LLMNR

What is LLMNR

LLMNR (Link-Local Multicast Name Resolution) is a protocol designed to enable name resolution in local networks without the need for a DNS server. It is particularly useful in small or ad-hoc networks where setting up a DNS server may not be feasible. LLMNR operates over port 5355 and uses multicast communication to allow devices to resolve each other's names.

Developed by Microsoft, LLMNR is part of the Windows operating system but is also supported by other operating systems. It is designed to work in environments where traditional DNS may not be available, such as in small office networks or home networks. LLMNR can be particularly useful for resolving names of devices like printers, file shares, and other network resources.

While LLMNR provides a convenient way to resolve names in local networks, it is not without its drawbacks. The protocol is susceptible to certain types of attacks, such as spoofing, where an attacker can respond to name resolution requests with false information. This can lead to security risks, especially in environments where network security is a concern. Therefore, it is often recommended to disable LLMNR in enterprise environments where a DNS server is available and security is a priority.

LLMNR runs on TCP and UDP port 5355 and is official IANA port.