Thursday, December 22, 2011

IPv6 Link-local Multicast Name Resolution (LLMNR) in Windows 7

While I was working on some IPv6 testing I noticed some interesting udp listener ports on my system and I couldn't remember what the port was actually used for. In this case I did the following:

C:\Users\Ed>netstat -p UDPv6 -an

Active Connections

  Proto  Local Address          Foreign Address        State
  UDP    [::]:5355              *:*
<removed for brevity>

UDP port 5355 is part of the Link-local Multicast Name Resolution (LLMNR) process and technically in IPv6 is actually a multicast process listening on the multicast address FF02::1:3

What is the the purpose of LLMNR? LLMNR allows hosts on the same subnet to be able to resolve hostnames without the need for a DNS server. It is based on DNS and the best write up is still by Joseph Davies for his Cable Guy articles.

It is more useful for home network situations or where teams are building out temporary wireless or wired networks to collaborate. Unfortunately, LLMNR isn't utilized by Linux or OSX at all. Apple came up with mDNS and later DNS-SD to address the name resolution issues for local networking and it appears that some Linux implementations utilize that also. There is a nice write up of some of the Zero Configuration Networking options on Wikipedia.
- Ed

2 comments:

kazssym said...

Time has changed the situation slightly and LLMNR is no longer Windows-only. There is now an independent LLMNR implementation for at least GNU/Linux (to be honest, it is my work). Just for your information.

kazssym said...

I made a mistake.
The link must be http://xllmnrd.vx68k.org/
Sorry for the wrong URL.