Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
programming4us
Windows 7

Networking with Windows 7 : Resolving Names to IP Addresses

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
5/29/2011 11:42:55 AM
Name resolution is used on networks to resolve names to IP addresses. You and I use names and words to communicate, but computers use numbers.

If I ask you the IP address of bing.com, you probably don't know it. However, if I ask you the name of Microsoft's online search engine, you probably know the name Bing.com, and that's all you need to know. When you enter Bing.com into a web browser, it is resolved to an IP address and the IP address is used for connectivity.

There are seven methods of resolving names. Three are used primarily, with hostnames used on the Internet and internal networks. Three are found on internal Microsoft networks using NetBIOS names.

Hostnames and NetBIOS names can also be resolved using a seventh method: broadcasts. Broadcasts are usually used as a last resort to help minimize broadcast traffic on a network. The client broadcasts the name onto the network, and if the host with that name is on the network, it will respond with the IP address. Remember though, broadcasts do not cross routers, so the broadcast name resolution method is good only for the same subnet.

Name resolution methods are tied to two types of names:


Hostnames

A host name can be up to 255 characters in length and is the only type of name used on the Internet. When a hostname is combined with a domain name, it becomes a fully qualified domain name (FQDN). For example, a Windows 7 PC named Client1 in the domain wiley.com has an FQDN of Client1.wiley.com. Hostnames are primarily resolved by DNS servers.


NetBIOS

names A NetBIOS name has 15 readable characters, with the 16th byte identifying a service running on the system. The use of NetBIOS names has been significantly reduced in networks in favor of hostnames, but they are still being used by older applications. Since NetBIOS names are not supported in IPv6, this usage will eventually disappear. NetBIOS names are primarily resolved by WINS servers.

1. Hostname Resolution Methods

While DNS is the primary method used to resolve hostnames, it's not the only method. There are three primary methods used to resolve hostnames:


DNS

DNS servers answer queries for name resolution of hostnames. When queried with a name, the DNS server returns the IP address. DNS servers are typically configured with addresses of other DNS servers. If the queried DNS server does not know the IP address, it will forward the name resolution request to other DNS servers to determine the IP address. This forwarding occurs on internal networks and on the Internet.

You can easily check which DNS server is assigned to a client with the IPConfig /All command.



Hosts file

The Hosts file is located in the %windir%\System32\Drivers\etc folder. Entries in the Hosts file are automatically placed into the host cache. Malware sometimes modifies the Hosts file to prevent a client from accessing specific websites. For example, a bogus entry could be placed in the file for Microsoft's update site, and the client would no longer be able to get updates.


Host cache

Once a name is resolved by DNS, the result is placed in the host cache (also called the DNS cache, which is a little misleading because this cache also holds entries from the Hosts file). You can view the host cache with the IPConfig /DisplayDNS command.

You can remove host cache entries from cache using the IPConfig /FlushDNS command. This will remove all entries that were cached from a DNS query, but it will not remove entries placed in cache from the Hosts file.



Exercise: Using Hostname Resolution Methods

  1. Launch a command prompt.

  2. Enter the following command to resolve a name using DNS:

    Ping msn.com

    The first line should be something like this:

    Pinging msn.com [207.68.172.246] with 32 bytes of data:

    The IP address verifies that name resolution is working. It's very likely that msn.com will block the ping, so it will result in Request Timed Out errors. However, you can still use this method to verify name resolution with DNS.

  3. Enter the following command to view the host cache entries:

    IPConfig /displayDNS

    You'll see that the address of msn.com is included in this result with other data from the answering DNS server. Time To Live indicates how long (in seconds) the entry will remain in cache.

    ----------------------------------------
    Record Name . . . . . : msn.com
    Record Type . . . . . : 1
    Time To Live . . . . : 247
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 207.68.172.246

  4. Enter the following command to clear the host cache of all DNS entries:

    IPConfig /flushDNS

  5. Enter the following command to view the host cache entries again:

    IPConfig /displayDNS

    You'll see that the address of msn.com is no longer shown. The only entries showing are those derived from the Hosts file.

  6. Enter the following command to open the Hosts file:

    notepad %windir%\System32\Drivers\etc\hosts

  7. Scroll to the bottom of the Hosts file, and add the following entry:

    192.168.1.77 msn.com

  8. Press Ctrl+S to save the file.

  9. Enter the following command to view the host cache entries again:

    IPConfig /displayDNS

    You'll see that the address of msn.com is now in cache. Even if you enter the IPConfig /FlushDNS command, the entry will remain in cache.

  10. Enter the following command to try to ping msn.com:

    Ping msn.com

    The first line should be something like this:

    Pinging msn.com [192.168.1.77] with 32 bytes of data:

    Notice that this is not the valid address of msn.com, but instead it reflects the entry you entered in the Hosts file. With this entry in the Hosts file, the client will never be able to access the actual msn.com site.

  11. Delete the msn.com entry in the Hosts file, and save the Hosts file in its original configuration.


2. NetBIOS Name Resolution Methods

NetBIOS names can be resolved using three methods. These methods are different from the primary methods used to resolve hostnames. However, if a hostname can't be resolved using the primary hostname resolution methods, you can attempt the NetBIOS name resolution methods.

