I'm a by-stander on this discussion, maybe off-base or out of it --
but something other than the undesirable traffic struck me.
Isn't it also true that I might *deliberately break* all sorts of
things by introducing 'blocking' names into DNS responses, so that an
LLMNR request is never issued. So an ISP could 'grab' traffic that
the users thought was local, by replying to a DNS request in a proxy
(or converting a negative reply into an answer).
Also, ISPs might be tempted to start turning around DNS requests in
their proxies for names that they *think* should be answered by
LLMNR, returning resolution failure, so as not to send too much
traffic outbound. This pre-empts the real DNS from ever actually
replying.
The whole idea that 'real DNS' can arbitrarily pre-empt local name
resolution seems, well, wrong, and needs serious study for security
implications for the services using those names, no?
--
David Singer
Apple Computer/QuickTime
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf