NetBios Group Name Lookup?

Christopher R. Hertel crh at
Thu Oct 7 18:19:35 GMT 1999

> Christopher R. Hertel wrote:
> > 
> > Mike and I have been discussing this issue a bit.  Here's the tofu:
> > 
> > - The RFCs say that you should be able to send a query on a group name to
> >   an NBNS (WINS) server.  You should get back an array of entries.  If
> >   the UDP packet is too small, the truncation bit will be set and the
> >   query must be repeated using UDP.
> > 
> > - Instead, the WINS server that Mike is testing against returns only
> >  Sending to that address will not, of course, reach
> >   any group members that are not on the local LAN.
> > 
> > Is this a bug (or bad implementation) in WINS?
> This is exactly what the spec says you should do for
> a group name. Read RFC 1001/1002.

RFC 1001:

   An NBNS answers queries from a P node with a list of IP address and
   other information for each owner of the name.  If there are multiple
   owners (i.e. if the name is a group name), the NBNS loads as many
   answers into the response as will fit into a UDP packet.  A
   truncation flag indicates whether any additional owner information
   remains.  All the information may be obtained by repeating the query
   over a TCP connection.

RFC 1002:

   The ADDR_ENTRY ARRAY a sequence of zero or more ADDR_ENTRY
   records.  Each ADDR_ENTRY record represents an owner of a name.
   For group names there may be multiple entries.  However, the list
   may be incomplete due to packet size limitations.  Bit 22, "T",
   will be set to indicate truncated data.

   Each ADDR_ENTRY has the following format:

   |          NB_FLAGS             |          NB_ADDRESS           |
   |   NB_ADDRESS (continued)      |

So, the RFCs *do* specify that an array of entries will be returned in
response to a name query.  This list could only be returned from an NBNS
server, since only the NBNS server would keep track of multiple entries 
for the same group name.

Now, it's quite possible that MS punted on this and decided to return the
broadcast address.  When they wrote this stuff, they made a lot of local
LAN assumptions about the networks on which they would be running. 
Returning the broadcast address would, on a LAN, be "good enough" and
would releive MS from having to open a TCP connection to get the full

If the address return value is listed in the RFCs, please
point it out to us.  I did a quick search and could not find any

> An *internet* group name is a special MS invention
> that returns an IP list as you require. I used this
> in the recent PDC/BDC query code on NAME<1c>. Our
> WINS server also supports this.

I'm not familiar with this distinction.  Is there some documentation that 
explains the difference?  Is there a difference in the query packet?

Chris -)-----

             -- I have a shoehorn, the kind with teeth. --
Christopher R. Hertel -)-----                   University of Minnesota
crh at              Networking and Telecommunications Services

More information about the samba-technical mailing list