7.1 Name Resolution

7.1 Name Resolution

TCP/IP networks identify systems by IP addresses and always associate these addresses with more human-readable text names. In Microsoft's earliest networking implementations (for MS-DOS and Windows for Workgroups), the translation of names to network addresses was carried out in a manner that was very simple, yet very inefficient. When a system on the network needed an IP address corresponding to a name, it broadcasted the name to every other system on the network and waited for the system that owned the name to respond with its IP address.

The main problem with performing name resolution using broadcast packets is poor performance of the network as a whole, including CPU time consumed by each host on the network, which has to accept every broadcast packet and decide whether to respond to it. Also, broadcast packets usually aren't forwarded by routers, limiting name resolution to the local subnet. Microsoft's solution was to add WINS (Windows Internet Name Service) support to Windows NT so that the computers on the network can perform a direct query of the WINS server instead of using broadcast packets.

Modern Windows clients use a variety of methods for translating hostnames into IP addresses. The exact method varies depending on the version of Windows the client is running, how the client is configured (i.e., whether DNS server and/or WINS server IP addresses are provided), and whether the application software is accessing the network through Microsoft's Winsock or TCP/IP API. In general, Windows uses some combination of the following methods :

• Looking up the name in its cache of recently resolved names

• Querying DNS servers

• Using the DNS Hosts file

• Querying WINS servers

• Using the WINS LMHOSTS file

• Performing broadcast name resolution

The first method is pretty much self-explanatory. A hostname is checked against a cache of hostnames that have been recently resolved to IP addresses. This helps to save time and network bandwidth for resolving names that are used frequently.

When a Windows system is configured with the IP address of at least one DNS server, it can use DNS to resolve fully qualified domain names, such as those for sites on the Internet. The DNS servers can be either Windows NT/2000 or Unix systems. You can learn more about DNS and DNS server configuration in the O'Reilly book DNS and BIND .

In this chapter, we focus mainly on name resolution using WINS, which is supported by Samba with the nmbd daemon.

7.1.1 WINS Clients and Server Interaction

There are two types of interaction between a WINS client and a server: the client keeps its own NetBIOS name ^[1] registered with the server and queries the server to get the IP address corresponding to the NetBIOS name of another system.

^[1] As we explained in Chapter 1, a system can register under more than one NetBIOS name. We use the singular here only to keep our explanation simple.

When a WINS client joins the network, it registers its NetBIOS name with the WINS server, which stores it along with the client's IP address in the WINS database. This entry is marked active . The client is then expected to renew the registration of its name periodically (typically, every four days) to inform the server that it is still using the name. This period is called the time to live , or TTL. When the client leaves the network by being shut down gracefully, it informs the server, and the server marks the client's entry in its database as released .

When a client leaves the network without telling the WINS server to release its name, the server waits until after it fails to receive the expected registration renewal from the client and then marks the entry as released.

In either case, the released name is available for use by other clients joining the network. It might persist in the released state in the WINS database, and if it is not reregistered, the entry will eventually be deleted.

More information on WINS can be found in the Microsoft white paper Windows Internet Naming Service (WINS) Architecture and Capacity Planning . It can be downloaded from the Microsoft web site at http://www.microsoft.com.

7.1.2 The lmhosts File

In Chapter 3 we showed you how to configure Windows systems to use the LMHOSTS file as an alternative to the WINS server for name resolution. Samba also can use an LMHOSTS file, which by default is /usr/local/samba/lib/lmhosts . Samba's lmhosts is the same format as the Windows version. A simple lmhosts file might look like this:

 172.16.1.1    toltec 172.16.1.6    maya 

The names on the right side of the entries are NetBIOS names, so you can assign resource types to them and add additional entries for computers:

 172.16.1.1    toltec#20 172.16.1.1    metran#1b 172.16.1.6    maya#20 

Here, we've made toltec the primary domain controller of the METRAN domain on the second line. This line starts with toltec 's IP address, followed by the name metran and the resource type <1B>. The other lines are entries for toltec and maya as standard workstations.

If you wish to place an lmhosts file somewhere other than the default location, you will need to notify the nmbd process upon startup using the -H option, followed by the name of your lmhosts file, as follows :

 #  nmbd -H /etc/samba/lmhosts -D  

7.1.3 Configuring Name Resolution for the Samba Suite

Various daemons and tools in the Samba suite need to perform name resolution. You can define the order in which the programs try each name-resolution method through the name resolve order parameter, like this:

 [global]     name resolve order = wins lmhosts hosts bcast 

The string used to define the parameter can take up to four values:

lmhosts

Uses the Samba server's local lmhosts file

hosts

Uses the standard Unix name-resolution methods, which can be /etc/hosts , DNS, NIS, or a combination, depending on how the local system is configured

wins

Uses the WINS server

bcast

Uses the broadcast method

The order in which they are specified is the order in which name resolution will be attempted. In our example, Samba will attempt to use its WINS server first for name resolution, followed by the lmhosts file on the local system. Next, the hosts value tells it to use Unix name-resolution methods. The word hosts can be misleading; it covers not only the /etc/hosts file, but also the use of DNS or NIS (as configured on the Unix host). Finally, if those three do not work, it will perform a broadcast name resolution.

7.1.4 Setting Up Samba as a WINS Server

You can set up Samba as a WINS server by setting the wins support parameter in the configuration file, like this:

 [global]     wins support = yes 

Believe it or not, that's all you need to do! The wins support option turns Samba into a WINS server. For most installations, Samba's default configuration is sufficient.

Remember, Samba cannot communicate with Windows WINS servers. If you are using Samba as your WINS server, you must make sure not to allow any Windows systems or other Samba servers on your network to be configured as WINS servers. If you do, their WINS databases will not synchronize, resulting in inconsistent name resolution.

