Stuart Cheshire wrote:
Putting service discovery requirements aside for a moment, the other big
difference between mDNS and LLMNR is that mDNS facilitates local-scoped
names, analogous to RFC 1918 addresses. LLMNR lets you look up a host
name without a DNS server, but it pre-supposes that you HAVE a globally
unique fully-qualified host name in the first place. In contrast, mDNS
says you can call your television "tv.local" if you want, and you don't
need to pay anyone for that name, or ask permission, or know how to
register it in some global database, but at the same time the name has
only local significance so don't expect it to be usable worldwide.
What's weird about LLMNR is that it blurs what's global and what's local.
With LLMNR you can call your television "tv.ietf.org" if you want, and as
long as the IETF's name server returns NXDOMAIN (which it does today)
then a LLMNR-compliant host will fail over to local multicast and resolve
that name to your television's address. This sends a very strange message
to end users -- it suggests they can use any name they want in any domain
they want without having to communicate with any registry. It also means
that every failed DNS query will result in a LLMNR multicast on the local
network, and (worse) every intentional LLMNR query needs to be preceded
by a failed DNS query to some unsuspecting DNS server somewhere.
Here we did have a problem:
In The Public-Root there used to exist a domain ".local". I know at least
of one ISP who complained we did break a lot of windowed PCs.
I dont know why queries for ".local" would leave their private LANs and
reach even our root servers. They did!
That is why we set up a dummy and returned localhost, to get rid of those
bogus queries. That is what finally broke their windows and dropped our
root server traffic some 25%. :)
mDNS says that "local" is a free-for-all playground where anyone can use
any name and no one has any more right to a particular name than anyone
else. LLMNR didn't want to do that, but what they've effectively ended up
doing instead is saying that the root of the DNS namespace (and
everything below it) is a free-for-all playground where anyone can use
any name they want.
Stuart Cheshire <cheshire@xxxxxxxxx>
* Wizard Without Portfolio, Apple Computer, Inc.
* www.stuartcheshire.org
--
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
mail: peter@xxxxxxxxxxxxxxxx
http://iason.site.voila.fr
http://www.kokoom.com/iason
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf