Eight Simple Rules for Name Resolution

by Ed Fisher on 2007-08-29

in Architecture

  1. Use fully qualified domain names in all that you do.
  2. Leverage centralised name resolution that is close to (local) to the client…that means DNS.
  3. Make sure all resources are registered in DNS using A records for the true hostnames in their ‘home’ domain.
  4. Where necessary, use CNAMEs to alias resource names, especially into other zones.
  5. Make no assumptions about clients’ configuration. Provide for NetBIOS resolution, and make sure that DHCP scopes assign the most common DNS search suffix for your environment.
  6. use HOSTS and LMHOSTS files only when you must
    -use BGINFO to make clear that such is the case…see this blog entry.
  7. do not use Internet tld’s for internal purposes unless you own the namespace
    -then, use a subdomain. Do not EVER use CORP as your most specific name/NetBIOS name. Make that the unique part that identifies your company.
    widgets.company.corp==good
    corp.widgets.company==bad
    Trusts require that the NetBIOS name be unique. Any mergers/divestitures/acquisitions in your future?
  8. Just because you can do something, doesn’t mean you should
    -disjoint namespaces
    -differing NetBIOS names from FQDNs
    -aliasing names so you can use short url’s, eq plugging a CNAME for "intranet" into every zone, and telling users to use http://intranet to get there….watch the traffic, IE tries NetBIOS first!

    9. And keep in mind the order of name resolution methods your o/s will follow…

    1) is it ‘me?’
    2) is it cached? Remember, if you have a HOSTS file, it is cached.
    3) if fqdn or process not defaulting to NetBIOS, query DNS
         a) query primary, wait for response
         b) requery primary, wait twice as long for response
         c) rerequery primary, wait twice times twice as long for response
         d) try to query primary by establishing a tcp session. If RST ACK go to secondary, else wait for tcp timeout, THEN go to secondary
         e) do the whole thing again with the secondary…etc
    4) Try NetBIOS methods if configured to do so
         a) is it cached? Rember, if you have an LMHOSTS file, it is cached
         b) query WINS server(s)
    5) Broadcast

    Notice, the VERY LAST thing your client will try is a broadcast. If you are relying on broadcast name resolution, you are wasting a LOT of time waiting before you can even being an initial connection. Here’s a quick test…
    C:\>nbtstat -r

    NetBIOS Names Resolution and Registration Statistics
    —————————————————-

    Resolved By Broadcast = 9
    Resolved By Name Server = 0

    Registered By Broadcast = 6
    Registered By Name Server = 0

    See the "Resolved By Broadcast" value? If it is more than two times the number of hours your computer has been connected, you have bad name resolution. Fix it! I hope this helps someone.

You might also enjoy:

  1. NetBIOS Name Resolution is Full of WIN(S)
  2. Let me out! Configuring outbound access rules in TMG 2010

Tagged as: best practices, networking

Leave a Comment

Previous post:

Next post: