At 3:55 PM -0700 9/18/05, Stuart Cheshire wrote:
mDNS takes the approach that local lookups should be distinguishable from global lookups and accomplishes this through the use of a special local domain (.local).
This claim is one of the bits of misinformation that seems to be spread about mDNS for some reason. It's repeated so often that people who haven't read the draft assume it's true. [...]
(14. Enabling and Disabling Multicast DNS) The option to fail-over to Multicast DNS for names not ending in ".local." SHOULD be a user-configured option, and SHOULD be disabled by default because of the possible security issues related to unintended local resolution of apparently global names.
Okay. Please feel free to insert "In it's recommended default configuration" in whatever place is appropriate to make my statement more accurate.
Regardless of what is specified in mDNS, my point stands that several members of the community raised technical (security) and philosophical (application transparency) issues with the model used by LLMNR. Perhaps they would have the same concerns about this optional feature in mDNS, but that is not my concern at the moment.
Margaret _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf