TCP/IP-based services use IP addresses to identify each other, but users and applications frequently require computer names for host identification. A name resolution mechanism must be available on a TCP/IP network to resolve names to IP addresses.
To resolve a name to an IP address, the Windows XP Professional resolver first submits the name query to DNS. If DNS name resolution fails, the resolver checks the length of the name. If it is longer than 15 bytes, resolution fails. If not, the resolver then checks to determine whether NetBIOS is running. If it is not running, resolution fails. If it is running, the resolver then tries NetBIOS name resolution. Figure 22-4 illustrates this process.
Figure 22-4: Overview of name resolution
Windows XP Professional provides several different types of name resolution, including DNS, WINS, Hosts and Lmhosts files, and broadcast. Generally, a Windows XP Professional based computer uses a combination of name-resolution types, to be chosen by the user.
Windows XP Professional supports DNS dynamic update. Dynamic update is a standard, specified in RFC 2136, that provides a means of dynamically updating host data in a DNS database. Updates can come from DNS clients and/or DHCP servers. For more information about dynamic update, see Configuring Dynamic Update later in this chapter.
Choosing a Name Resolution Method
Windows XP Professional provides four methods for resolving names to IP addresses:
Domain Name System (DNS), accomplished by querying DNS servers. This is for applications and services that require host-to-IP name resolution.
NetBIOS name resolution, accomplished by querying WINS servers. This is included for compatibility reasons for applications and services that require NetBIOS-to-IP name resolution, such as the browsing function of Microsoft WindowsNT 4.0, Windows98, and Windows 95.
IP Host and NetBIOS name resolution, accomplished through Hosts files and Lmhosts files respectively. These provide host name-to-IP and NetBIOS name-to-IP name resolution through manually maintained local files.
NetBIOS name resolution, accomplished by means of b-node broadcasts. B-node broadcasts are used for name resolution within the local subnet.
For Windows XP Professional based clients, you need to determine whether the client needs to be configured to use DNS, WINS, or a combination of the two. In general, DNS is needed under the following circumstances:
The client is a member of an Active Directory domain. Active Directory uses DNS as its locator service and is tightly integrated with it. A locator service assists clients in finding other hosts and services, using only the domain names.
The client accesses the Internet.
The client is on a network that uses DNS to resolve host names.
Windows XP Professional supports NetBIOS over TCP/IP for backward compatibility with earlier versions of Windows. If a WINS server is available within your network, configure your Windows XP Professional based computer to use WINS if the client uses applications or services that require NetBIOS name resolution.
If a WINS server is not available, configure the Windows XP Professional client to use Lmhosts for NetBIOS name resolution. If this is not possible, NetBIOS name resolution is provided by broadcasts, which cannot be used to resolve host names that are outside the local subnet.
You also need to determine whether autoconfiguration is available at the DHCP server. If you use DHCP for autoconfiguration, a DHCP server can provide client configuration details (including subnet mask, DNS and WINS servers, and other options). If you do not use DHCP, you must manually configure these parameters.
Configuring DNS Settings
DNS is the default name resolution method for Windows XP Professional clients, and is required for their integration into a Windows based Active Directory domain. However, in order for the network to use this method of name resolution, DNS must be properly configured. Table 22-1 indicates where you can find information about the DNS settings that you need to configure.
Table 22-1: DNS Configuration Topics
To configure this DNS setting
refer to this section
Configure domain name
Configuring DNS to Resolve Host Names and Domain Names
Configure primary DNS suffix
Configure connection-specific DNS suffix
Specify addresses of available DNS servers
Specifying DNS Servers
Specify how DNS client should resolve host names
Configuring DNS Query Settings
Optimize local DNS cache
DNS Caching, Network Prioritization and Security
Prevent DNS client from accepting non-queried servers
Configure dynamic update, if used
Configuring Dynamic Update
Configuring DNS to Resolve Host Names and Domain Names
DNS provides name-to-IP mapping by means of a distributed database. In general, each organization runs its own DNS servers and maintains the name mapping database records, or resource records, for its domain. When a name resolution request is made, a DNS server first checks its own records for the corresponding IP address. If it does not have the answer, it will query other DNS servers for the information.
A Windows XP Professional client configured for DNS name resolution can utilize one or more DNS servers for name-resolution services. This section describes the procedures for performing the following tasks:
Configuring DNS host name and domain names
Configuring DNS query settings
Specifying DNS servers
DNS caching, network prioritization, and security
Table 22-2 summarizes the differences between each kind of name used in TCP/IP in Windows 2000 and Windows XP Professional. By default, the host name, a period, and the primary DNS suffix are concatenated to create a fully qualified domain name (FQDN) for the computer.
Table 22-2: DNS and NetBIOS Names
Name Type
Description
NetBIOS name
A NetBIOS name is used to uniquely identify a NetBIOS service that is listening on the first IP address that is bound to an adapter. This unique NetBIOS name is resolved to the IP address of the server through broadcast, WINS, or the Lmhosts file. By default, it is the same as the host name and can be up to 15 characters long.
The NetBIOS name is also known as a NetBIOS computer name.
For example, a NetBIOS name might be client1.
Host name
The term host name can mean either the FQDN, or the first label (or part) of an FQDN. In this chapter, host name refers to the first label of an FQDN. For example, the first label of the FQDN client1.reskit.com is client1.
The host name is also often referred to as the Computer name (as opposed to Full computer name, which is used to represent the full DNS computer name).
Primary DNS suffix
Every Windows XP Professional and every Windows 2000 Server based computer can be assigned a primary DNS suffix to be used in name resolution and name registration. The primary DNS suffix is specified on the Computer Name tab of the My Computer properties sheet.
The primary DNS suffix is also known as the primary domain name and the domain name.
For example, the FQDN client1.reskit.com has the primary DNS suffix reskit.com.
Connection-specific DNS suffix
The connection-specific DNS suffix is a DNS suffix that is assigned to an adapter.
