nmbd uses only first IP address even when more are returned by DNS

Christopher R. Hertel crh at ubiqx.mn.org
Thu Oct 16 17:21:48 GMT 2003

On Thu, Oct 16, 2003 at 09:19:47AM +0200, bernd.casimir at daimlerchrysler.com wrote:
> Hi,
> to get rid of the inconsistency problems between WINS and DNS we modified
> the SAMBA nmbd
> to use DNS as the only source to respond to WINS name queries
> (WINS-to-DNS-Proxy).

Oh, that's ugly.

> To be able to respond to domain controller queries we added some lines of
> code that adds
> "-PDC" to the DNS query when a client requests a name with type "1B" and "
> -DC" if it is type "1C".

Are these modified versions of the names?  I assume that the name 
<workgroup>-PDC is added to the DNS to identify the PDC, is that what 
you're doing?

> Unfortunately nmbd uses only the first IP address of the DNS response -
> even when several
> domain controllers are reported by DNS.

The code was probably written to deal with WINS queries, in which case the
first IP returned in response to a <1C> query will be the IP of the PDC.


> Do you think this can be modified in a later version of samba?

Why would we want to do that?

> Over 30.000 productive clients are running very fine with this solution.
> The only drawback is that there must be a memory leak in nmbd as the used
> memory
> increases from hour to hour and we have to restart nmbd every night...

Is the memory leak in your code or ours?  Which version of Samba?

> PS: If you are interested in the modifications for a WINS-to-DNS-Proxy I
> can post the diffs...

I am deeply opposed to the idea of nailing the NetBIOS namespace to the 
DNS namespace.  The NetBIOS namespace is separate, and has the following 

  - It is flat.  There is no hierarchy, as there is in the DNS world.
  - It is localized.  Under NBT, the NetBIOS namespace is defined by the
    local IP broacast domain or by the share NBNS (WINS server) or by the 
    union of the two.  Your NetBIOS namespace is distinct from mine.  The 
    DNS namespace, in contrast, is meant to be global (which is why there
    is a hierarchical structure).
  - DNS names map to IP addresses.  NetBIOS names map to applications or
    services.  The NBT layer provides the IP address at which the name can 
    be found, but the *meaning* of the NetBIOS name is quite different 
    from the meaning of the NetBIOS name.

Using DNS names to locate NetBIOS services is, at best, a kludge.  Yeah, 
it works, but it was never part of the original design of the NBT layer.  
It works because 99% of the systems out there keep the DNS host name 
consistent with the NetBIOS machine name.

... and there's the problem you're facing.  There are two or three base 
names used by SMB systems to create all of the (several) NetBIOS names 
they typically register.  The three most common base names are:
- The host name
- The workgroup name
- The logged-on user name

The NT Domain names are built using the workgroup name, which is 
(generally) not the same as the host name.  That in mind, you have to 
assign several DNS names (CNAMES?) per IP address to fudge NetBIOS name 
service behavior out of the DNS.  Ick.

No, I think we've already gone too far down the road of kludging things to 
work with DNS.  Windows2000 introduced SMB without the NBT layer, and it 
is appropriate to use the DNS for name resolution in that space.  For NBT 
transport, using DNS lookups really should be the last resort, not the 

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list