Discussion:
DNS, WINS-R, Other?
(too old to reply)
Rob Wagner
2005-08-31 15:49:05 UTC
Permalink
We have two DNS servers (/Domain Controllers) DC1 and DC2. Both are
configured to allow WINS-R resolution when needed. They also provide WINS
services for our domain.

We have a sister company that accesses some of our resources. They do not
use our DNS/WINS servers.

If I do a reverse lookup against the DNS of a workstation on our sister
company's network, the reverse lookup succeeds through WINS-R. To determine
this, I made it so that WINS-R lookups came back with a different dns suffix
(e.g. wins.company.com). The lookups kept coming back with the old suffix
until I used NBTSTAT -R on the DNS/WINS servers; once I ran that, they came
back with the new suffix.

There are no records in our WINS servers that match these lookups, however
(and there shouldn't be). It looks like the DNS/WINS server is doing some
kind of a direct NetBIOS query of the host at that IP address to find out
what its host name is, then caching that lookup in the NetBIOS cache. (and
in turn, serving that cached entry as a WINS-R response)

Is this behaviour I can control? It's not really harming anything, I
suppose, it's just unexpected behaviour, and I cannot find anything obvious
telling me that this is behaviour as designed or not. I personally would not
expect anything not registered in DNS or WINS to come back from a reverse
lookup query.

Rob Wagner, Server Support Guy
Ace Fekay [MVP]
2005-08-31 21:30:12 UTC
Permalink
Post by Rob Wagner
We have two DNS servers (/Domain Controllers) DC1 and DC2. Both are
configured to allow WINS-R resolution when needed. They also provide
WINS services for our domain.
We have a sister company that accesses some of our resources. They do
not use our DNS/WINS servers.
If I do a reverse lookup against the DNS of a workstation on our
sister company's network, the reverse lookup succeeds through WINS-R.
To determine this, I made it so that WINS-R lookups came back with a
different dns suffix (e.g. wins.company.com). The lookups kept
coming back with the old suffix until I used NBTSTAT -R on the
DNS/WINS servers; once I ran that, they came back with the new suffix.
There are no records in our WINS servers that match these lookups,
however (and there shouldn't be). It looks like the DNS/WINS server
is doing some kind of a direct NetBIOS query of the host at that IP
address to find out what its host name is, then caching that lookup
in the NetBIOS cache. (and in turn, serving that cached entry as a
WINS-R response)
Is this behaviour I can control? It's not really harming anything, I
suppose, it's just unexpected behaviour, and I cannot find anything
obvious telling me that this is behaviour as designed or not. I
personally would not expect anything not registered in DNS or WINS to
come back from a reverse lookup query.
Rob Wagner, Server Support Guy
Does the record show up in DNS? When WINS resolution is enabled in DNS, it
will attempt to query with DNS first, using the client search suffix to
devolve it. If it can't find a match, then DNS queries WINS for a match. If
found, it will suffix the response with the original search suffix.

How do you control it? Disable WINS-R resolution. The only time I can think
of to use this feature is with legacy clients (NT4, Win9x and WinME), that
use NetBIOS as the default resolver method. Win2000 and newer clients use
hostname resolution first, then netbios.
--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Rob Wagner
2005-09-01 12:55:05 UTC
Permalink
No, the record does not show up in DNS or in the WINS database.

We have WINS-R enabled as a workaround for some clients that intermittently
do not get their DNS records dynamically registered when they connect in via
VPN. Usually they work fine, but sometimes our VPN users don't register
correctly. Unfortunately, we have a couple of UNIX servers that need to be
accessible, and they reject connections if the DNS reverse lookup fails.

I'm not curious about controlling WINS-R resolution, I'm curious about
WINS-R resolution working on hosts that are not registered in the WINS
database. It seems that the DNS/WINS server is going out and directly
querying the host at the requested IP address for its NetBIOS host name.
Post by Ace Fekay [MVP]
Post by Rob Wagner
We have two DNS servers (/Domain Controllers) DC1 and DC2. Both are
configured to allow WINS-R resolution when needed. They also provide
WINS services for our domain.
We have a sister company that accesses some of our resources. They do
not use our DNS/WINS servers.
If I do a reverse lookup against the DNS of a workstation on our
sister company's network, the reverse lookup succeeds through WINS-R.
To determine this, I made it so that WINS-R lookups came back with a
different dns suffix (e.g. wins.company.com). The lookups kept
coming back with the old suffix until I used NBTSTAT -R on the
DNS/WINS servers; once I ran that, they came back with the new suffix.
There are no records in our WINS servers that match these lookups,
however (and there shouldn't be). It looks like the DNS/WINS server
is doing some kind of a direct NetBIOS query of the host at that IP
address to find out what its host name is, then caching that lookup
in the NetBIOS cache. (and in turn, serving that cached entry as a
WINS-R response)
Is this behaviour I can control? It's not really harming anything, I
suppose, it's just unexpected behaviour, and I cannot find anything
obvious telling me that this is behaviour as designed or not. I
personally would not expect anything not registered in DNS or WINS to
come back from a reverse lookup query.
Rob Wagner, Server Support Guy
Does the record show up in DNS? When WINS resolution is enabled in DNS, it
will attempt to query with DNS first, using the client search suffix to
devolve it. If it can't find a match, then DNS queries WINS for a match. If
found, it will suffix the response with the original search suffix.
How do you control it? Disable WINS-R resolution. The only time I can think
of to use this feature is with legacy clients (NT4, Win9x and WinME), that
use NetBIOS as the default resolver method. Win2000 and newer clients use
hostname resolution first, then netbios.
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Ace Fekay [MVP]
2005-09-02 04:42:44 UTC
Permalink
Post by Rob Wagner
No, the record does not show up in DNS or in the WINS database.
We have WINS-R enabled as a workaround for some clients that
intermittently do not get their DNS records dynamically registered
when they connect in via VPN. Usually they work fine, but sometimes
our VPN users don't register correctly. Unfortunately, we have a
couple of UNIX servers that need to be accessible, and they reject
connections if the DNS reverse lookup fails.
I'm not curious about controlling WINS-R resolution, I'm curious about
WINS-R resolution working on hosts that are not registered in the WINS
database. It seems that the DNS/WINS server is going out and directly
querying the host at the requested IP address for its NetBIOS host name.
What type of VPN server are you using? Do the VPN clients use DHCP? If
Windows VPN, I'm sure you have it set to acquire an IP from DHCP, which you
can force DHCP to force registration for everything.