The connection-specific DNS suffix is also known as an adapter DNS suffix.
For example, a connection-specific DNS suffix might be reskit.com.
Fully qualified domain name (FQDN
The FQDN is a DNS name that uniquely identifies the computer on the network. By default, it is a concatenation of the host name, the primary DNS suffix, and a period.
The fully qualified domain name is also known as the full computer name.
For example, an FQDN might be client1.reskit.com.
DNS and NetBIOS Names
The DNS host name is taken from the computer name assigned to it during Windows XP Professional installation. The host name can be 63 bytes (or characters) long, and uses the character set specified in RFC 2181. The host name is used in combination with the primary domain name to form the fully qualified domain name (FQDN).
The NetBIOS computer name is used to identify the local computer for authentication by hosts and tools that use NetBIOS over TCP/IP (NetBT) for name resolution. NetBIOS names contain 15 bytes. In a new Windows XP Professional installation, the NetBIOS name is initially taken from the assigned DNS host name. If the DNS host name exceeds 15 bytes, the host name is shortened to form the NetBIOS computer name. For more information about NetBIOS names, see Configuring NetBIOS Name Resolution later in this chapter.
You can change the DNS host name after installation, by means of the Computer Name tab in the System dialog box. When you do this, the same change will be made to the NetBIOS computer name, to the degree that the new name is in accordance with NetBIOS naming rules.
To change the DNS host name
In Control Panel, select Performance and Maintenance.
In the Performance and Maintenance Connections sheet, select System.
In the System Properties sheet (as shown in Figure 22-5), select the Computer Name tab.
Figure 22-5: Computer Name tab
Click Change.
Type the new host name in the Computer name text box, and click OK.
When prompted, click Yes to restart the computer.
Note
If you enter a name that includes characters other than a-z, A-Z, 0-9 and - , a warning message appears suggesting that you use only these characters.
In Windows 95, Windows 98, and Windows NT, NetBIOS is used to name the computer. If a Windows XP Professional based computer has been migrated from an earlier version of Windows, its host name is taken from the preexisting NetBIOS-based computer name. In a network that contains hosts that are not running Windows XP Professional or Windows 2000, this might present problems, because some characters that are allowed in NetBIOS names are not supported as legal characters in DNS names.
Primary DNS Suffix
The primary DNS suffix is the name of the DNS domain to which the host belongs. If a Windows XP Professional based computer is a member of an Active Directory domain, its primary DNS domain name is set by default to the DNS name of its Active Directory domain. This information is provided during Windows XP Professional installation, during migration to Windows XP Professional, or when the computer joins a Windows 2000 domain.
If a computer is a member of a workgroup, or a member of a Windows NT domain, a DNS suffix is not automatically indicated. In such a circumstance, you can manually specify the primary DNS suffix.
To set or change the primary DNS suffix
In Control Panel, select Performance and Maintenance Connections.
In the Performance and Maintenance sheet, select System.
In the System Properties sheet, select the Computer Name tab.
Click Change.
Click More.
In the Primary DNS suffix of this computer text box, type the primary DNS suffix, and then click OK.
When a Windows XP Professional based computer changes membership in an Active Directory domain, its DNS domain membership can be changed as well. To allow Windows XP Professional to automatically change the computer s primary DNS domain name when its Active Directory domain membership changes, make sure that the checkbox for Change DNS domain name when domain membership changes is selected (it is selected by default).
Connection-Specific Domain Name
Windows XP Professional permits each adapter to have a unique domain name, known as the connection-specific domain name.
For example, suppose the computer Client1 has the primary DNS suffix reskit.com, and it is connected to both the Internet and the corporate intranet. For each connection, you can specify a connection-specific domain name. For the connection to the Internet, you specify the name isp01.com, and the FQDN is then Client1.isp01.com.
Connection-specific domain names for each adapter can be assigned dynamically by DHCP server or can be specified manually.
To set or change the connection-specific DNS suffix
In Control Panel, under Pick a Category, selectNetwork and Internet Connections.
On the Network and Internet Connections sheet, under pick a Control Panel icon, select Network Connections.
In Network Connections, right-click the local area connection you want to modify, and then select Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
Click Advanced.
Select the DNS tab.
In the DNS suffix for this connection text box, type the domain name for the connection. Then click OK.
You can also specify whether a dynamic update client registers the computer s FQDN containing the connection-specific DNS suffix. For more information about this configuration, see Configuring Dynamic Update later in this chapter.
Fully Qualified Domain Name
By default, the primary DNS suffix combines with the host name to create a fully qualified domain name (FQDN). During DNS queries, the primary DNS suffix, connection-specific suffix(es), and devolved primary DNS suffixes could be appended to a single-label name, for example, client1. In that form, the name could then be submitted for DNS name resolution. In this example, when querying the DNS server for the IP address of client1, the primary DNS suffix reskit.com is appended to the shorter name client1, and the DNS server is actually asked to resolve the FQDN client1.reskit.com.
Note
If an entry is specified in the Search these DNS domains (in order) box on the DNS tab of the Advanced TCP/IP Settings dialog box, that entry is used instead of the DNS suffixes to create an FQDN.
DNS Naming Restrictions
Different DNS implementations impose different character and length restrictions. Table 22-3 shows the restrictions for each implementation.
Table 22-3: Naming Restrictions
Restriction
Standard DNS (as included in Windows NT 4.0 )
DNS in Windows XP Professional and Windows 2000 Server
NetBIOS
Characters
Supports RFC 1123, which permits A-Z, a-z, 0-9, and the hyphen (-).
Supports RFC 2181, which permits more characters than RFC 1123. It is advisable, however, to use only the characters permitted by RFC 1123.
Unicode characters, numbers, white space, and these symbols:
! @ $ % ^ & ) ( . - _ { } ~
Computer/host name length
63 octets per label and 255 bytes for FQDN.
63 octets per label and 255 bytes for FQDN.
