18.5.4.2 Ensure 'Turn off multicast name resolution' is set to 'Enabled' (MS Only)
Info
LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.
The recommended state for this setting is: 'Enabled'.
Rationale:
An attacker can listen on a network for these LLMNR (UDP/5355) or NBT-NS (UDP/137) broadcasts and respond to them, tricking the host into thinking that it knows the location of the requested system.
Note: To completely mitigate local name resolution poisoning, in addition to this setting, the properties of each installed NIC should also be set to 'Disable NetBIOS over TCP/IP' (on the WINS tab in the NIC properties).
Unfortunately, there is no global setting to achieve this that automatically applies to all NICs - it is a per-NIC setting that varies with different NIC hardware installations.
Solution
To establish the recommended configuration via GP, set the following UI path to 'Enabled':
Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Turn off multicast name resolution
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template 'DnsClient.admx/adml' that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).
Impact:
In the event DNS is unavailable a system will be unable to request it from other systems on the same subnet.
18.5.4.2 Ensure 'Turn off multicast name resolution' is set to 'Enabled' (MS Only)
Info
Solution
See Turn off multicast name resolution