IETF Logo Mail Archive

Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' to Proposed Standard

Brian E Carpenter <brc@zurich.ibm.com> Tue, 30 August 2005 15:01 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EA7cO-0004Ad-Ub; Tue, 30 Aug 2005 11:01:44 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EA7cL-00049X-Pe for ietf@megatron.ietf.org; Tue, 30 Aug 2005 11:01:42 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17613 for <ietf@ietf.org>; Tue, 30 Aug 2005 11:01:39 -0400 (EDT)
Received: from mtagate4.uk.ibm.com ([195.212.29.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EA7du-0003Xz-3Q for ietf@ietf.org; Tue, 30 Aug 2005 11:03:19 -0400
Received: from d06nrmr1407.portsmouth.uk.ibm.com (d06nrmr1407.portsmouth.uk.ibm.com [9.149.38.185]) by mtagate4.uk.ibm.com (8.12.10/8.12.10) with ESMTP id j7UF1TKT225978 for <ietf@ietf.org>; Tue, 30 Aug 2005 15:01:29 GMT
Received: from d06av03.portsmouth.uk.ibm.com (d06av03.portsmouth.uk.ibm.com [9.149.37.213]) by d06nrmr1407.portsmouth.uk.ibm.com (8.12.10/NCO/VERS6.7) with ESMTP id j7UF1TJv287870 for <ietf@ietf.org>; Tue, 30 Aug 2005 16:01:29 +0100
Received: from d06av03.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av03.portsmouth.uk.ibm.com (8.12.11/8.13.3) with ESMTP id j7UF1TvS001241 for <ietf@ietf.org>; Tue, 30 Aug 2005 16:01:29 +0100
Received: from sihl.zurich.ibm.com (sihl.zurich.ibm.com [9.4.16.232]) by d06av03.portsmouth.uk.ibm.com (8.12.11/8.12.11) with ESMTP id j7UF1TEQ001226; Tue, 30 Aug 2005 16:01:29 +0100
Received: from zurich.ibm.com (sig-9-146-223-240.de.ibm.com [9.146.223.240]) by sihl.zurich.ibm.com (AIX4.3/8.9.3p2/8.9.3) with ESMTP id RAA69070; Tue, 30 Aug 2005 17:01:28 +0200
Message-ID: <431474C6.5010301@zurich.ibm.com>
Date: Tue, 30 Aug 2005 17:01:26 +0200
From: Brian E Carpenter <brc@zurich.ibm.com>
Organization: IBM
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en, fr, de
MIME-Version: 1.0
To: peter@peter-dambier.de
References: <200508260153.j7Q1rBPj000783@relay4.apple.com> <20050826072055.GA15833@nic.fr> <87ll2pkquy.fsf@windlord.stanford.edu> <430EFCFF.1010203@zurich.ibm.com> <17167.14936.141345.6653@chiark.greenend.org.uk> <43130559.5090503@zurich.ibm.com> <17172.13829.578376.489917@chiark.greenend.org.uk> <4314686B.1090207@peter-dambier.de>
In-Reply-To: <4314686B.1090207@peter-dambier.de>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5ebbf074524e58e662bc8209a6235027
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
Subject: Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' to Proposed Standard
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

Peter,

I'm afraid I don't understand. As far as I can understand,
mDNS uses the .local pseudo-domain and LLMNR does not.
So how can LLMNR be blamed for bogus queries for *.local?

I can easily configure my Windows box to default to *.local.
But why would I want to?

    Brian

Peter Dambier wrote:
> Ian Jackson wrote:
> 
>> Brian E Carpenter writes ("Re: Last Call: 'Linklocal Multicast Name 
>> Resolution (LLMNR)' to    Proposed  Standard"):
>>
>>> Ian Jackson wrote:
>>>
>>>> Sorry to be pejorative, but as a DNS implementor[1] I'm amazed to find
>>>> senior IETF/IESG people seriously contemplating the kind of namespace
>>>> confusion which is fundamental in the LLMNR protocol design.
>>>
>>>
>>> Can you spell that out please? Since it uses a different port number,
>>> where does the confusion occur?
> 
> 
> The confusion occurs on the root servers.
> 
> I dont really know if it was some LLMNR enabled windows machine, but
> they definitely asked DNS first and on port 53. If we supply a dummy
> zone like we do for localhost then those boxes do break.
> 
>> What does the port number have to do with it ?  That's an
>> implementation detail (from the point of view of this complaint; many
>> other complaints might well be about these kind of details).
>>
>> The LLMNR model supposes that when an application asks for data of a
>> certain type associated with a certain name (ie, when the application
>> thinks it's asking for a DNS query) answers may come from either the
>> real DNS system or, even if the real DNS is authoritative for the
>> relevant name but denies that it exists, from LLMNR.
> 
> 
> You name it: The implementation asks DNS for garbadge.local and if we
> say 127.0.0.1 then windows breaks.
> 
> If we dont supply the krutch then 25% of our root server traffic is
> for .local because they repeat their question again and again on all
> 13 if the root servers.
> 
>> See draft-ietf-dnsext-mdns-42 s2 bullet point [2].
>>
>> It is not true that separating LLMNR out on a different port, and
>> introducing other incompatibilities, prevents confusion between LLMNR
>> and the real DNS.  Applications will still see a bizarre mix of real
>> and LLMNR data.
>>
>> On the other hand, mDNS has a much better scheme: the mDNS
>> specification defines the tree under `.local' for mDNS use.  Names in
>> .local are looked up with mDNS and names elsewhere via the real DNS.
>> This means that applications always either see the data intended for
>> them, or (transient) failure if the relevant mechanism isn't
>> available.
>>
>> Stuart Cheshire makes IMO a very cogent argument in
>> <200508251931.j7PJV7aR006028@relay4.apple.com>, where he says:
>> ] What's weird about LLMNR is that it blurs what's global and what's 
>> local.
>> ] With LLMNR you can call your television "tv.ietf.org" if you want, 
>> and as
>> ] long as the IETF's name server returns NXDOMAIN (which it does today)
>> ] then a LLMNR-compliant host will fail over to local multicast and 
>> resolve
>> ] that name to your television's address. This sends a very strange 
>> message
>> ] to end users -- it suggests they can use any name they want in any 
>> domain
>> ] they want without having to communicate with any registry. It also 
>> means
>> ] that every failed DNS query will result in a LLMNR multicast on the 
>> local
>> ] network, and (worse) every intentional LLMNR query needs to be preceded
>> ] by a failed DNS query to some unsuspecting DNS server somewhere.
>> ] ] mDNS says that "local" is a free-for-all playground where anyone 
>> can use
>> ] any name and no one has any more right to a particular name than anyone
>> ] else. LLMNR didn't want to do that, but what they've effectively 
>> ended up
>> ] doing instead is saying that the root of the DNS namespace (and
>> ] everything below it) is a free-for-all playground where anyone can use
>> ] any name they want.
>>
>> In addition, mDNS's limitation to `.local' means that deliberate
>> additional incompatibilities to avoid cache pollution in the real DNS
>> is not necessary; since mDNS is only used for names in `.local',
>> normal precuations against unsolicited DNS replies will prevent the
>> main DNS namespace being polluted with mDNS data.
>>
>> If we are to so strongly fear pollution, mDNS's wide deployment ought
>> to provide some evidence for this from operational experience !  Where
>> is that evidence ?
> 
> 
> mDNS is mostly free of bugs. The dont ask DNS for garbage.local . That is
> why we dont see them.
> 
> 
> Regards,
> Peter Dambier
> 


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email