15 octets.
According to RFC 1123, the only characters that can be used in DNS labels are A-Z, a-z, 0-9, and the hyphen (-). The period (.) character is also used in DNS names, but only between DNS labels and at the end of a FQDN. Many DNS servers, including Windows NT 4.0 DNS servers, follow RFC 1123.
Compliance with RFC 1123 can present a problem, however, on Windows XP Professional based or Windows 2000 based computers that are upgraded from Windows NT 4.0. During the upgrade from WindowsNT 4.0 to Windows2000 or Windows XP Professional, a computer s host name (also known as Computer name) is set to the computer s WindowsNT4.0 NetBIOS name. NetBIOS names can use characters that are illegal in DNS names according to RFC 1123, and it can be time-consuming to convert all of the NetBIOS names to standard DNS names that are compliant with RFC 1123.
To simplify the migration process from Windows NT 4.0 and Windows 2000, DNS servers support a wider character set. RFC 2181, Clarifications to the DNS Specification, extends the character set allowed in DNS names. Based on this definition, the Windows 2000 DNS servers have been adjusted to accommodate UTF-8 character encoding, a larger character set. as described in RFC 2044. UTF-8 character encoding is a superset of ASCII and a translation of UCS-2 (also known as Unicode) character encoding. The UTF-8 character set includes characters from most of the world s written languages, allowing a greater range of possible names.
Before using the extended character set, you must consider the following:
If a client name containing characters not in compliance with RFC 1123 is to be used, all DNS servers to which the client is to be registered must support RFC 2181. Avoid using UTF-8-compliant host names that contain characters other than those specified in RFC 1123 if your network includes any DNS servers that do not comply with this standard.
Some third-party resolver software supports only the characters listed in RFC 1123. Computers in your network using such software probably cannot look up clients with names that include nonstandard characters.
DNS Query Process
The DNS resolver attaches a domain name suffix to a name specified in a query, if the name meets either of the following conditions:
The name is a single-label unqualified (that is, non-dot-terminated) name.
The name is a multiple-label unqualified (that is, non-dot-terminated) name and the resolver cannot resolve it as a fully qualified domain name.
The query process is shown in Figure 22-6 (part 1) and Figure 22-7 (part 2).
Figure 22-6: DNS name resolution, part 1
Figure 22-7: DNS name resolution, part 2
Adding Suffixes to Queries
You can use the DNS tab in the Advanced TCP/IP Settings dialog box to configure how suffixes are added to queries.
Figure 22-8 shows the DNS tab of the Advanced TCP/IP Settings dialog box.
Figure 22-8: Advanced TCP/IP Settings DNS tab
The option Append primary and connection specific DNS suffixes is selected by default. When enabled, it causes the resolver to append the primary DNS suffix to the name submitted for DNS name resolution, as defined on the Computer Name tab of the System Properties sheet, as well as the DNS suffix as defined in the DNS suffix for this connection field of each network connection.
For example, if your primary DNS suffix is dom1.acquired01-int.com, and this suffix is queried for the unqualified (non-dot-terminated) single-label name client1, the resolver queries for the following FQDN: client1.dom.acquried01-int.com.
If the query in the previous step fails, and if you have specified a connection-specific DNS suffix in the DNS suffix for this connection box or if the suffix is assigned by a DHCP server, the resolver appends that suffix.
For example, if you entered the name acquired01-ext.com in the DNS suffix for this connection box and then queried for the unqualified, single-label name client1, the resolver queries for the following FQDN: client1.acquired01-ext.com.
If the query in the previous step fails, and if the Append parent suffixes of the primary DNS suffix option is selected (it is selected by default): the resolver performs name devolution on the primary DNS suffix; that is, it strips off the leftmost label, and attempts to devolve the resulting domain name until only two labels remain.
For example, if your primary DNS suffix is dom1.acquired01-int.com, and you selected the check box Append parent suffixes of the primary DNS suffix and then queried for the unqualified, single-label name client1, the resolver queries the following FQDN: client1.acquired01-int.com.
You can disable the name devolution option on the DNS tab of the Advanced TCP/IP Settings dialog box.
To disable name devolution
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area connection that you want to change, and then select Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
Click Advanced, and then click the DNS tab.
Clear the check box Append parent suffixes of the primary DNS suffix.
Click OK.
The text box Append these DNS suffixes (in order) allows you to specify a list of domains to try, called a domain-suffix search list. If you enter a domain suffix search list, the resolver adds those domain name suffixes in order and does not try any other domain names. For example, if the Append these DNS suffixes (in order) box includes the names listed in Figure 22-8 and you enter the unqualified, single-label query coffee, the resolver looks for fully qualified domain names in this order:
coffee.redmond.reskit.com.
coffee.reskit.com.
coffee.com.
To add entries to the domain-suffix search list
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet select Network Connections.
In Network Connections, right-click the local area connection that you want to change, and then select Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
Click Advanced.
Click the DNS tab.
Select Append these DNS suffixes (in order).
Click Add.
To add a domain suffix to the list, type the domain suffix(es) that you want to include, and click Add.
- or -
To remove a domain suffix from the list, select the domain suffix, and then click Remove.
To change the domain suffix search order, select a suffix, and then click the up-arrow or down-arrow button to move the suffix up or down the list.
Specifying DNS Servers
When a name is submitted to the DNS resolver (client) for name resolution, the Windows XP Professional resolver first checks the local cache. If the requested data is in the cache, the data is returned to the user. If the data is not in the cache, the resolver queries the DNS servers that are listed in the TCP/IP properties for each adapter.
The resolver can query through all of the computer s network connections, including remote access connections. In Windows NT 4.0, the resolver queries all servers through all adapters. In Windows2000 and Windows XP Professional, however, you can specify a list of DNS servers to query for each adapter.
Figures 22-9 (part 1), 22-10 (part 2), and 22-11 (part 3) illustrate the process by which the resolver queries the servers on each adapter.
