verification 4.1. Uniqueness Verification
Prior to sending an LLMNR response with the 'T' bit clear, a Prior to sending an LLMNR response with the 'T' bit clear, a
responder configured with a UNIQUE name MUST verify that there is no responder configured with a UNIQUE name MUST verify that there is no
other host within the scope of LLMNR query propagation that is other host within the scope of LLMNR query propagation that is
authoritative for the same name on that interface. authoritative for the same name on that interface.
Once a responder has verified that its name is UNIQUE, if it receives Once a responder has verified that its name is UNIQUE, if it receives
an LLMNR query for that name, with the 'C' bit clear, it MUST an LLMNR query for that name with the 'C' bit clear, it MUST respond
respond, with the 'T' bit clear. Prior to verifying that its name is with the 'T' bit clear. Prior to verifying that its name is UNIQUE,
UNIQUE, a responder MUST set the 'T' bit in responses. a responder MUST set the 'T' bit in responses.
Uniqueness verification is carried out when the host: Uniqueness verification is carried out when the host:
- starts up or is rebooted - starts up or is rebooted
- wakes from sleep (if the network interface was inactive
during sleep)
- is configured to respond to LLMNR queries on an interface - wakes from sleep (if the network interface was inactive during
enabled for transmission and reception of IP traffic sleep)
- is configured to respond to LLMNR queries using additional
UNIQUE resource records - is configured to respond to LLMNR queries on an interface enabled
- verifies the acquisition of a new IP address and configuration for transmission and reception of IP traffic
on an interface
- is configured to respond to LLMNR queries using additional UNIQUE
resource records
- verifies the acquisition of a new IP address and configuration on
an interface
To verify uniqueness, a responder MUST send an LLMNR query with the To verify uniqueness, a responder MUST send an LLMNR query with the
'C' bit clear, over all protocols on which it responds to LLMNR 'C' bit clear, over all protocols on which it responds to LLMNR
queries (IPv4 and/or IPv6). It is RECOMMENDED that responders verify queries (IPv4 and/or IPv6). It is RECOMMENDED that responders verify
uniqueness of a name by sending a query for the name with type='ANY'. uniqueness of a name by sending a query for the name with type='ANY'.
If no response is received, the sender retransmits the query, as If no response is received, the sender retransmits the query, as
specified in Section 2.7. If a response is received, the sender MUST specified in Section 2.7. If a response is received, the sender MUST
check if the source address matches the address of any of its check if the source address matches the address of any of its
interfaces; if so, then the response is not considered a conflict, interfaces; if so, then the response is not considered a conflict,
skipping to change at page 19, line 47 skipping to change at page 20, line 27
may actually be detrimental. For example, if network links are may actually be detrimental. For example, if network links are
joined only briefly, and are separated again before any new joined only briefly, and are separated again before any new
communication is initiated, temporary conflicts are benign and no communication is initiated, temporary conflicts are benign and no
forced reconfiguration is required. LLMNR responders SHOULD NOT forced reconfiguration is required. LLMNR responders SHOULD NOT
periodically attempt uniqueness verification. periodically attempt uniqueness verification.
4.2. Conflict Detection and Defense 4.2. Conflict Detection and Defense
Hosts on disjoint network links may configure the same name for use Hosts on disjoint network links may configure the same name for use
with LLMNR. If these separate network links are later joined or with LLMNR. If these separate network links are later joined or
bridged together, then there may be multiple hosts which are now on bridged together, then there may be multiple hosts that are now on
the same link, trying to use the same name. the same link, trying to use the same name.
In order to enable ongoing detection of name conflicts, when an LLMNR In order to enable ongoing detection of name conflicts, when an LLMNR
sender receives multiple LLMNR responses to a query, it MUST check if sender receives multiple LLMNR responses to a query, it MUST check if
the 'C' bit is clear in any of the responses. If so, the sender the 'C' bit is clear in any of the responses. If so, the sender
SHOULD send another query for the same name, type and class, this
SHOULD send another query for the same name, type, and class, this
time with the 'C' bit set, with the potentially conflicting resource time with the 'C' bit set, with the potentially conflicting resource
records included in the additional section. records included in the additional section.
