Link-local Multicast Name Resolution (LLMNR)
draft-ietf-dnsext-mdns-47

INTERNET-DRAFT                    LLMNR                   13 August 2006

   data.

   In situations where LLMNR is configured as a secondary name
   resolution protocol on a dual-stack host, behavior will be governed
   by both IPv4 and IPv6 configuration mechanisms.  Since IPv4 and IPv6
   utilize distinct configuration mechanisms, it is possible for a dual
   stack host to be configured with the address of a DNS server over
   IPv4, while remaining unconfigured with a DNS server suitable for use
   over IPv6.

   In these situations, a dual stack host will send AAAA queries to the
   configured DNS server over IPv4.  However, an IPv6-only host
   unconfigured with a DNS server suitable for use over IPv6 will be
   unable to resolve names using DNS.  Automatic IPv6 DNS configuration
   mechanisms (such as [RFC3315] and [DNSDisc]) are not yet widely
   deployed, and not all DNS servers support IPv6.  Therefore lack of
   IPv6 DNS configuration may be a common problem in the short term, and
   LLMNR may prove useful in enabling link-local name resolution over
   IPv6.

   Where a DHCPv4 server is available but not a DHCPv6 server [RFC3315],
   IPv6-only hosts may not be configured with a DNS server.  Where there
   is no DNS server authoritative for the name of a host or the
   authoritative DNS server does not support dynamic client update over
   IPv6 or DHCPv6-based dynamic update, then an IPv6-only host will not
   be able to do DNS dynamic update, and other hosts will not be able to
   resolve its name.

   For example, if the configured DNS server responds to a AAAA RR query
   sent over IPv4 or IPv6 with an authoritative name error (RCODE=3) or
   RCODE=0 and an empty answer section, then a AAAA RR query sent using
   LLMNR over IPv6 may be successful in resolving the name of an
   IPv6-only host on the local link.

   Similarly, if a DHCPv4 server is available providing DNS server
   configuration, and DNS server(s) exist which are authoritative for
   the A RRs of local hosts and support either dynamic client update
   over IPv4 or DHCPv4-based dynamic update, then the names of local
   IPv4 hosts can be resolved over IPv4 without LLMNR.  However,  if no
   DNS server is authoritative for the names of local hosts, or the
   authoritative DNS server(s) do not support dynamic update, then LLMNR
   enables link-local name resolution over IPv4.

   It is possible that DNS configuration mechanisms will go in and out
   of service.  In these circumstances, it is possible for hosts within
   an administrative domain to be inconsistent in their DNS
   configuration.

Aboba, Thaler & Esibov       Standards Track                   [Page 17]
INTERNET-DRAFT                    LLMNR                   13 August 2006

   For example, where DHCP is used for configuring DNS servers, one or
   more DHCP servers can fail.  As a result, hosts configured prior to
   the outage will be configured with a DNS server, while hosts
   configured after the outage will not.  Alternatively, it is possible
   for the DNS configuration mechanism to continue functioning while
   configured DNS servers fail.

   An outage in the DNS configuration mechanism may result in hosts
   continuing to use LLMNR even once the outage is repaired.  Since
   LLMNR only enables link-local name resolution, this represents a
   degradation in capabilities.  As a result, hosts without a configured
   DNS server may wish to periodically attempt to obtain DNS
   configuration if permitted by the configuration mechanism in use.  In
   the absence of other guidance, a default retry interval of one (1)
   minute is RECOMMENDED.

4.  Conflict Resolution

   By default, a responder SHOULD be configured to behave as though its
   name is UNIQUE on each interface on which LLMNR is enabled.  However,
   it is also possible to configure multiple responders to be
   authoritative for the same name.  For example, multiple responders
   MAY respond to a query for an A or AAAA type record for a cluster
   name (assigned to multiple hosts in the cluster).

   To detect duplicate use of a name, an administrator can use a name
   resolution utility which employs LLMNR and lists both responses and
   responders.  This would allow an administrator to diagnose behavior
   and potentially to intervene and reconfigure LLMNR responders who
   should not be configured to respond to the same name.

4.1.  Uniqueness Verification

   Prior to sending an LLMNR response with the 'T' bit clear, a
   responder configured with a UNIQUE name MUST verify that there is no
   other host within the scope of LLMNR query propagation that is
   authoritative for the same name on that interface.

   Once a responder has verified that its name is UNIQUE, if it receives
   an LLMNR query for that name, with the 'C' bit clear, it MUST
   respond, with the 'T' bit clear. Prior to verifying that its name is
   UNIQUE, a responder MUST set the 'T' bit in responses.

   Uniqueness verification is carried out when the host:

     - starts up or is rebooted
     - wakes from sleep (if the network interface was inactive
       during sleep)

Aboba, Thaler & Esibov       Standards Track                   [Page 18]
INTERNET-DRAFT                    LLMNR                   13 August 2006

     - is configured to respond to LLMNR queries on an interface
       enabled for transmission and reception of IP traffic
     - is configured to respond to LLMNR queries using additional
       UNIQUE resource records
     - verifies the acquisition of a new IP address and configuration
       on an interface

   To verify uniqueness, a responder MUST send an LLMNR query with the
   'C' bit clear, over all protocols on which it responds to LLMNR
   queries (IPv4 and/or IPv6).  It is RECOMMENDED that responders verify
   uniqueness of a name by sending a query for the name with type='ANY'.

   If no response is received, the sender retransmits the query, as
   specified in Section 2.7.  If a response is received, the sender MUST
   check if the source address matches the address of any of its
   interfaces; if so, then the response is not considered a conflict,
   since it originates from the sender.  To avoid triggering conflict
   detection, a responder that detects that it is connected to the same
   link on multiple interfaces SHOULD set the 'C' bit in responses.

   If a response is received with the 'T' bit clear, the responder MUST
   NOT use the name in response to LLMNR queries received over any
   protocol (IPv4 or IPv6).  If a response is received with the 'T' bit
   set, the responder MUST check if the source IP address in the
   response is lexicographically smaller than the source IP address in
   the query.  If so, the responder MUST NOT use the name in response to
   LLMNR queries received over any protocol (IPv4 or IPv6).  For the
   purpose of uniqueness verification, the contents of the answer
   section in a response is irrelevant.

   Periodically carrying out uniqueness verification in an attempt to
   detect name conflicts is not necessary, wastes network bandwidth, and
   may actually be detrimental.  For example, if network links are
   joined only briefly, and are separated again before any new
   communication is initiated, temporary conflicts are benign and no
   forced reconfiguration is required.  LLMNR responders SHOULD NOT
   periodically attempt uniqueness verification.

4.2.  Conflict Detection and Defense

   Hosts on disjoint network links may configure the same name for use
   with LLMNR.  If these separate network links are later joined or
   bridged together, then there may be multiple hosts which are now on
   the same link, trying to use the same name.

   In order to enable ongoing detection of name conflicts, when an LLMNR
   sender receives multiple LLMNR responses to a query, it MUST check if
   the 'C' bit is clear in any of the responses.  If so, the sender

Aboba, Thaler & Esibov       Standards Track                   [Page 19]
INTERNET-DRAFT                    LLMNR                   13 August 2006

   SHOULD send another query for the same name, type and class, this
   time with the 'C' bit set, with the potentially conflicting resource
   records included in the additional section.

   Queries with the 'C' bit set are considered advisory and responders
   MUST verify the existence of a conflict before acting on it.  A
   responder receiving a query with the 'C' bit set MUST NOT respond.

   If the query is for a UNIQUE name, then the responder MUST send its
   own query for the same name, type and class, with the 'C' bit clear.
   If a response is received, the sender MUST check if the source
   address matches the address of any of its interfaces; if so, then the
   response is not considered a conflict, since it originates from the
   sender.  To avoid triggering conflict detection, a responder that
   detects that it is connected to the same link on multiple interfaces
   SHOULD set the 'C' bit in responses.

   An LLMNR responder MUST NOT ignore conflicts once detected and SHOULD
   log them.  Upon detecting a conflict, an LLMNR responder MUST
   immediately stop using the conflicting name in response to LLMNR
   queries received over any supported protocol, if the source IP
   address in the response, is lexicographically smaller than than the
   source IP address in the uniqueness verification query.

   After stopping the use of a name, the responder MAY elect to
   configure a new name.  However, since name reconfiguration may be
   disruptive, this is not required, and a responder may have been
   configured to respond to multiple names so that alternative names may
   already be available.  A host that has stopped the use of a name may
   attempt uniqueness verification again after the expiration of the TTL
   of the conflicting response.

4.3.  Considerations for Multiple Interfaces

   A multi-homed host may elect to configure LLMNR on only one of its
   active interfaces.  In many situations this will be adequate.
   However, should a host need to configure LLMNR on more than one of
   its active interfaces, there are some additional precautions it MUST
   take.  Implementers who are not planning to support LLMNR on multiple
   interfaces simultaneously may skip this section.

   Where a host is configured to issue LLMNR queries on more than one
   interface, each interface maintains its own independent LLMNR
   resolver cache, containing the responses to LLMNR queries.

   A multi-homed host checks the uniqueness of UNIQUE records as
   described in Section 4.  The situation is illustrated in Figure 1.

Aboba, Thaler & Esibov       Standards Track                   [Page 20]
INTERNET-DRAFT                    LLMNR                   13 August 2006

        ----------  ----------
         |      |    |      |
        [A]    [myhost]   [myhost]

      Figure 1.  Link-scope name conflict

   In this situation, the multi-homed myhost will probe for, and defend,
   its host name on both interfaces.  A conflict will be detected on one
   interface, but not the other.  The multi-homed myhost will not be
   able to respond with a host RR for "myhost" on the interface on the
   right (see Figure 1).  The multi-homed host may, however, be
   configured to use the "myhost" name on the interface on the left.

   Since names are only unique per-link, hosts on different links could
   be using the same name.  If an LLMNR client sends queries over
   multiple interfaces, and receives responses from more than one, the
   result returned to the client is defined by the implementation.  The
   situation is illustrated in Figure 2.

        ----------  ----------
         |      |    |     |
        [A]    [myhost]   [A]

      Figure 2.  Off-segment name conflict

   If host myhost is configured to use LLMNR on both interfaces, it will
   send LLMNR queries on both interfaces.  When host myhost sends a
   query for the host RR for name "A" it will receive a response from
   hosts on both interfaces.

   Host myhost cannot distinguish between the situation shown in Figure
   2, and that shown in Figure 3 where no conflict exists.

                [A]
               |   |
           -----   -----
               |   |
              [myhost]

      Figure 3.  Multiple paths to same host

   This illustrates that the proposed name conflict resolution mechanism
   does not support detection or resolution of conflicts between hosts
   on different links.  This problem can also occur with DNS when a
   multi-homed host is connected to two different networks with
   separated name spaces.  It is not the intent of this document to
   address the issue of uniqueness of names within DNS.

Aboba, Thaler & Esibov       Standards Track                   [Page 21]
INTERNET-DRAFT                    LLMNR                   13 August 2006

4.4.  API Issues

   [RFC2553] provides an API which can partially solve the name
   ambiguity problem for applications written to use this API, since the
   sockaddr_in6 structure exposes the scope within which each scoped
   address exists, and this structure can be used for both IPv4 (using
   v4-mapped IPv6 addresses) and IPv6 addresses.

   Following the example in Figure 2, an application on 'myhost' issues
   the request getaddrinfo("A", ...) with ai_family=AF_INET6 and
   ai_flags=AI_ALL|AI_V4MAPPED.  LLMNR queries will be sent from both
   interfaces and the resolver library will return a list containing
   multiple addrinfo structures, each with an associated sockaddr_in6
   structure.  This list will thus contain the IPv4 and IPv6 addresses
   of both hosts responding to the name 'A'.  Link-local addresses will
   have a sin6_scope_id value that disambiguates which interface is used
   to reach the address.  Of course, to the application, Figures 2 and 3
   are still indistinguishable, but this API allows the application to
   communicate successfully with any address in the list.

5.  Security Considerations

   LLMNR is a peer-to-peer name resolution protocol designed for use on
   the local link.  While LLMNR limits the vulnerability of responders
   to off-link senders, it is possible for an off-link responder to
   reach a sender.

   In scenarios such as public "hotspots" attackers can be present on
   the same link.  These threats are most serious in wireless networks
   such as IEEE 802.11, since attackers on a wired network will require
   physical access to the network, while wireless attackers may mount
   attacks from a distance.  Link-layer security such as [IEEE-802.11i]
   can be of assistance against these threats if it is available.

   This section details security measures available to mitigate threats
   from on and off-link attackers.

