MicrosoftVery interesting post ! Thanks. One thing I'm not sure I ever understood was if there was a security benefit to disable NetBIOS/LLMNR discoveries if mDNS remained. They all look pretty similar to me, security wise.
MicrosoftMaintenance and adoption are the biggest factors with the LLMNR and NetBIOS removal, from how I understand it. Usage of NetBIOS and LLMNR outside of Windows essentially nil.
mDNS is one of those, "Why didn't I think of this?" standards based on regular old multicast and DNS. Every modern OS has a DNS client/resolver and multicast support, making the addition of mDNS to an OS rather trivial. Which is why mDNS has become the de facto industry standard for DNS-server-less name resolution.
And why maintain three protocols when one will do?
From a security standpoint, your main concern is always trust. Can you trust an address that does not come from a well-defined source, like a DNS server. How do you determine if an answer is poisonous? All three of these name resolution protocols assume the local network is trusted. A zero-trust network can therefore not trust these protocols.
While disabling mDNS improves your network security, it breaks several convenience technologies like wireless screen sharing (Miracast), printer discovery, and media sharing technologies like Chromecast and AirPlay. Which is why zero-trust corporations still need print servers and cabled conference rooms.