Queries with the 'C' bit set are considered advisory and responders Queries with the 'C' bit set are considered advisory, and responders
MUST verify the existence of a conflict before acting on it. A MUST verify the existence of a conflict before acting on it. A
responder receiving a query with the 'C' bit set MUST NOT respond. responder receiving a query with the 'C' bit set MUST NOT respond.
If the query is for a UNIQUE name, then the responder MUST send its If the query is for a UNIQUE name, then the responder MUST send its
own query for the same name, type and class, with the 'C' bit clear. own query for the same name, type, and class, with the 'C' bit clear.
If a response is received, the sender MUST check if the source If a response is received, the sender MUST check if the source
address matches the address of any of its interfaces; if so, then the address matches the address of any of its interfaces; if so, then the
response is not considered a conflict, since it originates from the response is not considered a conflict, since it originates from the
sender. To avoid triggering conflict detection, a responder that sender. To avoid triggering conflict detection, a responder that
detects that it is connected to the same link on multiple interfaces detects that it is connected to the same link on multiple interfaces
SHOULD set the 'C' bit in responses. SHOULD set the 'C' bit in responses.
An LLMNR responder MUST NOT ignore conflicts once detected and SHOULD An LLMNR responder MUST NOT ignore conflicts once detected, and
log them. Upon detecting a conflict, an LLMNR responder MUST SHOULD log them. Upon detecting a conflict, an LLMNR responder MUST
immediately stop using the conflicting name in response to LLMNR immediately stop using the conflicting name in response to LLMNR
queries received over any supported protocol, if the source IP queries received over any supported protocol, if the source IP
address in the response, is lexicographically smaller than than the address in the response is lexicographically smaller than the source
source IP address in the uniqueness verification query. IP address in the uniqueness verification query.
After stopping the use of a name, the responder MAY elect to After stopping the use of a name, the responder MAY elect to
configure a new name. However, since name reconfiguration may be configure a new name. However, since name reconfiguration may be
disruptive, this is not required, and a responder may have been disruptive, this is not required, and a responder may have been
configured to respond to multiple names so that alternative names may configured to respond to multiple names so that alternative names may
already be available. A host that has stopped the use of a name may already be available. A host that has stopped the use of a name may
attempt uniqueness verification again after the expiration of the TTL attempt uniqueness verification again after the expiration of the TTL
of the conflicting response. of the conflicting response.
4.3. Considerations for Multiple Interfaces 4.3. Considerations for Multiple Interfaces
A multi-homed host may elect to configure LLMNR on only one of its A multi-homed host may elect to configure LLMNR on only one of its
active interfaces. In many situations this will be adequate. active interfaces. In many situations, this will be adequate.
However, should a host need to configure LLMNR on more than one of However, should a host need to configure LLMNR on more than one of
its active interfaces, there are some additional precautions it MUST its active interfaces, there are some additional precautions it MUST
take. Implementers who are not planning to support LLMNR on multiple take. Implementers who are not planning to support LLMNR on multiple
interfaces simultaneously may skip this section. interfaces simultaneously may skip this section.
Where a host is configured to issue LLMNR queries on more than one Where a host is configured to issue LLMNR queries on more than one
interface, each interface maintains its own independent LLMNR interface, each interface maintains its own independent LLMNR
resolver cache, containing the responses to LLMNR queries. resolver cache, containing the responses to LLMNR queries.
A multi-homed host checks the uniqueness of UNIQUE records as A multi-homed host checks the uniqueness of UNIQUE records as
described in Section 4. The situation is illustrated in Figure 1. described in Section 4. The situation is illustrated in Figure 1.
---------- ---------- ---------- ----------
| | | | | | | |
[A] [myhost] [myhost] [A] [myhost] [myhost]
Figure 1. Link-scope name conflict Figure 1. Link-scope name conflict
In this situation, the multi-homed myhost will probe for, and defend, In this situation, the multi-homed myhost will probe for, and defend,
its host name on both interfaces. A conflict will be detected on one its host name on both interfaces. A conflict will be detected on one
interface, but not the other. The multi-homed myhost will not be interface, but not the other. The multi-homed myhost will not be
able to respond with a host RR for "myhost" on the interface on the able to respond with a host RR for "myhost" on the interface on the
right (see Figure 1). The multi-homed host may, however, be right (see Figure 1). The multi-homed host may, however, be
configured to use the "myhost" name on the interface on the left. configured to use the "myhost" name on the interface on the left.