7.1.4.1 Configuring a DNS proxy

A Samba WINS server can check with the system's DNS server if a requested host cannot be found in its WINS database. With a typical Linux system, for example, you can find the IP address of the DNS server by searching the /etc/resolv.conf file. In it, you might see an entry such as the following:

 nameserver 127.0.0.1 nameserver 172.16.1.192 

This tells us that the Linux system is configured to use a DNS server located at 172.16.1.192. (The 127.0.0.1 is the localhost address and is never a valid DNS server address.)

Now it is a simple matter of using the dns proxy option to tell Samba to use the DNS server:

 [global]     dns proxy = yes 

Although this allows Windows clients to resolve fully qualified Internet domain names through the Samba WINS server, it will work only for domain names that fit within the 15-character limitation of NetBIOS names. For this reason, we recommend you use dns proxy only to act as a supplement to your WINS server, rather than as a replacement for a DNS server.

7.1.5 Setting Up Samba to Use Another WINS Server

You can configure Samba to use a WINS server somewhere else on the network by simply providing it with the IP address of the WINS server. This is done with the global wins server configuration option, as shown here:

 [global]     wins server = 172.16.1.1 

With this option enabled, Samba will direct all WINS requests to the server located at 172.16.1.1. Note that because the request is directed at a single machine, we don't have to worry about any of the problems inherent in broadcasting. However, Samba will not necessarily use the WINS server before other forms of name resolution. The order in which Samba attempts various name-resolution techniques is given with the name resolve order configuration option, which we discussed earlier.

The wins support and the wins server parameters are mutually exclusive; you cannot simultaneously offer Samba as the WINS server and use another system as the server! Typically, one Samba server is set up as the WINS server using wins support , and all other Samba servers are configured with the wins server parameter pointing to the Samba WINS server.

7.1.5.1 Configuring a WINS proxy

If you have a Samba server on a subnet that doesn't have a WINS server, and the Samba server has been configured with a WINS server on another subnet, you can tell the Samba server to forward any name-resolution requests with the wins proxy option:

 [global]     wins server = 172.16.200.12     wins proxy = yes 

Use this only in situations where the WINS server resides on another subnet. Otherwise, the broadcast will reach the WINS server regardless of any proxying.

7.1.6 Name-Resolution Configuration Options

Samba's name-resolution options are shown in Table 7-1.

Table 7-1. Name-resolution options

7.1.6.1 wins support

Samba will provide WINS name service to all machines in the network if you set the following in the [global] section of the smb.conf file:

 [global]     wins support = yes 

The default value is no , which is typically used to allow a Windows NT/2000 server or another Samba server to be the WINS server. If you enable this option, remember that a Samba WINS server currently cannot exchange data with other WINS servers, so do not allow any other WINS servers on the network. When set to yes , this option is mutually exclusive with the wins server parameter.

7.1.6.2 wins server

Samba will use an existing WINS server on the network if you specify the wins server global option in your configuration file. The value of this option is either the IP address or DNS name (not NetBIOS name) of the WINS server. For example:

 [global]     wins server = 172.16.220.110 

or:

 [global]     wins server = wins.metran.cx 

For this option to work, the wins support option must be set to no (the default). Otherwise, Samba will report an error. You can specify only one WINS server using this option.

7.1.6.3 wins proxy

This option allows Samba to act as a proxy to another WINS server, and thus relay name registration and resolution requests from itself to the real WINS server, often outside the current subnet. The WINS server can be indicated through the wins server option. The proxy will then return the WINS response back to the client. You can enable this option by specifying the following in the [global] section:

 [global]     wins proxy = yes 

7.1.6.4 wins hook

This option allows you to run a script or other program whenever the WINS database is modified. One application might be to set up another Samba server to act as a backup for another Samba WINS server. This is done by having the wins hook script call rsync to synchronize the WINS databases ( /usr/local/samba/var/locks/wins.dat ) on the two systems whenever an entry is added or deleted. The script would be specified in the Samba configuration file like this:

 [global]     wins hook = /usr/local/bin/sync_wins 

7.1.6.5 dns proxy

If you want the DNS to be used if a NetBIOS name isn't found in WINS, you can set the following option:

 [global]     dns proxy = yes 

This will permit nmbd to query the server's standard DNS. You might wish to deactivate this option if you do not have a permanent connection to your DNS server. This option should not be used in place of a DNS server on your network; it is intended for resolving NetBIOS names rather than fully qualified Internet domain names.

7.1.6.6 name resolve order

The global name resolve order option specifies the order of services that Samba will use in performing name resolution. The default order is to use the lmhosts file, followed by standard Unix name-resolution methods (some combination of /etc/hosts , DNS, and NIS), then to query a WINS server, and finally to use broadcasting to determine the address of a NetBIOS name. You can override this option by specifying something like the following:

 [global]     name resolve order = lmhosts wins hosts bcast 

This causes resolution to use the lmhosts file first, followed by a query to a WINS server, the /etc/hosts file, and finally broadcasting. You need not use all four options. This option is covered in more detail in Section 7.1.4, earlier in this chapter.

7.1.6.7 max ttl

This option is used when Samba is not acting as a WINS server but is using another system on the network for its WINS server. It sets the maximum T T L for NetBIOS names registered by the Samba server with the WINS server. You should never need to alter this value.

7.1.6.8 max wins ttl

This option is used when Samba is providing WINS name service, and it sets the maximum T T L for NetBIOS names registered with Samba. You should never need to change this value from its default.

7.1.6.9 min wins ttl

This option is used when Samba is providing WINS name service, and it sets the minimum T T L for NetBIOS names registered with Samba. You should never need to alter this value from its default.