IETF Logo Mail Archive

Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' to Proposed Standard

Daniel Karrenberg <daniel.karrenberg@ripe.net> Fri, 02 September 2005 14:19 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EBCNw-0000WC-SZ; Fri, 02 Sep 2005 10:19:16 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAkQ0-0001fb-W6 for ietf@megatron.ietf.org; Thu, 01 Sep 2005 04:27:35 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA03881 for <ietf@ietf.org>; Thu, 1 Sep 2005 04:27:31 -0400 (EDT)
Received: from postman.ripe.net ([193.0.0.199]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EAkRt-0005IU-1Q for ietf@ietf.org; Thu, 01 Sep 2005 04:29:32 -0400
Received: by postman.ripe.net (Postfix, from userid 4008) id 03C1124441; Thu, 1 Sep 2005 10:27:16 +0200 (CEST)
Received: from birch.ripe.net (birch.ripe.net [193.0.1.96]) by postman.ripe.net (Postfix) with ESMTP id CCCF8245B8; Thu, 1 Sep 2005 10:27:14 +0200 (CEST)
Received: from reifa.karrenberg.net (penguin.ripe.net [193.0.1.232]) by birch.ripe.net (8.12.10/8.11.6) with ESMTP id j818R3mq029954; Thu, 1 Sep 2005 10:27:08 +0200
Received: by reifa.karrenberg.net (Postfix, from userid 501) id D8C082B2951; Thu, 1 Sep 2005 10:27:02 +0200 (CEST)
Date: Thu, 01 Sep 2005 10:27:02 +0200
From: Daniel Karrenberg <daniel.karrenberg@ripe.net>
To: Brian E Carpenter <brc@zurich.ibm.com>
Message-ID: <20050901082702.GL19926@reifer-karrenberg-net.local>
References: <p0620071abf3a39e7c365@[172.17.33.112]> <87k6i3rnwc.fsf@windlord.stanford.edu> <431577A3.5080902@peter-dambier.de> <43159104.2@zurich.ibm.com> <1125489257.13785.15.camel@firenze.zurich.ibm.com> <4315A6FE.8060806@zurich.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4315A6FE.8060806@zurich.ibm.com>
User-Agent: Mutt/1.4.2.1i
X-RIPE-Spam-Tests: ALL_TRUSTED,BAYES_00
X-RIPE-Spam-Status: U 0.452563 / -5.9
X-RIPE-Signature: d9f8767b6fd0b5966b50f17675298086
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
X-Mailman-Approved-At: Fri, 02 Sep 2005 10:19:13 -0400
Cc: Olaf Kolkman <OKolkman@ripe.net>, ietf@ietf.org
Subject: Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' to Proposed Standard
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

On 31.08 14:47, Brian E Carpenter wrote:
> 
> That is about 1/3 of the total. It doesn't surprise me at all that
> so many bogus queries arrive - everybody who mistypes a TLD or
> misconfigures a default domain generates bogus queries, and this isn't
> going to change. The question is whether .local is a *significant*
> part of this load. The limited data I have suggest not, but I'd like
> to see publicly available data: what fraction of those NXDOMAINs are
> due to .local?

I believe CAIDA has published something but I cannot find it.
I have had a quick look myself:

Cursory observation of a random sampple from 2004 which I have used for 
other purporses shows that about 15% of the NXDOMAIN answers excluiding 
'.arpa.' are for questions ending in .local. A further 3% are for 
'localhost' and about 20% are for an IP address in dotted-quad format.

The .local queries have a high incidence of labels beginning with 
an underscore and often conain the string "Default-First-Site" in 
various languages such as illustrated by the following examples:

SOA? _kerberos._tcp.Default-First-Site-Name._sites.capital.local
SRV? _ldap._tcp.dc._msdcs.bsztorgau.local
SOA? _kpasswd._tcp.AppliedEngineeringServices.local
SRV? _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.semaia.local
SRV? _ldap._tcp.a9c93f95-51af-4f5d-8280-1171e79176c4.domains._msdcs.Netcare.local
SOA? _ldap._tcp.Standardname-des-ersten-Standorts._sites.gc._msdcs.VESTERBERG.local
SOA? _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.d1asib03.local
SRV? _ldap._tcp.Premier-Site-par-defaut._sites.dc._msdcs.production.local
SOA? _kerberos._udp.Christ.local
SRV? _ldap._tcp.dc._msdcs.production.local
SRV? _ldap._tcp.3b6c4c19-2d29-4ed0-9915-b7b43f3488e3.domains._msdcs.datalog.local
SOA? _kpasswd._udp.tae.local
SOA? _ldap._tcp.Default-First-Site._sites.gc._msdcs.ufficio-tecnico.local

Preventing an increase of this nonsense from getting worse or even reducing
it is a worthy cause because root servers can use all the headroom they can
get. 

Note that this is only an random sample and as such is just an indication
of what is happening. It should be considered not more than anecdotal evidence.

Note also that I do not read the ietf list.

Daniel


_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email