[systemd-devel] LLMNR should be disabled on new deployments

[Petr Menšík]

Hello everyone,

I would like to request disabling LLMNR protocol in new releases by 
default. The protocol itself is deprecated even by Microsoft, who 
disabled it in Windows 10. I think Multicast DNS is supperior and MS 
thinks it also [1].

Because it is not implemented well in systemd-resolved, it has been 
causing regressions. Because it won't work with the primary system it 
was created for, I think it is good time to disable it in default 
installations. If someone needs it, it can still be enabled manually. 
But because it is breaking single label queries, I think it should not 
be enabled unless requested. It is enabled even on Fedora Server, which 
I consider serious mistake. Since even Windows desktops do not enable it 
anymore, I think also Workstation edition should disable it by default.

I have created pull request [2] for that. Examples, how it breaks 
correct DNS, are in issue [3].

I want to request disabling LLMNR by default in upcoming Fedora 39. I 
would recommend doing that in any other distributions using 
systemd-resolved in default installation.

Any opinions or comments?

Regards,
Petr

1. 
https://techcommunity.microsoft.com/t5/networking-blog/aligning-on-mdns-ramping-down-netbios-name-resolution-and-llmnr/ba-p/3290816
2. https://github.com/systemd/systemd/pull/28263
3. https://github.com/systemd/systemd/issues/23622

-- 
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB