I was tracing a log entry in our firewall that it labeled “an unhandled multicast.” I traced it back to a Windows 8 computer that was emitting llmnr requests. Further study shows that llmnr is part of mDNS, or Bonjour, or Zeroconf. Hmm.
Zeroconf is allowed through the firewall on our main server that handles DHCP and DNS services. Zeroconf appears to be enabled; I am not sure.
What is needed for it to handle the Windows requests?
[SUB]I’ve researched this further. Zeroconf is enabled on our server. How do I tell if it works?
The research showed mDNS uses port 5353, which is part of Zeroconf. When I run an nmap scan on the server, that port is not listed as active. LLMNR broadcasts to port 5355, also not open.
I am guessing that opensuse (linux in general?) does not support LLMNR? I should just disable it in Windows?
Linux supports LLMNR to the best of my knowledge (for example kodi supports this). The question is which zeroconf implementation are you using ?
Is it avahi ?
To check if your port is open on your linux use :
netstat -apn | grep 5353
Also the port my be blocked by your firewall so double check or look at firewall logs :
iptables -L -v
If it’s blocked you need to allow this port via the firewall (most easily done with YaST if you’re using the standard openSUSE method).
> The question is which zeroconf implementation are you using ? Is it avahi ?
The avahi page makes no mention of LLMNR.
$ netstat -apn | grep 535.
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 :::5353 :::* -
The LLMNR port 5355 is not listed.
Some excerpts from iptables -L -v
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere PKTTYPE = broadcast udp dpt:mdns
0 0 ACCEPT udp -- any any anywhere anywhere PKTTYPE = broadcast udp dpt:bootps
34 3246 ACCEPT udp -- any any anywhere anywhere PKTTYPE = broadcast udp dpt:netbios-ns
17 4046 ACCEPT udp -- any any anywhere anywhere PKTTYPE = broadcast udp dpt:netbios-dgm
21 4562 DROP all -- any any anywhere anywhere PKTTYPE = broadcast
1 69 ACCEPT udp -- any any anywhere anywhere udp dpt:mdns
It looks like zeroconf/mdns/bonjour is enabled. The server has been up 9 days. In that time it has recognized a single mdns packet. I guess this makes sense; the firewall logs show LLMNR packets (100s of them per day) on port 5355, not 5353.