Name resolution in Windows

Introduction

Whether you are using NetBeui, IPX/SPX, TCP/IP, computers are located through a numeric address, which is hard on users. Therefore, a mechanism is required to translate a literal name (eg. www.acme.com) into its numeric address (eg. 10.0.0.1). This is what name resolution is all about.

Until Windows 2000, network applications of Microsoft operating systems were based on the NetBIOS network API. Being aimed for small networks, name resolution on TCP/IP-based networks was available either through broadcast or LMHOSTS file (the equivalent to /etc/hosts on Unix hosts.) Neither of those methods are satisfactory: Broadcasts should be kept to a minimum, and besides, they are not forwarded by routers; Keeping LMHOSTS in sync is just too much work. The first solution offered by Microsoft is WINS (Windows Internet Name Service, a.k.a. NetBIOS Name Server or NBNS.) Today, Windows 2000 only uses the DNS.

How does it work?

Once a server is running WINS and all clients are set up to include a reference to that WINS server, they register their NetBIOS name and their IP address at boot-up. By default, WINS-capable clients will resolve a NetBIOS name first by querying the WINS server. If WINS doesn't answer, the client will check if it has any LMHOSTS file available. If all else fails, it will resort to broadcast. This behavior can be changed with the attributes set by the DHCP server (if clients use DHCP-based dynamic IP configuration.) If

 you are not using TPC/IP, or using static IP configuration, you'll have to makes changes either in the Registry. This involves choosing one of the four NetBT node types: b-node (only use broadcasts), p-node (only use WINS), m-node (b-node behavior, followed by p-node), or h-node (default for Windows clients that have been configured to register themselves to a WINS server; If WINS resolution fails, resort to b-node behavior.)

h-node algo: If the name is the one of the host itself, done; If not, check if any HOSTS file exists; If not, query a DNS server on UDP 53 using the Domain Name Resolver (DNR); If NOK; If not, check the cache; If NOK, query the WINS server; If NOK, broadcast request; If NOK, check for an LMHOSTS file; If NOK, check for a HOSTS file; If NOK, and if the client has "Use DNS for Windows name resolution" set in its IP configuration, query the DNS servers. Note that the DNS servers must be NT servers since the client sends a WINS-style NetBIOS name query, which non-NT DNS servers do not understand.

Note that a modified b-node exists for NT hosts: Check your local cache; If NOK, use broadcasts; If all else fails, check if an LMHOSTS file exists in \%systemroot%\system32\drivers\etc (NT hosts) or the Windows directory (Win 9x hosts.)

Note that while W2K hosts use DNS to resolve names, other Windows operating systems require the NetBIOS session layer, which required implementing a modified form of the TPC/IP stack: NetBIOS over TCP/IP (NbT or NetBT.)

When a WINS-capable host registers its 15-character NetBIOS name into the WINS server, it also includes a 16th byte to indicate what type of resource it is.

Why did Microsoft dump WINS in W2K? Because the NetBIOS namespace is flat, ie. you cannot have a host named MYHOST in two different workgroups or NT domains if each host will register itself in the WINS server; WINS is not as stable to DNS, and doesn't scale too well; The Internet is DNS-based: If you can't beat them...

Windows 2000 hosts resolve names by first querying all the DNS servers listed in their IP configuration, and use broadcast at last resort. WINS can also be used as a last resort solution before giving up: Install the WINS service on your W2K Server DC, add a WINS Resource Record in the forward and WINS-R Resource Record in the reverse DNS zone files, and have the DC point to the dynamic DNS server running on the network.

WINS is not used, and is only available on Windows 2000 Servers to support NT4 and 9x clients.

Q&A

If an all-Windows 2000 Pro LAN has no connection to a remote W2K Domain Controller running a Microsoft dynamic DNS, and no Samba server is acting as WINS server, do those W2K Pro clients query Unix DNS server before resorting to broadcast?

I have a Samba server on the LAN: Can W2K Pro hosts query its WINS service before resorting to broadcast?

How do clients know which host (Samba) is acting as local master browsing? Do they broadcast once, and cache the IP address of the local MB for later use?

In the DNS section of a W2K IP configuration, what does the following mean: "For resolution of unqualified names: Append primary and connection specifi DNS suffixes (check/uncheck Append parent suffixes of the primary DNS suffix) OR Append these DNS suffixes, followed by DNS suffix for this connection"?

Is c:\WINNT\system32\drivers\etc\hosts used to resolve NetBIOS names?

How do NT4/9x hosts locate a domain controller: NetBT resolution of local master browser?

Why is browsing fast but "net send" slow?

C:\>net view \\mylinux (quick!)

C:\>net send w2k test (slow!)

=> net.exe is a NetBIOS application, and you cannot use a non-Microsoft DNS server because it doesn't support the extra RRs needed to resolve NetBIOS resources ?

 

Resources

• Name Resolution in Windows 2000
• Navigating Name Resolution, Part 1
• Windows NT Domain Browser Service Parameters
• Name Resolvers: WINS vs. DNS
• NetBIOS Suffixes (16th Character of the NetBIOS Name)
• Domain Browsing with TCP/IP and LMHOSTS Files