More questions about WINS, interfaces, etc

Fri Sep 19 19:23:08 GMT 1997

> Date: Thu, 18 Sep 1997 17:02:38 +0100 (BST)
> From: Luke Kenneth Casson Leighton <lkcl at switchboard.net>
> To: mac at nibsc.ac.uk
> Subject: Re: More questions about WINS, interfaces, etc

> On Thu, 18 Sep 1997 mac at nibsc.ac.uk wrote:

> > Hi all,
> > 
> > >> I have yet another question about WINS and DNS...  Why can't the
> > >> DNS be used as the database of reference for name-to-address
> > >> mappings when using NB over TCP/IP?
> > >
> > >we're working on that, for samba-2.
> > 
> > 
> > No, no, NO !!!

> ??  i don't understand.

> ok.  i'll re-read (or, more like read) your question.  why can't dns be 
> used as the database of reference for name-to-address mappings.

> it can be.  put "dns proxy = yes" in the [global] section of smb.conf.  
> this will do a gethostbyname() call on the NetBIOS name, and cache the 
> response received for up to two hours.  this is because gethostbyname() 
> is a blocking call, which therefore disrupts your name services and 
> browsing services until gethostbyname() returns.

OK, first a simple question:  why not just set it to the TTL of
the DNS response?

And next, what if the DNS server was local and came back with an answer
very quickly?  What if there was non-blocking code to make queries?
Or for that matter, what if you wanted NIS or NIS+ to be the database 
of reference?

> > Why can't I have completely separate DNS and NB namespaces?

> i don't understand the intent behind your question.  DNS and NetBIOS 
> namespaces are on 

> > Windows clients support this quite happily, so why can't Samba?

> no they don't: only NT workstation supports DNS resolution of ip 
> addresses instead of using NetBIOS name resolution of ip addresses.

> because of this limitation (in all windows clients to only use DNS, not 
> NIS or NIS+, and in all windows clients except NT, which uses DNS 
> directly), we have added an option "dns proxy = yes" which results in a 
> gethostbyname() call if a NetBIOS name is not in the WINS cache in nmbd.

Sanity check here.  A host gets its address either statically, or via
DHCP.  Its name is static.  It defends the name on the network, and
in doing so gets noticed by the local NB name server (or domain
controller?).  Next, when someone wants to resolve that host's name,
do they ask the NB name server, or do they just broadcast the request,
hoping that the host is local, and will respond itself (like ARP)?

What if DNS delay weren't an issue?  What if, for that matter, you
wanted to use NIS+ as your database of reference?

> > Each system has its own repository of information (named, or WINS server)
> > and distinct mechanisms exist for lookup and retrival of info.

IMHO this is a liability.  As long as the possibility of clashes
or inconsistencies exist between two name spaces that allow the
same name to exist in both spaces, you are setting yourself up
for confusion (best case) and gapping wide security holes (worst
case).

> true.  it is worth mentioning that the resolution of these names is on 
> completely separate port numbers.  it is also worth mentioning that 
> rfc1001/2.txt (NetBIOS) is based on rfc883.txt (DNS).

> > By all means give Samba the capability to use the DNS as the prime source
> > of information, but please, please allow it also to keep the NB namespace
> > uterly separate.

> we do.  DNS-looked-up names are marked with a special flag: "DNS" or 
> "DNSFAIL" in the WINS cache.  if the NetBIOS name is subsequently 
> registered (a pc gets switched on), then the DNS entry is deleted.

> luke

-Philip