These are the primary methods used to resolve NetBIOS names:


WINS

WINS servers will answer name resolution queries for NetBIOS names. When queried with a name, the WINS server returns the IP address. Whereas DNS servers can be configured to query other DNS servers to resolve a name, WINS servers cannot query other WINS servers.


LMHosts file

The LMHosts file is located in the %windir%\System32\Drivers\etc folder.


NetBIOS cache

Once a name is resolved by WINS, the result is placed in the NetBIOS cache. You can view the NetBIOS cache with the NBTStat /c command.

The use of NetBIOS names in networks is significantly reduced today.

3. Using NSLookup

Although the IPConfig and Ping commands can very often be useful when troubleshooting name resolution issues, there are times when you'll want to query the DNS server directly to get detailed information. The NSLookup tool is a command-prompt utility that you can use to get specific information from a DNS server.

NOTE

NSLookup uses the DNS server IP address that is either manually assigned to the network adapter or received by the DHCP server. Because of this, you don't have to identify the IP address of the DNS server when using NSLookup.

As an example, you may want to check to see if DNS can resolve the name of a file server (FS1) to an IP address. Listing 1 shows how the NSLookup command can be used. The line numbers are shown for explanation purposes. Line 1 is the command, and lines 2–6 show the results.

Example 1. Using NSLookup
1 C:\>nslookup fs1
2 Server: dc1.wiley.com
3 Address: 192.168.1.10
4
5 Name: fs1.Wiley.com
6 Address: 192.168.1.21

Lines 2 and 3 identify the DNS server (by name and IP address), resolving the name. The client knows the IP address of the DNS server and uses a reverse lookup to identify the name of the DNS server. Lines 5 and 6 provide the result of the query. This shows definitively that the DNS server (hosted on DC1) can resolve the server named FS1 to an IP address of 192.168.1.21.

If the DNS server did not have a record for the name and couldn't resolve it, you'd see something like Listing 2.

Example 2. Verifying a DNS record doesn't exist with NSLookup
1 C:\>nslookup fs25
2 Server: dc1.wiley.com
3 Address: 192.168.1.10
4
5 *** dc1.wiley.com can't find fs25: Non-existent domain

Notice that lines 2 and 3 stay the same because the same DNS server is providing the answer. However, these first two lines are dependent on the DNS server having a reverse lookup zone and a PTR record for the DNS server in the zone. Because reverse lookup zones are optional, you often won't see them.

As an example, Listing 3 shows what you'll see if the DNS server (DC1) doesn't have a PTR record in DNS.

Example 3. Using NSLookup without a PTR record
1 C:\>nslookup fs1
2 Server: Unknown
3 Address: 192.168.1.10
4
5 Name: fs1.Wiley.com
6 Address: 192.168.1.21

Line 2 shows that the DNS server couldn't be identified (because the PTR record is deleted). However, it's important to note that FS1 is still successfully resolved.

If the DNS server doesn't have a reverse lookup zone, it will still work, though the result looks like something is drastically wrong. Listing 4 shows the result when the reverse lookup zone doesn't exist.

Example 4. Using NSLookup without a reverse lookup zone
1 C:\>nslookup fs1
2 DNS request timed out.
3 timeout was 2 seconds.
4 Server: UnKnown

5 Address: 192.168.1.10
6
7 Name: fs1.Wiley.com
8 Address: 192.168.1.21

When looking at lines 2 and 3, you may think that DNS isn't responding, but all this is saying is that it timed out when it tried to do a reverse lookup of 192.168.1.10 to determine the name.

Note that lines 7 and 8 still provide the result of the name resolution request. In other words, even though you see the message stating "DNS request timed out," the DNS server still resolved the hostname to an IP address.

What if the DNS server is not responding at all? This could happen if the DNS server is down or the DNS service is not running on the server. Listing 5 shows the result when NSLookup is used to query a server with the DNS service stopped.

Example 5. Using NSLookup with an unreachable DNS server
1 C:\>nslookup fs1
2 DNS request timed out.
3 timeout was 2 seconds.
4 Server: UnKnown
5 Address: 192.168.1.10
6
7 DNS request timed out.
8 timeout was 2 seconds.
9 DNS request timed out.
10 timeout was 2 seconds.
11 *** Request to UnKnown timed-out

Line 5 shows the IP address that the client is using as the DNS server. The rest of the information indicates the DNS server is not responding at all. At this point, you should check that this is a valid IP address for the DNS server and verify that it is operational.

Other -----------------
- Understanding Network Connectivity in an Enterprise (part 4) - Configuring a Network Interface Card & Using Proxy Servers
- Understanding Network Connectivity in an Enterprise (part 3) - Understanding the IP Addresses
- Understanding Network Connectivity in an Enterprise (part 2) - Understanding the DHCP Lease
- Understanding Network Connectivity in an Enterprise (part 1) - Unicast, Multicast, and Broadcast & Using IPConfig
- Configuring and Troubleshooting Application Issues : Identifying and Resolving Software Failure Issues (part 2)
- Configuring and Troubleshooting Application Issues : Identifying and Resolving Software Failure Issues (part 1)
- Configuring and Troubleshooting Application Issues : Designing a Deployment Strategy
- Configuring and Troubleshooting Application Issues : Designing a Delivery Strategy
- Configuring and Troubleshooting Application Issues : Installing and Configuring Software
- Troubleshooting Boot Issues (part 2) - Using MSConfig & Startup and Recovery Options
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server