5.1.  Denial of Service

   Attackers may take advantage of LLMNR conflict detection by
   allocating the same name, denying service to other LLMNR responders
   and possibly allowing an attacker to receive packets destined for
   other hosts.  By logging conflicts, LLMNR responders can provide
   forensic evidence of these attacks.

   An attacker may spoof LLMNR queries from a victim's address in order
   to mount a denial of service attack.  Responders setting the IPv6 Hop
   Limit or IPv4 TTL field to a value larger than one in an LLMNR UDP

Aboba, Thaler & Esibov       Standards Track                   [Page 22]
INTERNET-DRAFT                    LLMNR                   13 August 2006

   response may be able to reach the victim across the Internet.

   While LLMNR responders only respond to queries for which they are
   authoritative and LLMNR does not provide wildcard query support, an
   LLMNR response may be larger than the query, and an attacker can
   generate multiple responses to a query for a name used by multiple
   responders.  A sender may protect itself against unsolicited
   responses by silently discarding them.

5.2.  Spoofing

   LLMNR is designed to prevent reception of queries sent by an off-link
   attacker.  LLMNR requires that responders receiving UDP queries check
   that they are sent to a link-scope multicast address.  However, it is
   possible that some routers may not properly implement link-scope
   multicast, or that link-scope multicast addresses may leak into the
   multicast routing system.  To prevent successful setup of TCP
   connections by an off-link sender, responders receiving a TCP SYN
   reply with a TCP SYN-ACK with TTL set to one (1).

   While it is difficult for an off-link attacker to send an LLMNR query
   to a responder,  it is possible for an off-link attacker to spoof a
   response to a query (such as an A or AAAA query for a popular
   Internet host), and by using a TTL or Hop Limit field larger than one
   (1), for the forged response to reach the LLMNR sender.  Since the
   forged response will only be accepted if it contains a matching ID
   field, choosing a pseudo-random ID field within queries provides some
   protection against off-link responders.

   When LLMNR is utilized as a secondary name resolution service,
   queries can be sent when DNS server(s) do not respond.  An attacker
   can execute a denial of service attack on the DNS server(s) and then
   poison the LLMNR cache by responding to an LLMNR query with incorrect
   information.  As noted in "Threat Analysis of the Domain Name System
   (DNS)" [RFC3833] these threats also exist with DNS, since DNS
   response spoofing tools are available that can allow an attacker to
   respond to a query more quickly than a distant DNS server.  However,
   while switched networks or link-layer security may make it difficult
   for an on-link attacker to snoop unicast DNS queries,  multicast
   LLMNR queries are propagated to all hosts on the link, making it
   possible for an on-link attacker to spoof LLMNR responses without
   having to guess the value of the ID field in the query.

   Since LLMNR queries are sent and responded to on the local link, an
   attacker will need to respond more quickly to provide its own
   response prior to arrival of the response from a legitimate
   responder.   If an LLMNR query is sent for an off-link host, spoofing
   a response in a timely way is not difficult, since a legitimate

Aboba, Thaler & Esibov       Standards Track                   [Page 23]
INTERNET-DRAFT                    LLMNR                   13 August 2006

   response will never be received.

   This vulnerability can be reduced by limiting use of LLMNR to
   resolution of single-label names as described in Section 3, or by
   implementation of authentication (see Section 5.3).

5.3.  Authentication

   LLMNR is a peer-to-peer name resolution protocol, and as a result,
   it is often deployed in situations where no trust model can be
   assumed.  Where a pre-arranged security configuration is possible,
   the following security mechanisms may be used:

[a]  LLMNR implementations MAY support TSIG [RFC2845] and/or SIG(0)
     [RFC2931] security mechanisms.  "DNS Name Service based on Secure
     Multicast DNS for IPv6 Mobile Ad Hoc Networks" [LLMNRSec] describes
     the use of TSIG to secure LLMNR, based on group keys.  While group
     keys can be used to demonstrate membership in a group, they do not
     protect against forgery by an attacker that is a member of the
     group.

[b]  IPsec ESP with null encryption algorithm MAY be used to
     authenticate unicast LLMNR queries and responses or LLMNR responses
     to multicast queries.  In a small network without a certificate
     authority, this can be most easily accomplished through
     configuration of a group pre-shared key for trusted hosts.  As with
     TSIG, this does not protect against forgery by an attacker with
     access to the group pre-shared key.