Querying DNS Servers
Windows XP Professional allows multiple DNS servers to be specified. The first DNS server specified, known as the preferred DNS server, can be followed by an unlimited number of alternate DNS servers. The resolver queries the DNS servers in the following order:
The resolver sends the query to the first server on the preferred adapter s search list and waits one second for a response.
If the resolver does not receive a response from the first server within the allotted time, it sends the query to the first DNS server on the search list of each adapter still under consideration. The resolver waits two seconds for a response.
If the resolver does not receive a response from any server within this allotted time, the resolver sends the query to all DNS servers on all adapters still under consideration and waits another two seconds for a response.
If the resolver still does not receive a response from any server within this time period, it sends the query to all DNS servers on all adapters still under consideration and waits four seconds for a response.
If, after these four seconds, the resolver does not receive a response from any server, it sends the query to all DNS servers on all adapters still under consideration and waits eight seconds for a response.
If the resolver receives a positive response within that time, it stops querying for the name, adds the response to the cache, and returns the response to the client.
Figure 22-9: Querying the DNS server, part 1
Figure 22-10: Querying the DNS server, part 2
Figure 22-11: Querying the DNS server, part 3
If it has not received a response from any server within those eight seconds, the resolver responds with a time-out. Also, if it has not received a response from any server on a specified adapter s search list, then for the next 30 seconds, the resolver responds to all queries destined for servers on that adapter s search list with a time-out and does not query those servers.
If, at any point, the resolver receives a negative response from a server, it removes every server connected to that adapter from consideration during this search. For example, if in step 2, the first server on alternate adapter A gave a negative response, the resolver would not send the query to any other server on the list for alternate adapter A.
The resolver also keeps track of which servers answer queries more quickly, and might move servers up or down on the list based on how quickly they reply to queries.
If all DNS servers on an adapter are queried and none reply, either positively or negatively, all subsequent name queries to any server listed on that adapter will fail for a default period of 30 seconds. This feature decreases network traffic.
Figure 22-12 shows how the resolver queries each server on each adapter.
Figure 22-12: Name resolution for a multihomed client
To specify a preferred and alternate DNS server
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change, and then click Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
On the General tab of the TCP/IP Properties sheet, select the method to be used to access the DNS servers for your network:
If a DHCP server is available for automatic IP addressing and is configured to provide parameters for automatic DNS server configuration, select Obtain DNS server address automatically.
If the IP addresses for the DNS servers are to be manually configured, select Use the following DNS server addresses option button. Type the IP addresses of the preferred and alternate DNS servers in the appropriate boxes.
To specify additional alternate DNS servers
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
On the General tab of the Network Connections Properties sheet, click Advanced.
Click the DNS tab.
Under DNS server addresses, in order of use, click Add.
Type the IP address of the DNS server that you want to add.
Click Add.
To remove an IP address from the list, select it, and then click Remove.
The order of the IP addresses, and thus the search order, can be rearranged as needed to reflect changes in name server availability or performance, or to implement load balancing.
To set the DNS server search order
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
Right-click Local Area Connections, and click Properties.
On the General tab, in the Local Area Connection Properties dialog box, select Internet Protocol (TCP/IP), and click Properties.
On the General tab, in the Internet Protocol (TCP/IP) dialog box, click Advanced.
In the Advanced TCP/IP Settings dialog box, click the DNS tab.
In the DNS server addresses, in order of use box, select the IP address of the DNS server that you want to reposition.
Click the up-arrow or down-arrow button to reposition the selected IP address within the list of DNS servers, and click OK.
DNS Caching, Network Prioritization, and Security
The default settings of DNS might need to be changed in order to optimize the performance and security of the Windows XP Professional DNS client. You can make configuration changes in order to:
Configure caching and negative caching.
Configure Subnet prioritization.
Prevent the resolver from receiving responses from nonqueried servers.
Configuring Caching and Negative Caching
When the Windows XP Professional resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, thus creating a DNS resource record. The resolver always checks the cache before querying any DNS server, so if a DNS resource record is in the cache, the resolver uses the record from the cache rather than querying a server. This expedites queries and decreases network traffic for DNS queries.
You can use the Ipconfig tool to view and to flush the DNS resolver cache.
To view the DNS resolver cache
At the command prompt, type:
ipconfig /displaydns
Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records preloaded from the Hosts file as well as any recently queried names that were resolved by the system.
After a certain amount of time, specified in the Time to Live (TTL) associated with the DNS resource record, the resolver discards the record from the cache. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer.
To flush the cache manually by using Ipconfig
At the command prompt, type:
ipconfig /flushdns
The local Hosts file is preloaded into the resolver s cache and reloaded into the cache whenever Hosts is updated.
The length of time for which a positive or negative response is cached depends on the values of entries in the following registry subkey:
The TTL for positive responses is the lesser of the following values:
the number of seconds specified in the query response the resolver received
the value of the registry entry MaxCacheEntryTtlLimit
The default TTL for positive responses is 86,400 seconds (1 day).
The TTL for negative responses is the number of seconds specified in the registry entry NegativeCacheTime.
The default TTL for negative responses is 300 seconds. If you do not want negative responses to be cached at all, set the value of NegativeCacheTime to 0.
Caution
Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference in the Microsoft Windows 2000 Server Resource Kit at http://www.microsoft.com/reskit
Configuring Subnet Prioritization
Each DNS database consists of resource records. In general, resource records contain information related to a particular host computer, such as its IP address, owner of the host, or the type of services it provides. Table 22-4 lists some of the common types of resource records.
Table 22-4: Common Types of Resource Records
Resource Record Type
Description
Explanation
SOA
Start of Authority
This record designates the start of a zone. It contains information such as the name of the zone, the e-mail address of the zone administrator, and settings that control how secondary DNS servers update the zone data files.
A
Address
This record lists the IP address of a particular host name. This is the key record for name resolution.
PTR
Pointer
This record designates a reverse mapping of a host IP address to a host DNS domain name.
CNAME
Canonical Name
This record specifies an alias or nickname for the standard (canonical) host name.
MX
Mail Exchanger
This record lists the host computer that is responsible for receiving e-mail sent to a domain.
NS
Name Server
This record specifies the name server responsible for a given zone.
If the resolver receives multiple IP address mappings (A resource records) from a DNS server, and some of the records have IP addresses from networks to which the computer is directly connected, the resolver places those resource records first. This reduces network traffic across subnets by forcing computers to connect to network resources that are closer to them.
For example, suppose there are three Web servers that all host the Web page for http://www.reskit.com/ and they are all located on different subnets. The DNS name server for the network contains the following resource records:
When a Windows XP Professional based computer s DNS resolver (client) receives a response to the query for the A record of http://www.reskit.com/ it returns A records in order starting with the IP addresses from subnets to which the computer is directly connected. For example, if a computer with the IP address 172.17.64.93 is queried for http://www.reskit.com/ the resolver returns the resource records in the following order:
Subnet prioritization prevents the resolver from choosing the first IP address returned in the DNS query and using the DNS server s round robin feature (defined in RFC 1794.) With round robin enabled, the server rotates the order of resource records returned when multiple A resource records exist for a queried DNS domain name. Thus, in the example described earlier, if a user queried for http://www.reskit.com/ the name server replies to the first client request by ordering the addresses as follows:
172.16.64.11 172.17.64.22 172.18.64.33
It replies to the second client request by ordering the addresses as follows:
172.17.64.22 172.18.64.33 172.16.64.11
It replies to the third client request by ordering the addresses as follows:
172.18.64.33 172.16.64.11 172.17.64.22
With round robin enabled, if clients are configured to use the first IP address in the list that they receive, different clients will use different IP addresses, thus balancing the load among multiple network resources with the same name. However, if the resolvers are configured for subnet prioritization, the resolvers reorder the list to favor IP addresses from networks to which they are directly connected, reducing the effectiveness of the round robin feature.
Although subnet prioritization does reduce network traffic across subnets, in some cases you might prefer to have the round robin feature work as described in RFC 1794. If so, you can disable the subnet prioritization feature on your clients by adding the registry entry PrioritizeRecordData with a value of 0 (REG_DWORD data type) in the following registry subkey:
Preventing the Resolver from Accepting Responses from Nonqueried Servers
By default, the resolver accepts responses from servers that it did not query, as well as from those it did. This presents a possible security liability, in that unauthorized DNS servers might pass along invalid A resource records for the purpose of misdirecting subsequent DNS queries. If you want to disable this feature, add the registry entry QueryIpMatching with a value of 1 (REG_DWORD data type) to the following registry subkey:
Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference in the Microsoft Windows 2000 Server Resource Kit at http://www.microsoft.com/reskit
Configuring Dynamic Update
Windows XP Professional based computers can dynamically update DNS entries in a manner compliant with RFC 2136. Dynamic update allows clients and servers to register DNS domain names (PTR resource records) and IP address mappings (A resource records) to an RFC 2136 compliant DNS server. This frees administrators from the time-consuming process of manually updating DNS entries.
Using Windows XP Professional, clients can send dynamic updates through three types of network connections: DHCP configured connections, statically configured connections, and remote access connections. By default, the DNS client on Windows XP Professional does not attempt dynamic update over a Remote Access or Virtual Private Network (VPN) connection. Regardless of which connection type is used, the DHCP client service sends dynamic updates to the authoritative DNS server. The DHCP client service runs on all computers regardless of whether they are configured as DHCP clients.
Configuring Dynamic Update for DHCP Clients
By default in Windows XP Professional, the DHCP client feature is configured to request that the client register the A resource record, and that the DHCP server register the PTR resource record. By default, the name used in the DNS registration is a concatenation of the computer name and the primary DNS suffix. You can change this default by using the TCP/IP Properties sheet for your network connection.
To change the dynamic update defaults on the dynamic update client
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet, selectNetwork Connections.
In Network Connections, right-click the local area network connection that you want to change, and then click Properties.
Right-click the connection that you want to configure, and then click Properties.
Select Internet Protocol (TCP/IP), click Properties, click Advanced, and then select the DNS tab.
To configure the client to make no requests for DNS registration, cancel the selection of Register this connection s address in DNS. Under this configuration, the client will not attempt to register any A or PTR DNS records corresponding to this connection.
- or -
To change the dynamic update default, select Use this connection s DNS suffix in DNS registration.
If you choose to select Use this connection s DNS suffix in DNS registration, the client requests that the server update the PTR record, using the name that is a concatenation of the computer name and the connection-specific DNS suffix. If the DHCP server is configured to register DNS records according to the client s request, the client will then register the following:
The PTR record, using the name that is a concatenation of the computer name and the primary DNS suffix.
The A record, using the name that is a concatenation of the computer name and the primary DNS suffix.
The A record, using the name that is a concatenation of the computer name and the connection-specific DNS suffix.
Statically Configured and Remote Access Clients
Statically configured clients and remote access clients do not communicate with the DHCP server.
Statically configured Windows XP Professional clients dynamically update their A and PTR resource records every time they start, just in case the records become corrupted in the DNS database.
Remote access clients dynamically update their A and PTR resource records when a dial-up connection is made. They also attempt to cancel the registration of the A and PTR resource records when the user terminates the connection. However, if a remote access client fails to cancel the registration of a resource record within four seconds, it terminates the connection and the DNS database contains a stale record. If the remote access client fails to de-register a resource record, it adds a message to the event log, which you can view by using the Event Viewer. The remote access client never deletes stale records.
Note
By default, the DNS client on Windows XP Professional and Windows XP Home Edition do not attempt dynamic update over a Remote Access Service or Virtual Private Network connection.
Multihomed Clients
If a dynamic update client is multihomed (has more than one adapter and associated IP address), by default it registers DNS A record(s) containing the first IP address on each network connection. If you do not want the dynamic update client to register all of its IP addresses, you can configure it to not register A and PTR records containing the IP address(es) of one or more network connections. For more information about multihoming, see Configuring TCP/IP in this book.
To prevent the computer from registering A and PTR records containing the IP address on a specific network connection
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change, and then click Properties.
Select Internet Protocol (TCP/IP), click Properties, click Advanced, and then select the DNS tab.
Clear the Register this connection s address in DNS check box.
The dynamic update client does not register all IP addresses with all DNS servers. For example, Figure 22-13 shows a multihomed computer, client1.noam.reskit.com, which is connected to both the Internet and the corporate intranet. Client1 is connected to the intranet by adapter A, a DHCP adapter with the IP address 172.16.8.7. Client1 is also connected to the Internet by adapter B, a remote access adapter with the IP address 131.107.0.16. Client1 resolves intranet names by using a name server on the intranet, NoamDC1, and resolves Internet names by using a name server on the Internet, ISPNameServer.
Figure 22-13: Dynamic update for multihomed clients
Note that although Client1 is connected to both networks, the IP address 172.16.8.7 is reachable only through adapter A, and the IP address 131.107.99.1 is reachable only through adapter B. Therefore, when the dynamic update client registers the IP addresses for Client1, it does not register both IP addresses with both name servers. Instead, it registers the name-to-IP address mapping for adapter A with NoamDC1 and the name-to-IP address mapping for adapter B with ISPNameServer.
Disabling Dynamic Update
Dynamic update is configured on Windows XPProfessional clients by default. Dynamic update can be disabled for all network interfaces on the computer by adding the registry entry DisableDynamicUpdate with a value of 1 (REG_DWORD data type) to the following registry subkey:
Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference in the Microsoft Windows 2000 Server Resource Kit at http://www.microsoft.com/reskit
To disable dynamic update for the network interface card with the device ID of interface, add the entry DisableDynamicUpdate with a value of 1 (REG_DWORD data type) to the following registry subkey:
If this entry exists in both the Interfaces subkey and the specific interface-name subkey, the more global of the two subkeys takes precedence.
Editing Hosts Files
For networks without access to a DNS name server, the creation of a local host table file, called a Hosts file, can provide host name resolution for applications and services. This file can also be used in an environment where name servers are available, but not all hosts are registered. For example, a Hosts file can be used for a server that is not available for general use, but is only to be accessed by a limited number of clients. This file must be manually created, and must be updated as host names and addresses change.
TCP/IP in Windows XP Professional can be configured to search Hosts for mappings of remote host names to IP addresses. The Hosts file format is the same as the format for host tables in the 4.3 Berkeley Software Distribution (BSD) UNIX /etc/Hosts file. For example, the entry for a computer with an address of 192.176.73.6 and a host name of client1.reskit.com looks like this:
192.176.73.6 client1.reskit.com
The Hosts file can be created and modified with an ordinary text editor. An example of the Hosts format is provided in the file named Hosts in the Windows XP Professional systemroot\System32\Drivers\Etc directory That Hosts file can be edited to include remote host names and IP addresses for each computer with which you communicate.
Configuring NetBIOS Name Resolution
Microsoft TCP/IP uses NetBIOS over TCP/IP (NetBT) as specified in RFCs 1001 and 1002, which define a software interface that supports name resolution for NetBIOS client and server programs in the LAN and WAN environments. Although DNS is the default name-resolution method for Windows XP Professional, NetBT is still provided to support NetBIOS methods of name resolution for clients running versions of Windows earlier than Windows 2000, and for Windows 2000 domains and Windows XP Professional and Windows 2000 workgroups that do not implement Active Directory.
The following discussion describes the types of name-resolution methods that are available through NetBIOS over TCP/IP (including WINS) and contains procedures for configuring the different resolution methods.
NetBIOS Name-Resolution Basics
RFCs 1001 and 1002 define the following four node types:
B-node. Uses broadcasts to resolve names.
P-node. Uses point-to-point communications with a NetBIOS server (such as a WINS server) to resolve names.
M-node. Uses broadcasts first (b-node), then uses directed name queries (p-node) if broadcasts are not successful.
H-node. Uses name queries first (p-node), and then uses broadcasts (b-node) if the name server is unavailable or if the name is not registered in the WINS database.
A fifth node type is unique to the Windows implementation of IP name resolution and is defined by Microsoft:
Microsoft-enhanced. Uses the local Lmhosts file plus Windows Sockets gethostbyname( ) calls (using standard DNS and/or local Hosts files) in addition to standard node types.
Windows includes a NetBIOS name server known as the Windows Internet Name Service (WINS). If WINS is enabled on a Windows XP Professional based computer, the system uses h-node by default. Without WINS, the system uses b-node by default. Non-WINS clients can access WINS through a WINS proxy, which is a WINS-enabled computer that listens to name query broadcasts and then queries the WINS server on behalf of the requesting client.
To see which node type is configured on a Windows XP Professional based computer
At the command prompt, type:
ipconfig /all
The node type is indicated to the right of the heading Node type.
Using a name server to locate resources is generally preferable to broadcasting, for two reasons:
Broadcasts are not usually forwarded by routers. Therefore, only local subnet NetBIOS names can be resolved.
Broadcast frames are processed by all computers on a subnet.
Figures 22-14 (part 1) and 22-15 (part 2) illustrate the NetBIOS name-resolution methods used by Windows XP Professional.
Figure 22-14: NetBIOS name-resolution flowchart, part 1
Figure 22-15: NetBIOS name-resolution flowchart, part 2
Name Resolution Using WINS
Windows Internet Name Service (WINS) is a service that runs on Windows 2000 Server to provide NetBIOS name resolution. It provides a database for registering and querying dynamic NetBIOS name-to-IP address mappings in a routed network environment. You can use WINS either alone or in conjunction with DNS.
WINS reduces the use of local broadcasts for name resolution and allows users to locate computers on remote networks. Furthermore, when dynamic addressing through DHCP results in new IP addresses for computers that move between subnets, the changes are updated automatically in the WINS database. Neither the user nor the network administrator needs to make manual accommodations for name resolution.
WINS consists of two components: the WINS server, which handles name queries and registrations, and the client software (NetBIOS over TCP/IP), which queries for computer name resolution. The IP addresses of a WINS server need to be configured on your Windows XP Professional client to provide NetBIOS name resolution. In a network where dynamic update is not available, a WINS server can provide a DNS server configured for WINS lookup with dynamic updates of host names, provided that WINS is enabled at each client.
A WINS server is a Windows Server based (that is, Windows NT Server version 3.5 or later) computer running the WINS server service. When TCP/IP is implemented under Windows XP Professional, WINS client software is installed automatically. WINS client support is configured with Windows XP Professional to maintain compatibility with computers not running Windows 2000 or Windows XP Professional operating systems, including clients and servers running versions of Windows earlier than Windows 2000.
If there are WINS servers installed on your network, you can use WINS in combination with broadcast name queries to resolve NetBIOS computer names to IP addresses. If you do not use this option, Windows XP Professional can use name query broadcasts (b-node mode of NetBIOS over TCP/IP), and the local Lmhosts file to resolve computer names to IP addresses. However, broadcast resolution is limited to the local network.
Additionally, a WINS server can be used in conjunction with a DNS server to provide dynamic registration of hosts in an environment without DNS update. When configured to use WINS lookup, a DNS server can forward queries to a WINS server for resolution of unknown A resource records for all WINS clients.
If DHCP is used for autoconfiguration, WINS server parameters can be provided by the DHCP server. Otherwise, you must configure information about WINS servers manually. WINS configuration is local for each network adaptor on a computer. The WINS server(s) for one network adaptor on a computer does not necessarily have to be the WINS server(s) for another network adaptor on the same computer.
Configuring WINS
The following procedure describes how to configure WINS and how to enable DHCP
To configure a computer to use WINS for name resolution
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change, and then click Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
If a DHCP server is available, that is configured to provide information on available WINS servers, select Obtain an IP address automatically.
- or -
If the WINS server information is not available from a DHCP server, do the following:
Click Advanced.
Select the WINS tab.
Click Add.
Enter the address of the WINS server, and click Add.
Figure 22-16 shows the WINS tab of the Advanced TCP/IP Settings dialog box.
Figure 22-16: WINS tab of the Advanced TCP/IP Settings dialog box
The order of the IP addresses can be rearranged as needed to reflect changes in name server availability or performance, or to implement load balancing.
To set the WINS server search order
On the WINS tab, under the WINS addresses, in order of use box, select the IP address of the WINS server that you want to reposition.
Click the up-arrow or down-arrow button to reposition the selected IP address within the list of WINS servers.
B-Node Broadcasts and Lmhosts
By default, a Windows XP Professional based computer that is not configured as a WINS client or WINS server is configured as a b-node computer. A b-node computer is one that uses IP broadcasts for NetBIOS name resolution.
IP broadcasts can provide dynamic name resolution by registering address-to-name mappings in the computer s cache. However, IP broadcasts have the following disadvantages:
They can lead to increase network traffic.
They are ineffective in routed networks. Resources located outside the local subnet do not receive name queries that are sent as IP broadcasts, because IP-broadcast packets are not passed to remote subnets by the router (default gateway) on the local subnet.
For networks without access to a WINS name server, Windows XP Professional enables you to manually provide NetBIOS name and IP address mappings for remote computers by using the Lmhosts file. This file can also be used in an environment where name servers are available, but not all hosts are registered; for example, a server that is not available for general use, but is only to be accessed by a limited number of clients.
Selected mappings from the Lmhosts file are maintained in a limited cache of NetBIOS computer names and IP address mappings. This memory cache is initialized when a computer is started. When the computer needs to resolve a name, the cache is examined first and, if there is no match in the cache, Windows XP Professional uses b-node IP broadcasts to try to find the NetBIOS computer. If the IP broadcast name query fails, the complete Lmhosts file is parsed to find the NetBIOS name and the corresponding IP address. This strategy enables the Lmhosts file to contain a large number of mappings, without requiring a large amount of static memory to maintain an infrequently used cache.
The Lmhosts file can be used to map computer names and IP addresses for computers outside the local subnet, an advantage over the b-node broadcast method. You can use the Lmhosts file to find remote computers for network file, print, and remote procedure services. The Lmhosts file is typically used for smaller networks that do not have name servers.
The Lmhosts file is a local text file that maps IP addresses to NetBIOS names. It contains entries for Windows-networking computers located outside of the local subnet. The Lmhosts file is read when WINS or broadcast name resolution fails; resolved entries are stored in a local cache for later access.
You can create an Lmhosts file by using a text editor. Lmhosts is a simple text file. An example of the Lmhosts format is provided in the file named Lmhosts.sam in the Windows XP Professional systemroot\System32\Drivers\Etc directory. This is only an example file. To activate the Lmhosts file, rename Lmhosts.sam to Lmhosts. Edit the Lmhosts file to include remote NetBIOS names and IP addresses for each computer with which you communicate.
The keywords listed in Table 22-5 can be used in the Lmhosts file in Windows XP Professional.
Table 22-5: Lmhosts Keywords
Keyword
Description
\0xnn
Support for nonprinting characters in NetBIOS names. Enclose the NetBIOS name in double quotation marks and use \0xnn notation to specify a hexadecimal value for the character. This enables custom applications that use special names to function properly in routed topologies. However, Microsoft LAN Manager TCP/IP does not recognize the hexadecimal format.
Note that the hexadecimal notation applies only to one character in the name. Use blanks to pad the name so that the special character is last in the string.
BEGIN_ALTERNATE
Used to group multiple INCLUDE statements. Any single successful INCLUDE statement causes the group to succeed.
END_ALTERNATE
Used to mark the end of an INCLUDE statement grouping.
DOM: domain
Part of the computer name-to-IP address mapping entry that indicates that the IP address is a domain controller in the domain specified by domain. This keyword affects how the Browser and Logon services behave in routed TCP/IP environments. To preload a DOM entry, you must first add the PRE keyword to the line. DOM groups are limited to 25 members.
INCLUDE filename
Forces the system to seek the specified filename and parse it as if it were local. Specifying a Uniform Naming Convention (UNC) filename allows you to use a centralized Lmhosts file on a server. If the server on which the specified filename exists is outside of the local broadcast subnet, you must add a preloaded entry for the server.
MH
Part of the computer name-to-IP-address-mapping entry that defines the entry as a unique name that can have more than one address. The maximum number of addresses that can be assigned to a unique name is 25. The number of entries is equal to the number of network adapters in a multihomed computer.
PRE
Part of the computer name-to-IP address mapping entry that causes that entry to be preloaded into the name cache. (By default, entries are not preloaded into the name cache but are parsed only after WINS and name query broadcasts fail to resolve a name.) The PRE keyword must be appended for entries that also appear in INCLUDE statements; otherwise, the entry in the INCLUDE statement is ignored.
SG name
Part of the computer name-to-IP address mapping entry that associates that entry with a user-defined special (Internet) group specified by name. The SG keyword defines Internet groups by using a NetBIOS name that has 0x20 in the 16th byte. A special group is limited to 25 members.
The following example shows how all of these keywords are used:
192.176.94.102 "appname \0x14" #special app server 192.176.94.123 printsrv #PRE #source server 192.176.94.98 localsrv #PRE 192.176.94.97 primary #PRE #DOM:mydomain #PDC for mydomain
#BEGIN_ALTERNATE #INCLUDE \\localsrv\public\lmhosts #adds Lmhosts from this server #INCLUDE \\primary\public\lmhosts #adds Lmhosts from this server #END_ALTERNATE
In the preceding example:
The servers named printsrv, localsrv, and primary are defined, by the #PRE keyword, as entries to be preloaded into the NetBIOS cache at system startup.
The servers named localsrv and primary are defined as preloaded and also identified in the #INCLUDE statements as the location of the centrally maintained Lmhosts file.
Note that the server named appname\0x14 contains a special character after the first 15 characters in its name (including the blanks) and so its name is enclosed in double quotation marks.
The number sign, when not used with a keyword, designates the start of a comment.
WINS Proxy
RFC 1001 cautions against using the b-node method for name resolution in a routed network that is, relying on broadcasts for name queries. However, in practice, b-nodes are sometimes useful in routed networks, and sometimes b-nodes cannot be removed or updated. For this reason, Microsoft introduced WINS Proxies. A WINS Proxy is a WINS-enabled computer that helps to resolve name queries for computers that are not WINS-enabled in routed TCP/IP networks.
By default, computers that are not WINS-enabled use b-node name resolution. The WINS Proxy listens on the local subnet for b-node name-service broadcasts, and responds on behalf of those names that are not on the local network. A WINS Proxy communicates with the WINS server, by means of directed datagrams, to retrieve the information necessary to respond to these broadcasts.
Because the WINS server does not respond to broadcasts, it is best if a computer configured as a WINS Proxy is installed on subnets containing computers that are not WINS-enabled.
The WINS Proxy checks broadcast name registrations against the WINS database by sending name-query requests to ensure that the names do not conflict with other names in the database. If a name exists in the WINS database, by default the WINS Proxy will send a negative name-registration response to the computer trying to register the name. In response to a name-release request, the WINS Proxy simply deletes the name from its cache of remote names.
The WINS Proxy always differentiates name queries for names on the local subnet from queries for remote names elsewhere in the network. It compares the subnet mask of any name it has resolved against its own subnet mask; if the two match, the WINS Proxy does not respond to the name query.
When the WINS Proxy receives a name query, it checks its remote name table. If the WINS Proxy does not find the name in the remote name table, it queries the WINS server, and then enters the name into the remote name table in a resolving state. If the WINS Proxy receives a query for the same name before the WINS server has responded, the WINS Proxy does not query the WINS server again. When the WINS Proxy receives the response from the WINS server, the WINS Proxy updates the remote table entry with the correct address and changes the state to resolved. The WINS Proxy only sends a reply message to the Windows XP Professional client if the WINS Proxy has the response already in its cache.
The behavior of a b-node client does not change when a WINS Proxy is added to the local subnet. If the first name-resolution query times out, the client tries again. If the WINS Proxy has the answer cached by the time it intercepts the new query, the WINS Proxy answers the Windows XP Professional client.
Disabling NetBT
Windows XP Professional file and print sharing components use NetBT to communicate with versions of Windows earlier than Windows 2000 and with non-Windows clients. However, the Windows XP Professional file and print sharing components (the redirector and server) support direct hosting for communicating with other computers running Windows XP Professional and Windows 2000. With direct hosting, DNS is used for name resolution. No NetBIOS name resolution (WINS or broadcast) is used and no NetBIOS sessions are established.
By default, both NetBT and direct hosting are enabled, and both are tried in parallel when a new connection is being established. The first method to succeed is used to establish the connection. You can disable NetBIOS support so that all traffic must use direct hosting.
To disable NetBT support
In Control Panel, selectNetwork and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change, and then click Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
Click Advanced.
Select the WINS Address tab.
Select Disable NetBIOS over TCP/IP.
Warning
If you disable NetBIOS support, applications and services that depend on NetBIOS over TCP/IP will no longer function. Therefore, it is imperative that you verify that clients and applications no longer need such support before you disable it. Disabling NetBT can prevent creation of file- and print-sharing connections with clients and servers that are not running Windows XP Professional or Windows 2000.
