Is Link-Local Multicast Name Resolution (LLMNR) a vulnerability in Qubes?

I installed nmap and did this scan within a linux VM:


nmap -p- 10.137.0.0/24

The output showed that only one port was open, which corresponds to Link-Local Multicast Name Resolution (LLMNR) i.e. for DNS name resolution.

Nmap scan report for 10.137.0.14
Host is up (0.000046s latency).
Not shown: 65534 closed tcp ports (conn-refused)
PORT     STATE SERVICE
5355/tcp open  llmnr

Is this risky for Qubes? In other systems people shut it down to avoid attackers spoofing LLMNR and impersonating hosts e.g. they pretend to be bank.com.

If it is risky to leave this service running, what are the alternatives?

I’m using the debian 11 template, it doesn’t have systemd-resolved enabled.

Yes - what template is used by the “linux VM”