[c]  LLMNR implementations MAY support DNSSEC [RFC4033].  In order to
     support DNSSEC, LLMNR implementations MAY be configured with trust
     anchors, or they MAY make use of keys obtained from DNS queries.
     Since LLMNR does not support "delegated trust" (CD or AD bits),
     LLMNR implementations cannot make use of DNSSEC unless they are
     DNSSEC-aware and support validation.  Unlike approaches [a] or [b],
     DNSSEC permits a responder to demonstrate ownership of a name, not
     just membership within a trusted group.  As a result, it enables
     protection against forgery.

5.4.  Cache and Port Separation

   In order to prevent responses to LLMNR queries from polluting the DNS
   cache, LLMNR implementations MUST use a distinct, isolated cache for
   LLMNR on each interface.  LLMNR operates on a separate port from DNS,
   reducing the likelihood that a DNS server will unintentionally
   respond to an LLMNR query.

   If a DNS server is running on a host that supports LLMNR, the LLMNR

Aboba, Thaler & Esibov       Standards Track                   [Page 24]
INTERNET-DRAFT                    LLMNR                   13 August 2006

   responder on that host MUST respond to LLMNR queries only for the
   RRSets relating to the host on which the server is running, but MUST
   NOT respond for other records for which the DNS server is
   authoritative.  DNS servers MUST NOT send LLMNR queries in order to
   resolve DNS queries.

6.  IANA Considerations

   This specification creates a new name space: the LLMNR namespace.

   In order to to avoid creating any new administrative procedures,
   administration of the LLMNR namespace will piggyback on the
   administration of the DNS namespace.

   The rights to use a fully qualified domain name (FQDN) within LLMNR
   are obtained by acquiring the rights to use that name within DNS.
   Those wishing to use a FQDN within LLMNR should first acquire the
   rights to use the corresponding FQDN within DNS.  Using a FQDN within
   LLMNR without ownership of the corresponding name in DNS creates the
   possibility of conflict and therefore is discouraged.

   LLMNR responders may self-allocate a name within the single-label
   name space, first defined in [RFC1001].  Since single-label names are
   not unique, no registration process is required.

7.  Constants

   The following timing constants are used in this protocol; they are
   not intended to be user configurable.

      JITTER_INTERVAL      100 ms
      LLMNR_TIMEOUT        1 second (if set statically on all interfaces)
                           100 ms (IEEE 802 media, including IEEE 802.11)

8.  References

8.1.  Normative References

[RFC1001] Auerbach, K. and A. Aggarwal, "Protocol Standard for a NetBIOS
          Service on a TCP/UDP Transport: Concepts and Methods", RFC
          1001, March 1987.

[RFC1035] Mockapetris, P., "Domain Names - Implementation and
          Specification", RFC 1035, November 1987.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
          Requirement Levels", BCP 14, RFC 2119, March 1997.

Aboba, Thaler & Esibov       Standards Track                   [Page 25]
INTERNET-DRAFT                    LLMNR                   13 August 2006

[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
          Specification", RFC 2181, July 1997.

[RFC2308] Andrews, M., "Negative Caching of DNS Queries (DNS NCACHE)",
          RFC 2308, March 1998.

[RFC2373] Hinden, R. and S. Deering, "IP Version 6 Addressing
          Architecture", RFC 2373, July 1998.

[RFC2434] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA
          Considerations Section in RFCs", BCP 26, RFC 2434, October
          1998.

[RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)", RFC 2671,
          August 1999.

[RFC2845] Vixie, P., Gudmundsson, O., Eastlake, D. and B. Wellington,
          "Secret Key Transaction Authentication for DNS (TSIG)", RFC
          2845, May 2000.

[RFC2931] Eastlake, D., "DNS Request and Transaction Signatures
          (SIG(0)s)", RFC 2931, September 2000.

8.2.  Informative References

[DNSPerf] Jung, J., et al., "DNS Performance and the Effectiveness of
          Caching", IEEE/ACM Transactions on Networking, Volume 10,
          Number 5, pp. 589, October 2002.

[DNSDisc] Durand, A., Hagino, I. and D. Thaler, "Well known site local
          unicast addresses to communicate with recursive DNS servers",
          Internet draft (work in progress), draft-ietf-ipv6-dns-
          discovery-07.txt, October 2002.

