mDNS traffic still present after enabling GPO for Multicast Name Resolution

Brian Cerveny 66 Reputation points
2021-12-02T18:44:54.943+00:00

I've applied a GPO to disable mDNS. I've double-checked the GPO on the local client. The GPO is correct and applied to Computer settings.

Turn off smart multi-homed name resolution - enabled

Turn off multicast name resolution - enabled

I've also checked the TCP/IP WINS settings disable NetBT so no NetBIOS over TCP/IP. I've disabled this on both network adapters Wired and Wireless. I've removed IPv6 as it's not needed.

When I use Wireshark and ping bob.local I can see MDNS traffic. Why is this protocol still working !!!!

I've used this URL as a reference and have disabled and checked all settings according to this article, even checking the registry!!

http://woshub.com/how-to-disable-netbios-over-tcpip-and-llmnr-using-gpo/

I need to fully disable this protocol per our InfoSec Dept.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,039 questions
Accepted answer
  1. Andreas Finstad 81 Reputation points
    2021-12-04T18:41:21.557+00:00

    Hi

    I have discovered this issue too. I also figured out what is doing this.

    Have a look at this: https://f20.be/blog/mdns

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Matthias Münch 5 Reputation points
    2023-09-28T13:10:40.72+00:00

    We ran into the same issue.

    After some research, we found that GPO seemingly created an entry here called "EnableMulticast" (red circle, which we know does nothing), while adding the same entry, just written differently, works. (black circle)

    This makes me wonder if Microsoft somehow added a buggy GPO feature without noticing it for years?11b73993-ffa2-4063-8136-02a66052b0d6

    1 person found this answer helpful.
    0 comments
  2. Limitless Technology 39,611 Reputation points
    2021-12-03T09:13:05.017+00:00

    Hello BrianCerveny,

    You will need to apply these settings to ALL client computers where traffic needs to be blocked.

    Also you can block que source of the traffic which would be the mDNSResponder.exe process or in Services> Disable "Bonjour Service"

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  3. Brian Cerveny 66 Reputation points
    2021-12-03T13:43:23.93+00:00

    GPO is applied to all computers.

    No Apple software and or Bonjour was never installed in our environment.

    mDNSResponder.exe is not running or present.

    Any other options?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.