Comparing DNS and NetBIOS
DNS is the preferred naming
system in the Windows Server 2003 family and, compared to NetBIOS,
offers superior scalability, security, and compatibility with the
Internet. Although DNS requires configuration before it can function, it
is still an essential element in Active Directory domains and is
therefore used in most Windows Server 2003 networks. However, NetBIOS is
still often used as a backup name resolution method, particularly
because it can provide, without configuration, name resolution for
computers located on the same network segment. In addition, NetBIOS is
used for compatibility with older Windows features, such as browsing the
Microsoft Windows Network through My Network Places or connecting to
shares through Universal Naming Convention (UNC) addresses such as
\\computer1\share1.
Note
NetBIOS
is not actually a naming system but an application programming
interface (API), used in older Microsoft networks, that allows computers
to connect and communicate. Naming and name resolution are two of the
many services NetBIOS offers. |
In
Windows Server 2003 networks, DNS name resolution takes priority over
NetBIOS name resolution. This prioritization is handled by the DNS
Client service, which is responsible for directing name resolution. The
DNS Client service first attempts name resolution through DNS; if this
fails, the DNS Client service then submits the name to NetBIOS.
Note
The DNS Client service is also known as the resolver. |
Comparing Computer Names
When you install Windows
Server 2003 on a computer, you must assign the computer a name. This
name, which you can modify in the System Properties dialog box, forms
the basis both for its DNS host name and its NetBIOS name. Specifically,
an individual label such as “server1” assigned to a computer is known
as a host name in DNS. Provided that it does not exceed 15 characters, the same name is then also used as the NetBIOS name.
Despite this
similarity, DNS is distinct from NetBIOS in that the DNS namespace is
hierarchical. Each DNS host name is merely a part of a full name, known
as a fully qualified domain name (FQDN), that specifies both the host name and its domain. An example of an FQDN is www.lucernepublishing.com. NetBIOS includes no such hierarchy; as a result, every NetBIOS name must be unique on the network.
Table 1 summarizes the various name types and name components used in Windows Server 2003 networks.
Table 1. Computer Names and Name Suffixes
| Name Type | Description
|
|---|
| NetBIOS name | A
NetBIOS name is used to uniquely identify a NetBIOS service listening
on the first IP address that is bound to an adapter. This unique NetBIOS
name is resolved to the IP address of the server through broadcast, the
Windows Internet Name Service (WINS), or the Lmhosts file. NetBIOS
computer names are 15 characters, whereas NetBIOS service names are 16
characters. By default, the first 15 characters of the NetBIOS service
name are the same as the host name, padded with zeros. The sixteenth
character is used to identify the specific NetBIOS service.
|
| Host name | The
term host name typically refers to the first label of an FQDN. For
example, the first label of the FQDN client1.lucernepublishing.com is
client1. A host name is also often referred to as computer name. |
| Primary DNS suffix | Every
computer in a Windows Server 2003 network can be assigned a primary DNS
suffix to be used in name resolution and name registration. The primary
DNS suffix is specified on the Computer Name tab of the properties
dialog box in My Computer. The primary DNS suffix is also known as the primary domain name and the domain name.
For example, the FQDN c1.lucernepublishing.com has the primary DNS suffix lucernepublishing.com.
|
| Connection-specific DNS suffix | The
connection-specific DNS suffix is a DNS suffix that is assigned to an
adapter.The connection-specific DNS suffix is also known as an adapter DNS suffix.
For example, a connection-specific DNS suffix might be subnet2.lucernepublishing.com.
|
| FQDN | The
FQDN is a DNS name that uniquely identifies the computer on the
network. Typically, it is a concatenation of the host name, the primary
DNS suffix, and a period. For example, an FQDN might be
client1.lucernepublishing.com. |
| Full computer name | The
full computer name is a type of FQDN. The same computer can be
identified by more than one FQDN, but only the FQDN that concatenates
the host name and the primary DNS suffix represents the full computer
name. |
Table 2 compares the general features of NetBIOS computer names and DNS host names.
Table 2. Comparison of NetBIOS and DNS Names
| | NetBIOS Computer Name | DNS Computer Name |
|---|
| Type | Flat | Hierarchical |
| Character restrictions | Unicode characters, numbers, white space, symbols: ! @ # $ % ^ & ’) (.-_{} ~ | A–Z, a–z, 0–9, and the hyphen (-); period (.) has special reserved meaning |
| Maximum length | 15 characters | 63 bytes per label; 255 bytes per FQDN |
| Name service | WINS NetBIOS broadcast Lmhosts file | DNS Hosts file |
Comparing Name Resolution Procedures
Within
each of the two general categories of name resolution—DNS and
NetBIOS—Windows Server 2003 networks provide a set of methods to resolve
computer names.
For DNS, these name resolution methods include the following:
For NetBIOS name resolution, these methods include the following:
Name lookup in the local NetBIOS name cache
WINS server query
Query of local network through NetBIOS broadcasts
Name lookup in the Lmhosts file, found in the WINDOWS\System32\Drivers\Etc folder
Tip
Remember the following NetBIOS-related commands for the exam: |
Determining When DNS Is Required
In general, DNS is required for networks under the circumstances described in the following sections.
Networks Using Microsoft Windows 2000 or Windows Server 2003 Domains
When computers are
members of a Windows 2000 or Windows Server 2003 domain, DNS must be
configured. Active Directory is tightly integrated with DNS, and DNS is
used by Active Directory as its locator service. (A locator service
assists clients in a Windows Server 2003 or Windows 2000 domain to find
hosts and services with an unknown location within a given domain.)
DNS for Internet or Intranet Access
You must use DNS if you need to connect to computers on your network or the Internet by specifying DNS host names.
Determining When NetBIOS Is Required
Windows
Server 2003 networks support NetBIOS over TCP/IP (NetBT) for backward
compatibility with earlier versions of Windows and for compatibility
with NetBIOS applications. Microsoft Windows NT domains—as well all
workgroups using Microsoft Windows 95, Microsoft Windows 98, Microsoft
Windows Millennium Edition (Me), and Windows NT—use NetBIOS names and
the NetBIOS protocol.
NetBIOS name
resolution is also necessary for network clients using applications or
services that require NetBIOS name resolution. An example of such a
service is the Computer Browser service, which enables network browsing
through the Microsoft Windows Network icon in Windows Explorer.
Finally, NetBIOS name
resolution is required in networks for which DNS has not yet been fully
configured. An example is a computer workgroup in which no DNS server
has been installed. In this case, NetBIOS broadcasts are required to
resolve computer names.
Although
no solution besides NetBIOS can provide broadcast-based name
resolution, some secure alternatives for network browsing are available.
First, if you have added network shares to the Active Directory global
catalog, users can locate and connect to these shares through Windows
Explorer. Alternatively, you can use Distributed File System (DFS) to
build an easily browsed structure for all the shared folders on your
network. After users connect to the root DFS share, they can browse
shared resources regardless of the server that hosts the share. Finally,
don’t forget that although network browsing is not available without NetBIOS, you can still connect to network resources through My Network Places as long as you specify those resources by name. |
|
Disabling NetBIOS
NetBIOS is enabled by
default for all local area connections in Windows Server 2003. However,
if you have implemented DNS on your network and do not need to provide
compatibility with versions of Windows earlier than Windows 2000, you
have the option of disabling NetBIOS for any or all network connections.
The main advantage of
disabling NetBIOS is improved network security. NetBIOS as a service
stores information about network resources that can be collected by any
host through broadcast-based queries. Feasibly, this information could
be exploited by a malicious intruder. Another advantage of disabling
NetBIOS is that doing so can simplify administration by reducing the
number of naming infrastructures that you must configure, maintain, and
support.
The
most obvious disadvantage of disabling NetBIOS is that it renders
inoperable network browsing through the Microsoft Windows Network icon.
(You access this icon in Windows Explorer by expanding My Network Places
and by then double-clicking the Entire Network icon.) Network browsing
is made possible by the availability of browse lists compiled by the
Computer Browser service; the Computer Browser service relies on NetBIOS
and the NetBT protocol. Another disadvantage of disabling NetBIOS is
that it decreases fault tolerance. If DNS is improperly configured, name
resolution fails. Finally, some networks use third-party applications
that require NetBIOS. Before disabling NetBIOS on your network, be sure
to set up a test network to see whether all needed applications function
properly.
To disable WINS/NetBIOS name resolution, complete the following steps:
1. | Open the Network Connections window.
|
2. | Right-click Local Area Connection, and then click Properties.
The Local Area Connection Properties dialog box opens.
|
3. | In the list of components, click Internet Protocol (TCP/IP), and then click Properties.
The Internet Protocol (TCP/IP) Properties dialog box opens.
|
4. | Click Advanced.
The Advanced TCP/IP Settings dialog box opens.
|
5. | Click the WINS tab.
|
6. | Click the Disable NetBIOS Over TCP/IP option.
|
7. | Click OK twice, and then click Close.
|
Off the Record
Even
for networks that don’t require it, NetBIOS can be a tough habit to
break. It’s hard to beat the convenience of broadcast-based name
resolution—if only as a failover from DNS—or of network browsing through
the Microsoft Windows Network icon. Indeed, even though NetBIOS is
often written about as a “legacy” protocol used only in old networks,
most modern Microsoft networks still rely on it as a crutch if not as a
necessity. Even so, you should seriously consider sacrificing the
convenience of NetBIOS for improved security: the ready availability of
network information that NetBIOS provides is, after all, precisely what
makes this API a potential security risk. |
