Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR)' to Proposed Standard

[Peter Dambier <peter at peter-dambier.de>]

Dave Singer wrote:
> I'm a by-stander on this discussion, maybe off-base or out of it -- but 
> something other than the undesirable traffic struck me.
>
> Isn't it also true that I might *deliberately break* all sorts of things 
> by introducing 'blocking' names into DNS responses, so that an LLMNR 
> request is never issued.  So an ISP could 'grab' traffic that the users 
> thought was local, by replying to a DNS request in a proxy (or 
> converting a negative reply into an answer).

Yes,

we have done that accidently. We were told we have broken things on
windows by publishing ".local" in the Public-Root.

We stopped publishing that domain immediately. But yes, all you have
to do is send some random packets, resolving '.local' to the windows
box. The thing will happily cache them and next time ...

> Also, ISPs might be tempted to start turning around DNS requests in 
> their proxies for names that they *think* should be answered by LLMNR, 
> returning resolution failure, so as not to send too much traffic 
> outbound.  This pre-empts the real DNS from ever actually replying.
>
> The whole idea that 'real DNS' can arbitrarily pre-empt local name 
> resolution seems, well, wrong, and needs serious study for security 
> implications for the services using those names, no?


--
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
+49-6252-750308 (VoIP: sipgate.de)
+1-360-448-1275 (VoIP: freeworldialup.com)
mail: peter at peter-dambier.de
http://iason.site.voila.fr
http://www.kokoom.com/iason


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf