7.1.4 Windows Name Resolution

Name resolution is the function of resolving a name to one or more IP addresses. Name resolution in Windows can resolve DNS fully qualified domain names (FQDNs) and single label names. Single label names can be resolved as both a DNS name and a NetBIOS name. For a single label name to be resolved by DNS it has to be converted to an FQDN by appending suffixes to the single label (for instance, "example" is converted to "example.contoso.com").

Windows supports the following name resolution processes:

DNS: DNS, defined in [RFC1034] and [RFC1035], is a distributed system of name resolvers. DNS names are FQDNs such as www.contoso.com. The result of a DNS query can return a list of IPv4 and IPv6 addresses.

NetBIOS name resolution: NetBIOS name resolution (see [RFC1001] and [RFC1002]), resolves a NetBIOS name to one or more IPv4 address. A NetBIOS name is a 16-byte string (as specified in [MS-NBTE] section 2.2). An example of a process that uses a NetBIOS name is the File and Printer Sharing for Microsoft Networks service on a computer running Windows. When a Windows computer starts up, this File and Printer service registers a unique NetBIOS name from the name of the computer. The exact NetBIOS name used by the service is the Windows computer name padded out to 15 bytes plus a 16th byte of 0x20 representing that the name is related to the File and Printer service.

A common NetBIOS name resolution is from the name of a Windows domain to a list of IP addresses for domain controllers (DCs). The NetBIOS name for a Windows domain is formed by padding the domain name to 15 bytes with blanks, and appending the byte 0x01 representing the DC service. Windows Internet Name Service (WINS) is the Microsoft implementation of NetBIOS Name Server (NBNS), a name server for NetBIOS names. Refer to the Windows Internet Naming Service (WINS) Replication and Autodiscovery Protocol, specified in [MS-WINSRA], for details about WINS replication and Autodiscovery.

Link-Local Multicast Name Resolution (LLMNR): Link-Local Multicast Name Resolution (LLMNR), specified in [RFC4795], enables name resolution in scenarios in which conventional DNS name resolution is not possible on the local link. The LLMNR Profile, defined in [MS-LLMNRP] differs from this standard in that [RFC4795] requires TCP ([RFC793]) and EDNSO ([RFC2671]) support, which are both optional in the Windows profile specified in [MS-LLMNRP].

Peer Name Resolution: The Peer Name Resolution Protocol (PNRP), defined in [MS-PNRP], resolves peer names to a set of information, such as IPv6 addresses. PNRP offers significant advantages over DNS, mainly by being distributive, which means that it is essentially serverless (except for early boot strapping), can scale to potentially millions of names, and is fault tolerant and bottleneck-free. Because it includes secure name publication services, changes to name records can be performed from any system. DNS generally requires contacting the DNS server administrator to perform updates. PNRP name updates also occur in real time, making it appropriate for highly mobile devices, whereas DNS caches results. Finally, PNRP allows for naming more than just computers and services by allowing extended information to be published with the name records.

Server Network Information Discovery: The Server Network Information Discovery Protocol, specified in [MS-SNID], defines a pair of request and response messages by which a protocol client can locate protocol servers within the broadcast/multicast scope and get network information (such as NetBIOS name, Internet Protocol version 4 (IPv4), and Internet Protocol version 6 (IPv6) addresses) of the servers.

Show: