IETF Logo Mail Archive

Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR) ' to Proposed Standard

Ned Freed <ned.freed@mrochek.com> Wed, 31 August 2005 16:47 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAVkj-0003gz-Kw; Wed, 31 Aug 2005 12:47:57 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAVkh-0003gr-P5 for ietf@megatron.ietf.org; Wed, 31 Aug 2005 12:47:55 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA29995 for <ietf@ietf.org>; Wed, 31 Aug 2005 12:47:52 -0400 (EDT)
Received: from mauve.mrochek.com ([209.55.107.55]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EAVmU-0002Zh-6H for ietf@ietf.org; Wed, 31 Aug 2005 12:49:46 -0400
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01LSH2D95CW0006QFO@mauve.mrochek.com> (original mail from ned.freed@mrochek.com) for ietf@ietf.org; Wed, 31 Aug 2005 09:47:44 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=nowsp; d=mrochek.com; s=mauve; t=1125506863; h=Date: From:Subject:MIME-version:Content-type; b=Yz2VWut5wiX7ssDKL//KfiHJa WJiX6cKifAGCk4Mgdv7OTFBYz6jLJqAIpQi9znBSSmKsoQ8zSudr2+3ifzjog==
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01LSGX2MCJQ8000092@mauve.mrochek.com>; Wed, 31 Aug 2005 09:47:39 -0700 (PDT)
To: Eric A Hall <ehall@ehsco.com>
Message-id: <01LSH2D827WI000092@mauve.mrochek.com>
Date: Wed, 31 Aug 2005 09:36:41 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Wed, 31 Aug 2005 11:51:41 -0400" <4315D20D.2060400@ehsco.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset="ISO-8859-1"
References: <200508301818.j7UIIHsO018587@relay2.apple.com> <4315D20D.2060400@ehsco.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da
Cc: Stuart Cheshire <cheshire@apple.com>, ietf@ietf.org
Subject: Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR) ' to Proposed Standard
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

> On 8/30/2005 2:18 PM, Stuart Cheshire wrote:

> > Well, in case 1 (mDNS), no, because it won't return a useful result, so
> > why keep doing it?
> >
> > In case 3 (conventional DNS), no, because it won't return a useful
> > result, so why keep doing it?
> >
> > In case 2 (LLMNR) the answer is yes, all the time, if you chose to call
> > your printer "isoc.frog", which LLMNR allows and encourages.

> What part of the specification requires LLMNR names to be processed
> through Internet DNS?

Section 2 states:

  An LLMNR sender may send a request for any name.  However, by
  default, LLMNR requests SHOULD be sent only when one of the following
  conditions are met:

  [1] No manual or automatic DNS configuration has been performed.
      If DNS server address(es) have been configured, then LLMNR
      SHOULD NOT be used as the primary name resolution mechanism,
      although it MAY be used as a secondary name resolution
      mechanism.  For dual stack hosts configured with DNS server
      address(es) for one protocol but not another, this implies
      that DNS queries SHOULD be sent over the protocol configured
      with a DNS server, prior to sending LLMNR queries.

  [2] All attempts to resolve the name via DNS on all interfaces
      have failed after exhausting the searchlist.  This can occur
      because DNS servers did not respond, or because they
      responded to DNS queries with RCODE=3 (Authoritative Name
      Error) or RCODE=0, and an empty answer section.  A dual
      stack host SHOULD attempt to reach DNS servers over all
      protocols on which DNS server address(es) are configured,
      prior to use of LLMNR.

In other words, if I have a name to resolve and I have both LLMNR and DNS
access, I'm supposed to try DNS first, and if that fails, then LLMNR.

> There are lots of similar-looking naming services out there (DNS, NIS,
> NetBIOS, AppleTalk, ...), and there is a significant amount of experience
> in keeping the names and resolution paths separate.

My experience has been that people generally do a lousy job of keeping
these things separate.

> Just because an LLMNR
> name "looks like" a DNS name doesn't make it one (just as an AppleTalk
> name that "looks like" a DNS name doesn't make it one).

THat would be true if LLMNR was indeed designed to offer a disjoint service.
But it isn't. Rather, it appears to be designed to be able to offer both a
disjoint service as well as a sort of backup service to DNS. And that's the
source of the trouble.

Another way of fixing the overlapping namespace problem would be to  require
LLMNR to be truly disjoint from the DNS: Remove all this stuff about using the
DNS as the primary service when available. However, my guess is that such a
service would not be terribly interesting, and that much of the supposed value
opf LLMNR comes from its lashup to the DNS.

				Ned

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email