Since names are only unique per-link, hosts on different links could Since names are only unique per link, hosts on different links could
be using the same name. If an LLMNR client sends queries over be using the same name. If an LLMNR client sends queries over
multiple interfaces, and receives responses from more than one, the multiple interfaces, and receives responses from more than one, the
result returned to the client is defined by the implementation. The result returned to the client is defined by the implementation. The
situation is illustrated in Figure 2. situation is illustrated in Figure 2.
---------- ---------- ---------- ----------
| | | | | | | |
[A] [myhost] [A] [A] [myhost] [A]
Figure 2. Off-segment name conflict Figure 2. Off-segment name conflict
If host myhost is configured to use LLMNR on both interfaces, it will If host myhost is configured to use LLMNR on both interfaces, it will
send LLMNR queries on both interfaces. When host myhost sends a send LLMNR queries on both interfaces. When host myhost sends a
query for the host RR for name "A" it will receive a response from query for the host RR for name "A", it will receive a response from
hosts on both interfaces. hosts on both interfaces.
Host myhost cannot distinguish between the situation shown in Figure Host myhost cannot distinguish between the situation shown in Figure
2, and that shown in Figure 3 where no conflict exists. 2, and that shown in Figure 3, where no conflict exists.
[A] [A]
| | | |
----- ----- ----- -----
| | | |
[myhost] [myhost]
Figure 3. Multiple paths to same host Figure 3. Multiple paths to same host
This illustrates that the proposed name conflict resolution mechanism This illustrates that the proposed name conflict-resolution mechanism
does not support detection or resolution of conflicts between hosts does not support detection or resolution of conflicts between hosts
on different links. This problem can also occur with DNS when a on different links. This problem can also occur with DNS when a
multi-homed host is connected to two different networks with multi-homed host is connected to two different networks with
separated name spaces. It is not the intent of this document to separated name spaces. It is not the intent of this document to
address the issue of uniqueness of names within DNS. address the issue of uniqueness of names within DNS.
4.4. API Issues 4.4. API Issues
[RFC2553] provides an API which can partially solve the name [RFC3493] provides an API that can partially solve the name ambiguity
ambiguity problem for applications written to use this API, since the problem for applications written to use this API, since the
sockaddr_in6 structure exposes the scope within which each scoped sockaddr_in6 structure exposes the scope within which each scoped
address exists, and this structure can be used for both IPv4 (using address exists, and this structure can be used for both IPv4 (using
v4-mapped IPv6 addresses) and IPv6 addresses. v4-mapped IPv6 addresses) and IPv6 addresses.
Following the example in Figure 2, an application on 'myhost' issues Following the example in Figure 2, an application on 'myhost' issues
the request getaddrinfo("A", ...) with ai_family=AF_INET6 and the request getaddrinfo("A", ...) with ai_family=AF_INET6 and
ai_flags=AI_ALL|AI_V4MAPPED. LLMNR queries will be sent from both ai_flags=AI_ALL|AI_V4MAPPED. LLMNR queries will be sent from both
interfaces and the resolver library will return a list containing interfaces, and the resolver library will return a list containing
multiple addrinfo structures, each with an associated sockaddr_in6 multiple addrinfo structures, each with an associated sockaddr_in6
structure. This list will thus contain the IPv4 and IPv6 addresses structure. This list will thus contain the IPv4 and IPv6 addresses
of both hosts responding to the name 'A'. Link-local addresses will of both hosts responding to the name 'A'. Link-local addresses will
have a sin6_scope_id value that disambiguates which interface is used have a sin6_scope_id value that disambiguates which interface is used
to reach the address. Of course, to the application, Figures 2 and 3 to reach the address. Of course, to the application, Figures 2 and 3
are still indistinguishable, but this API allows the application to are still indistinguishable, but this API allows the application to
communicate successfully with any address in the list. communicate successfully with any address in the list.
5. Security Considerations 5. Security Considerations
LLMNR is a peer-to-peer name resolution protocol designed for use on LLMNR is a peer-to-peer name resolution protocol designed for use on
the local link. While LLMNR limits the vulnerability of responders the local link. While LLMNR limits the vulnerability of responders
to off-link senders, it is possible for an off-link responder to to off-link senders, it is possible for an off-link responder to
reach a sender. reach a sender.
In scenarios such as public "hotspots" attackers can be present on In scenarios such as public "hotspots", attackers can be present on
the same link. These threats are most serious in wireless networks the same link. These threats are most serious in wireless networks,
such as IEEE 802.11, since attackers on a wired network will require such as IEEE 802.11, since attackers on a wired network will require
physical access to the network, while wireless attackers may mount physical access to the network, while wireless attackers may mount
attacks from a distance. Link-layer security such as [IEEE-802.11i] attacks from a distance. Link-layer security, such as
can be of assistance against these threats if it is available. [IEEE-802.11i], can be of assistance against these threats if it is
available.
This section details security measures available to mitigate threats This section details security measures available to mitigate threats
from on and off-link attackers. from on and off-link attackers.
5.1. Denial of Service 5.1. Denial of Service
Attackers may take advantage of LLMNR conflict detection by Attackers may take advantage of LLMNR conflict detection by
allocating the same name, denying service to other LLMNR responders allocating the same name, denying service to other LLMNR responders,
and possibly allowing an attacker to receive packets destined for and possibly allowing an attacker to receive packets destined for
other hosts. By logging conflicts, LLMNR responders can provide other hosts. By logging conflicts, LLMNR responders can provide
forensic evidence of these attacks. forensic evidence of these attacks.
An attacker may spoof LLMNR queries from a victim's address in order An attacker may spoof LLMNR queries from a victim's address in order
to mount a denial of service attack. Responders setting the IPv6 Hop to mount a denial of service attack. Responders setting the IPv6 Hop
Limit or IPv4 TTL field to a value larger than one in an LLMNR UDP Limit or IPv4 TTL field to a value larger than one in an LLMNR UDP
response may be able to reach the victim across the Internet. response may be able to reach the victim across the Internet.
While LLMNR responders only respond to queries for which they are While LLMNR responders only respond to queries for which they are
authoritative and LLMNR does not provide wildcard query support, an authoritative, and LLMNR does not provide wildcard query support, an
LLMNR response may be larger than the query, and an attacker can LLMNR response may be larger than the query, and an attacker can
generate multiple responses to a query for a name used by multiple generate multiple responses to a query for a name used by multiple
responders. A sender may protect itself against unsolicited responders. A sender may protect itself against unsolicited
responses by silently discarding them. responses by silently discarding them.
5.2. Spoofing 5.2. Spoofing
LLMNR is designed to prevent reception of queries sent by an off-link LLMNR is designed to prevent reception of queries sent by an off-link
attacker. LLMNR requires that responders receiving UDP queries check attacker. LLMNR requires that responders receiving UDP queries check
that they are sent to a link-scope multicast address. However, it is that they are sent to a link-scope multicast address. However, it is
possible that some routers may not properly implement link-scope possible that some routers may not properly implement link-scope
multicast, or that link-scope multicast addresses may leak into the multicast, or that link-scope multicast addresses may leak into the
multicast routing system. To prevent successful setup of TCP multicast routing system. To prevent successful setup of TCP
connections by an off-link sender, responders receiving a TCP SYN connections by an off-link sender, responders receiving a TCP SYN
reply with a TCP SYN-ACK with TTL set to one (1). reply with a TCP SYN-ACK with TTL set to one (1).
While it is difficult for an off-link attacker to send an LLMNR query While it is difficult for an off-link attacker to send an LLMNR query
to a responder, it is possible for an off-link attacker to spoof a to a responder, it is possible for an off-link attacker to spoof a
response to a query (such as an A or AAAA query for a popular response to a query (such as an A or AAAA query for a popular
Internet host), and by using a TTL or Hop Limit field larger than one Internet host), and by using a TTL or Hop Limit field larger than one
(1), for the forged response to reach the LLMNR sender. Since the (1), for the forged response to reach the LLMNR sender. Since the
forged response will only be accepted if it contains a matching ID forged response will only be accepted if it contains a matching ID
field, choosing a pseudo-random ID field within queries provides some field, choosing a pseudo-random ID field within queries provides some
protection against off-link responders. protection against off-link responders.
When LLMNR is utilized as a secondary name resolution service, When LLMNR is utilized as a secondary name resolution service,
queries can be sent when DNS server(s) do not respond. An attacker queries can be sent when DNS server(s) do not respond. An attacker
can execute a denial of service attack on the DNS server(s) and then can execute a denial of service attack on the DNS server(s), and then
poison the LLMNR cache by responding to an LLMNR query with incorrect poison the LLMNR cache by responding to an LLMNR query with incorrect
information. As noted in "Threat Analysis of the Domain Name System information. As noted in "Threat Analysis of the Domain Name System
(DNS)" [RFC3833] these threats also exist with DNS, since DNS (DNS)" [RFC3833], these threats also exist with DNS, since DNS-
response spoofing tools are available that can allow an attacker to response spoofing tools are available that can allow an attacker to
respond to a query more quickly than a distant DNS server. However, respond to a query more quickly than a distant DNS server. However,
while switched networks or link-layer security may make it difficult while switched networks or link-layer security may make it difficult
for an on-link attacker to snoop unicast DNS queries, multicast for an on-link attacker to snoop unicast DNS queries, multicast LLMNR
LLMNR queries are propagated to all hosts on the link, making it queries are propagated to all hosts on the link, making it possible
possible for an on-link attacker to spoof LLMNR responses without for an on-link attacker to spoof LLMNR responses without having to
having to guess the value of the ID field in the query. guess the value of the ID field in the query.
Since LLMNR queries are sent and responded to on the local link, an Since LLMNR queries are sent and responded to on the local link, an
attacker will need to respond more quickly to provide its own attacker will need to respond more quickly to provide its own
response prior to arrival of the response from a legitimate response prior to arrival of the response from a legitimate
responder. If an LLMNR query is sent for an off-link host, spoofing responder. If an LLMNR query is sent for an off-link host, spoofing
a response in a timely way is not difficult, since a legitimate a response in a timely way is not difficult, since a legitimate
response will never be received. response will never be received.
This vulnerability can be reduced by limiting use of LLMNR to This vulnerability can be reduced by limiting use of LLMNR to
resolution of single-label names as described in Section 3, or by resolution of single-label names as described in Section 3, or by
implementation of authentication (see Section 5.3). implementation of authentication (see Section 5.3).
5.3. Authentication 5.3. Authentication
LLMNR is a peer-to-peer name resolution protocol, and as a result, LLMNR is a peer-to-peer name resolution protocol and, as a result, is
it is often deployed in situations where no trust model can be often deployed in situations where no trust model can be assumed.
assumed. Where a pre-arranged security configuration is possible, Where a pre-arranged security configuration is possible, the
the following security mechanisms may be used: following security mechanisms may be used:
[a] LLMNR implementations MAY support TSIG [RFC2845] and/or SIG(0) (a) LLMNR implementations MAY support TSIG [RFC2845] and/or SIG(0)
[RFC2931] security mechanisms. "DNS Name Service based on Secure [RFC2931] security mechanisms. "DNS Name Service based on
Multicast DNS for IPv6 Mobile Ad Hoc Networks" [LLMNRSec] describes Secure Multicast DNS for IPv6 Mobile Ad Hoc Networks" [LLMNRSec]
the use of TSIG to secure LLMNR, based on group keys. While group describes the use of TSIG to secure LLMNR, based on group keys.
keys can be used to demonstrate membership in a group, they do not While group keys can be used to demonstrate membership in a
protect against forgery by an attacker that is a member of the group, they do not protect against forgery by an attacker that
group. is a member of the group.
[b] IPsec ESP with null encryption algorithm MAY be used to (b) IPsec Encapsulating Security Payload (ESP) with a NULL
authenticate unicast LLMNR queries and responses or LLMNR responses encryption algorithm MAY be used to authenticate unicast LLMNR
to multicast queries. In a small network without a certificate queries and responses, or LLMNR responses to multicast queries.
authority, this can be most easily accomplished through In a small network without a certificate authority, this can be
configuration of a group pre-shared key for trusted hosts. As with most easily accomplished through configuration of a group pre-
TSIG, this does not protect against forgery by an attacker with shared key for trusted hosts. As with TSIG, this does not
access to the group pre-shared key. protect against forgery by an attacker with access to the group
pre-shared key.
[c] LLMNR implementations MAY support DNSSEC [RFC4033]. In order to (c) LLMNR implementations MAY support DNSSEC [RFC4033]. In order to
support DNSSEC, LLMNR implementations MAY be configured with trust support DNSSEC, LLMNR implementations MAY be configured with
anchors, or they MAY make use of keys obtained from DNS queries. trust anchors, or they MAY make use of keys obtained from DNS
Since LLMNR does not support "delegated trust" (CD or AD bits), queries. Since LLMNR does not support "delegated trust" (CD or
LLMNR implementations cannot make use of DNSSEC unless they are AD bits), LLMNR implementations cannot make use of DNSSEC unless
DNSSEC-aware and support validation. Unlike approaches [a] or [b], they are DNSSEC-aware and support validation. Unlike approaches
DNSSEC permits a responder to demonstrate ownership of a name, not [a] or [b], DNSSEC permits a responder to demonstrate ownership
just membership within a trusted group. As a result, it enables of a name, not just membership within a trusted group. As a
protection against forgery. result, it enables protection against forgery.
5.4. Cache and Port Separation 5.4. Cache and Port Separation
In order to prevent responses to LLMNR queries from polluting the DNS In order to prevent responses to LLMNR queries from polluting the DNS
cache, LLMNR implementations MUST use a distinct, isolated cache for cache, LLMNR implementations MUST use a distinct, isolated cache for
LLMNR on each interface. LLMNR operates on a separate port from DNS, LLMNR on each interface. LLMNR operates on a separate port from DNS,
reducing the likelihood that a DNS server will unintentionally reducing the likelihood that a DNS server will unintentionally
respond to an LLMNR query. respond to an LLMNR query.
If a DNS server is running on a host that supports LLMNR, the LLMNR If a DNS server is running on a host that supports LLMNR, the LLMNR
responder on that host MUST respond to LLMNR queries only for the responder on that host MUST respond to LLMNR queries only for the
RRSets relating to the host on which the server is running, but MUST RRSets relating to the host on which the server is running, but MUST
NOT respond for other records for which the DNS server is NOT respond for other records for which the DNS server is
authoritative. DNS servers MUST NOT send LLMNR queries in order to authoritative. DNS servers MUST NOT send LLMNR queries in order to
resolve DNS queries. resolve DNS queries.
6. IANA Considerations 6. IANA Considerations
This specification creates a new name space: the LLMNR namespace. This specification creates a new namespace: the LLMNR namespace.
In order to to avoid creating any new administrative procedures, In order to avoid creating any new administrative procedures,
administration of the LLMNR namespace will piggyback on the administration of the LLMNR namespace will piggyback on the
administration of the DNS namespace. administration of the DNS namespace.
The rights to use a fully qualified domain name (FQDN) within LLMNR The rights to use a fully qualified domain name (FQDN) within LLMNR
are obtained by acquiring the rights to use that name within DNS. are obtained by acquiring the rights to use that name within DNS.
Those wishing to use a FQDN within LLMNR should first acquire the Those wishing to use an FQDN within LLMNR should first acquire the
rights to use the corresponding FQDN within DNS. Using a FQDN within rights to use the corresponding FQDN within DNS. Using an FQDN
LLMNR without ownership of the corresponding name in DNS creates the within LLMNR without ownership of the corresponding name in DNS
possibility of conflict and therefore is discouraged. creates the possibility of conflict and therefore is discouraged.
LLMNR responders may self-allocate a name within the single-label LLMNR responders may self-allocate a name within the single-label
name space, first defined in [RFC1001]. Since single-label names are namespace first defined in [RFC1001]. Since single-label names are
not unique, no registration process is required. not unique, no registration process is required.
7. Constants 7. Constants
The following timing constants are used in this protocol; they are The following timing constants are used in this protocol; they are
not intended to be user configurable. not intended to be user configurable.
JITTER_INTERVAL 100 ms JITTER_INTERVAL 100 ms
LLMNR_TIMEOUT 1 second (if set statically on all interfaces) LLMNR_TIMEOUT 1 second (if set statically on all interfaces)
100 ms (IEEE 802 media, including IEEE 802.11) 100 ms (IEEE 802 media, including IEEE 802.11)
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC1001] Auerbach, K. and A. Aggarwal, "Protocol Standard for a NetBIOS [RFC1001] NetBIOS Working Group in the Defense Advanced Research
Service on a TCP/UDP Transport: Concepts and Methods", RFC Projects Agency, Internet Activities Board, and End-
1001, March 1987. to-End Services Task Force, "Protocol standard for a
NetBIOS service on a TCP/UDP transport: Concepts and
[RFC1035] Mockapetris, P., "Domain Names - Implementation and methods", STD 19, RFC 1001, March 1987.
Specification", RFC 1035, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC1035] Mockapetris, P., "Domain names - implementation and
Requirement Levels", BCP 14, RFC 2119, March 1997. specification", STD 13, RFC 1035, November 1987.
[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Specification", RFC 2181, July 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2308] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)", [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
RFC 2308, March 1998. Specification", RFC 2181, July 1997.
[RFC2373] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC2308] Andrews, M., "Negative Caching of DNS Queries (DNS
Architecture", RFC 2373, July 1998. NCACHE)", RFC 2308, March 1998.
[RFC2434] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC
Considerations Section in RFCs", BCP 26, RFC 2434, October 2671, August 1999.
1998.
[RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671, [RFC2845] Vixie, P., Gudmundsson, O., Eastlake 3rd, D., and B.
August 1999. Wellington, "Secret Key Transaction Authentication for
DNS (TSIG)", RFC 2845, May 2000.
[RFC2845] Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington, [RFC2931] Eastlake 3rd, D., "DNS Request and Transaction
"Secret Key Transaction Authentication for DNS (TSIG)", RFC Signatures ( SIG(0)s )", RFC 2931, September 2000.
2845, May 2000.
[RFC2931] Eastlake, D., "DNS Request and Transaction Signatures [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
(SIG(0)s)", RFC 2931, September 2000. Architecture", RFC 4291, February 2006.
8.2. Informative References 8.2. Informative References
[DNSPerf] Jung, J., et al., "DNS Performance and the Effectiveness of [DNSPerf] Jung, J., et al., "DNS Performance and the
Caching", IEEE/ACM Transactions on Networking, Volume 10, Effectiveness of Caching", IEEE/ACM Transactions on
Number 5, pp. 589, October 2002. Networking, Volume 10, Number 5, pp. 589, October
2002.
[DNSDisc] Durand, A., Hagino, I. and D. Thaler, "Well known site local [DNSDisc] Durand, A., Hagino, I., and D. Thaler, "Well known
unicast addresses to communicate with recursive DNS servers", site local unicast addresses to communicate with
Internet draft (work in progress), draft-ietf-ipv6-dns- recursive DNS servers", Work in Progress, October
discovery-07.txt, October 2002. 2002.
[IEEE-802.11i] [IEEE-802.11i] Institute of Electrical and Electronics Engineers,
Institute of Electrical and Electronics Engineers, "Supplement "Supplement to Standard for Telecommunications and
to Standard for Telecommunications and Information Exchange Information Exchange Between Systems - LAN/MAN
Between Systems - LAN/MAN Specific Requirements - Part 11: Specific Requirements - Part 11: Wireless LAN Medium
Wireless LAN Medium Access Control (MAC) and Physical Layer Access Control (MAC) and Physical Layer (PHY)
(PHY) Specifications: Specification for Enhanced Security", Specifications: Specification for Enhanced Security",
IEEE 802.11i, July 2004. IEEE 802.11i, July 2004.
[LLMNREnable] [LLMNREnable] Guttman, E., "DHCP LLMNR Enable Option", Work in
Guttman, E., "DHCP LLMNR Enable Option", Internet draft (work Progress, April 2002.
in progress), draft-guttman-mdns-enable-02.txt, April 2002.
[LLMNRSec] [LLMNRSec] Jeong, J., Park, J. and H. Kim, "DNS Name Service
Jeong, J., Park, J. and H. Kim, "DNS Name Service based on based on Secure Multicast DNS for IPv6 Mobile Ad Hoc
Secure Multicast DNS for IPv6 Mobile Ad Hoc Networks", ICACT Networks", ICACT 2004, Phoenix Park, Korea, February
2004, Phoenix Park, Korea, February 9-11, 2004. 9-11, 2004.
[POSIX] IEEE Std. 1003.1-2001 Standard for Information Technology -- [POSIX] IEEE Std. 1003.1-2001 Standard for Information
Portable Operating System Interface (POSIX). Open Group Technology -- Portable Operating System Interface
Technical Standard: Base Specifications, Issue 6, December (POSIX). Open Group Technical Standard: Base
2001. ISO/IEC 9945:2002. http://www.opengroup.org/austin Specifications, Issue 6, December 2001. ISO/IEC
9945:2002. http://www.opengroup.org/austin
[RFC1536] Kumar, A., et. al., "DNS Implementation Errors and Suggested [RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P., and S.
Fixes", RFC 1536, October 1993. Miller, "Common DNS Implementation Errors and
Suggested Fixes", RFC 1536, October 1993.
[RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC
Recommendations for Security", RFC 1750, December 1994. 2131, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, [RFC2365] Meyer, D., "Administratively Scoped IP Multicast", BCP
March 1997. 23, RFC 2365, July 1998.
[RFC2292] Stevens, W. and M. Thomas, "Advanced Sockets API for IPv6", [RFC2937] Smith, C., "The Name Service Search Option for DHCP",
RFC 2292, February 1998. RFC 2937, September 2000.
[RFC2365] Meyer, D., "Administratively Scoped IP Multicast", BCP 23, RFC [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins,
2365, July 1998. C., and M. Carney, "Dynamic Host Configuration
Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC2553] Gilligan, R., Thomson, S., Bound, J. and W. Stevens, "Basic [RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and
Socket Interface Extensions for IPv6", RFC 2553, March 1999. W. Stevens, "Basic Socket Interface Extensions for
IPv6", RFC 3493, February 2003.
[RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC [RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei,
2937, September 2000. "Advanced Sockets Application Program Interface (API)
for IPv6", RFC 3542, May 2003.
[RFC3315] Droms, R., et al., "Dynamic Host Configuration Protocol for [RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the
IPv6 (DHCPv6)", RFC 3315, July 2003. Domain Name System (DNS)", RFC 3833, August 2004.
[RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain Name [RFC3927] Cheshire, S., Aboba, B., and E. Guttman, "Dynamic
System (DNS)", RFC 3833, August 2004. Configuration of IPv4 Link-Local Addresses", RFC 3927,
May 2005.
[RFC3927] Cheshire, S., Aboba, B. and E. Guttman, "Dynamic Configuration [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and
of Link-Local IPv4 Addresses", RFC 3927, October 2004. S. Rose, "DNS Security Introduction and Requirements",
RFC 4033, March 2005.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose, [RFC4086] Eastlake, D., 3rd, Schiller, J., and S. Crocker,
"DNS Security Introduction and Requirement", RFC 4033, March "Randomness Requirements for Security", BCP 106, RFC
2005. 4086, June 2005.
Acknowledgments 9. Acknowledgments
This work builds upon original work done on multicast DNS by Bill This work builds upon original work done on multicast DNS by Bill
Manning and Bill Woodcock. Bill Manning's work was funded under Manning and Bill Woodcock. Bill Manning's work was funded under
DARPA grant #F30602-99-1-0523. The authors gratefully acknowledge DARPA grant #F30602-99-1-0523. The authors gratefully acknowledge
their contribution to the current specification. Constructive input their contribution to the current specification. Constructive input
has also been received from Mark Andrews, Rob Austein, Randy Bush, has also been received from Mark Andrews, Rob Austein, Randy Bush,
Stuart Cheshire, Ralph Droms, Robert Elz, James Gilroy, Olafur Stuart Cheshire, Ralph Droms, Robert Elz, James Gilroy, Olafur
Gudmundsson, Andreas Gustafsson, Erik Guttman, Myron Hattig, Gudmundsson, Andreas Gustafsson, Erik Guttman, Myron Hattig,
Christian Huitema, Olaf Kolkman, Mika Liljeberg, Keith Moore, Christian Huitema, Olaf Kolkman, Mika Liljeberg, Keith Moore,
Tomohide Nagashima, Thomas Narten, Erik Nordmark, Markku Savela, Mike Tomohide Nagashima, Thomas Narten, Erik Nordmark, Markku Savela, Mike
skipping to change at page 29, line 5 skipping to change at page 31, line 5
Phone: +1 425 703 8835 Phone: +1 425 703 8835
EMail: dthaler@microsoft.com EMail: dthaler@microsoft.com
Levon Esibov Levon Esibov
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052 Redmond, WA 98052
EMail: levone@microsoft.com EMail: levone@microsoft.com
Intellectual Property Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf- this standard. Please address the information to the IETF at
ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgement
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 168 change blocks. 
519 lines changed or deleted 518 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/