[IEEE-802.11i]
          Institute of Electrical and Electronics Engineers, "Supplement
          to Standard for Telecommunications and Information Exchange
          Between Systems - LAN/MAN Specific Requirements - Part 11:
          Wireless LAN Medium Access Control (MAC) and Physical Layer
          (PHY) Specifications: Specification for Enhanced Security",
          IEEE 802.11i, July 2004.

[LLMNREnable]
          Guttman, E., "DHCP LLMNR Enable Option", Internet draft (work
          in progress), draft-guttman-mdns-enable-02.txt, April 2002.

[LLMNRSec]
          Jeong, J., Park, J. and H. Kim, "DNS Name Service based on

Aboba, Thaler & Esibov       Standards Track                   [Page 26]
INTERNET-DRAFT                    LLMNR                   13 August 2006

          Secure Multicast DNS for IPv6 Mobile Ad Hoc Networks", ICACT
          2004, Phoenix Park, Korea, February 9-11, 2004.

[POSIX]   IEEE Std. 1003.1-2001 Standard for Information Technology --
          Portable Operating System Interface (POSIX). Open Group
          Technical Standard: Base Specifications, Issue 6, December
          2001.  ISO/IEC 9945:2002.  http://www.opengroup.org/austin

[RFC1536] Kumar, A., et. al., "DNS Implementation Errors and Suggested
          Fixes", RFC 1536, October 1993.

[RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
          Recommendations for Security", RFC 1750, December 1994.

[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
          March 1997.

[RFC2292] Stevens, W. and M. Thomas, "Advanced Sockets API for IPv6",
          RFC 2292, February 1998.

[RFC2365] Meyer, D., "Administratively Scoped IP Multicast", BCP 23, RFC
          2365, July 1998.

[RFC2553] Gilligan, R., Thomson, S., Bound, J. and W. Stevens, "Basic
          Socket Interface Extensions for IPv6", RFC 2553, March 1999.

[RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC
          2937, September 2000.

[RFC3315] Droms, R., et al., "Dynamic Host Configuration Protocol for
          IPv6 (DHCPv6)", RFC 3315, July 2003.

[RFC3833] Atkins, D. and R. Austein, "Threat Analysis of the Domain Name
          System (DNS)", RFC 3833, August 2004.

[RFC3927] Cheshire, S., Aboba, B. and E. Guttman, "Dynamic Configuration
          of Link-Local IPv4 Addresses", RFC 3927, October 2004.

[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D. and S. Rose,
          "DNS Security Introduction and Requirement", RFC 4033, March
          2005.

Aboba, Thaler & Esibov       Standards Track                   [Page 27]
INTERNET-DRAFT                    LLMNR                   13 August 2006

Acknowledgments

   This work builds upon original work done on multicast DNS by Bill
   Manning and Bill Woodcock.  Bill Manning's work was funded under
   DARPA grant #F30602-99-1-0523.  The authors gratefully acknowledge
   their contribution to the current specification.  Constructive input
   has also been received from Mark Andrews, Rob Austein, Randy Bush,
   Stuart Cheshire, Ralph Droms, Robert Elz, James Gilroy, Olafur
   Gudmundsson, Andreas Gustafsson, Erik Guttman, Myron Hattig,
   Christian Huitema, Olaf Kolkman, Mika Liljeberg, Keith Moore,
   Tomohide Nagashima, Thomas Narten, Erik Nordmark, Markku Savela, Mike
   St. Johns, Sander van Valkenburg, and Brian Zill.

Authors' Addresses

   Bernard Aboba
   Microsoft Corporation
   One Microsoft Way
   Redmond, WA 98052

   Phone: +1 425 706 6605
   EMail: bernarda@microsoft.com

   Dave Thaler
   Microsoft Corporation
   One Microsoft Way
   Redmond, WA 98052

   Phone: +1 425 703 8835
   EMail: dthaler@microsoft.com

   Levon Esibov
   Microsoft Corporation
   One Microsoft Way
   Redmond, WA 98052

   EMail: levone@microsoft.com

Aboba, Thaler & Esibov       Standards Track                   [Page 28]
INTERNET-DRAFT                    LLMNR                   13 August 2006

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.

Aboba, Thaler & Esibov       Standards Track                   [Page 29]