On Mon, 2005-09-05 at 15:02 +0300, Markku Savela wrote: > LLMNR does create extra queries to root servers. Lets say I have named > my local devices in LLMNR as > > "fridge" > "tv" > "vcr" > "myserver" Which would be easily "solved" for both mDNS (when not restricting to .local) by first asking the local network using mDNS/LLMNR and then asking DNS. Which takes away the worry of flooding (root) dns servers. (Misconfigured machines are a bigger problem there) This has a *huge* security issue of course when some one starts replying to all those queries with false data (www.paypal.com anyone?, or responding for www.ietf.org and putting all kind of naughty words in the drafts ;) Then again, hosts on the local network can already easily respond to normal DNS queries too by flooding the switch with MAC addresses, putting it into broadcast mode and then simply responding to queries. Of course one will then get some dupes back from the original one which will make things a bit confusing, but most resolvers don't care about those and simply ignore them anyway (afaik). I guess we want DNSSec here, but that was the whole point -> zeroconf... That said, it would be really good if both mDNS/LLMNR had a 'off' switch. When a real DNS server responds then we have a working DNS server, with mDNS/LLMNR being targetted at zero-conf networks, apparently, as we have DNS, these networks are configured, they have a working DNS server, thus mDNS/LLMNR is not required. Folks can then use DDNS and other methods for registering names. Another thing one could do then is have a real DNS server respond directly to these mDNS/LLMNR queries, which avoids one to even configure a DNS server. Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf