Wednesday, December 13, 2017

windows - DFS Namespaces DNS and NetBIOS Name Resolution



I have a Windows Domain which hosts a number of DFS Namespaces in an environment which has DNS servers only (the clients are Windows 7+ and NetBIOS is not disabled on them).



Example




Domain: andshrew.com
DFS Namespace: andshrew.com\Files



I have an situation in that in many instances these have been referred to using the NetBIOS name only (ie. \\andshrew\Files) rather than the FQDN, and as a result of this (I believe) there is often a slowness associated with accessing these links for the first time. Accessing the FQDN (ie. \\andshrew.com\Files) is always near instant.



From the testing I have done I believe this is due to the use of the NetBIOS name, and any connecting clients are essentially sending out a broadcast to discover the address of these when they are first accessed. In my testing I have disabled NetBIOS on the network adapter and these then become completely inaccessible which I think confirms this to be the case.



Changing these references to use the FQDN is going to be challenging, so I've tested an idea to create a CNAME record in our DNS with the same name as the Domain pointing back to the Domains FQDN.



CNAME andshrew.andshrew.com which resolves to andshrew.com




The idea being that when a client accesses \\andshrew\Files their DNS client will try a search which automatically appends the Domains FQDN which then resolves to the Domains FQDN.



I've tested this and it seems to work, but is doing this a fundamentally bad idea? Is there anything which I am overlooking (eg. can NetBIOS lookups take precedence over DNS in Windows Explorer)? Obviously the end-game is to get everything correctly referring to the FQDN but until then I'm hoping this would resolve the slow NetBIOS lookups.



Are there any other suggestions for how I could resolve this?



Thanks



Andrew



Answer



We have been doing this exact same thing for about six years now (CNAME the short name to the domain), with no apparent ill effects.



Name resolution on Windows is a maze of twisty passages, so figuring out exactly how any given component might try to look up a name (or trying to change/control that) is very difficult.



If you don't want to use NetBIOS, you may want to consider disabling NetBIOS-over-TCP on every adapter, everywhere. Otherwise NetBIOS will tend to pop up unexpectedly and confuse things. Alternatively, if you still want NetBIOS for whatever reason, I'd recommend setting up a WINS server.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...