If the host is not registered in WINS, I can't see how a WIN-R will find it
if DNS doesn't, since that's the order it uses.

Back to your original post, you said:
===============
"There are no records in our WINS servers that match these lookups, however
(and there shouldn't be). It looks like the DNS/WINS server is doing some
kind of a direct NetBIOS query of the host at that IP address to find out
what its host name is, then caching that lookup in the NetBIOS cache. (and
in turn, serving that cached entry as a WINS-R response)

Is this behaviour I can control?"
===============

I believe what *may* be going on is the resolution method. Win2000 and newer
is based on hostname lookup, then netbios if hostname fails. Hostname lookup
starts with the local DNS cache, then DNS, then it queries using the NetBIOS
process. For NetBIOS, if the NetBIOS node type is 0x8, it will first query
it's local NetBIOS cache, then WINS, then broadcast. If there's nothing in
cache, or in WINS, then that maybe what is going on where it's broadcasting
for the machine's name (not necessarily a direct NetBIOS query of the host
with that IP address).

Ace
Rob Wagner
2005-09-02 13:31:03 UTC
Permalink
Hmmm.... node type of 0x8, you say? Option "046 WINS/NBT Node Type' on our
DHCP server is set to 0x8. It's been years since that was set (I know that
at the time it was set most of the clients on the network were Windows 95),
so I don't even remember why its set to that :) That might explain things.

I'll do a little reading on the subject, thanks for your input!

Rob
Post by Ace Fekay [MVP]
Post by Rob Wagner
No, the record does not show up in DNS or in the WINS database.
We have WINS-R enabled as a workaround for some clients that
intermittently do not get their DNS records dynamically registered
when they connect in via VPN. Usually they work fine, but sometimes
our VPN users don't register correctly. Unfortunately, we have a
couple of UNIX servers that need to be accessible, and they reject
connections if the DNS reverse lookup fails.
I'm not curious about controlling WINS-R resolution, I'm curious about
WINS-R resolution working on hosts that are not registered in the WINS
database. It seems that the DNS/WINS server is going out and directly
querying the host at the requested IP address for its NetBIOS host name.
What type of VPN server are you using? Do the VPN clients use DHCP? If
Windows VPN, I'm sure you have it set to acquire an IP from DHCP, which you
can force DHCP to force registration for everything.
If the host is not registered in WINS, I can't see how a WIN-R will find it
if DNS doesn't, since that's the order it uses.
===============
"There are no records in our WINS servers that match these lookups, however
(and there shouldn't be). It looks like the DNS/WINS server is doing some
kind of a direct NetBIOS query of the host at that IP address to find out
what its host name is, then caching that lookup in the NetBIOS cache. (and
in turn, serving that cached entry as a WINS-R response)
Is this behaviour I can control?"
===============
I believe what *may* be going on is the resolution method. Win2000 and newer
is based on hostname lookup, then netbios if hostname fails. Hostname lookup
starts with the local DNS cache, then DNS, then it queries using the NetBIOS
process. For NetBIOS, if the NetBIOS node type is 0x8, it will first query
it's local NetBIOS cache, then WINS, then broadcast. If there's nothing in
cache, or in WINS, then that maybe what is going on where it's broadcasting
for the machine's name (not necessarily a direct NetBIOS query of the host
with that IP address).
Ace
Ace Fekay [MVP]
2005-09-03 14:54:39 UTC
Permalink
Post by Rob Wagner
Hmmm.... node type of 0x8, you say? Option "046 WINS/NBT Node Type'
on our DHCP server is set to 0x8. It's been years since that was
set (I know that at the time it was set most of the clients on the
network were Windows 95), so I don't even remember why its set to
that :) That might explain things.
I'll do a little reading on the subject, thanks for your input!
Rob
No prob Rob. Check this out for how the resolution order works:
http://www.comptechdoc.org/os/windows/wintcp/wtcpname.html

Loading...