Export (0) Print
Expand All

TCP/IP Fundamentals for Microsoft Windows

Published: April 21, 2005 | Updated: April 18, 2006

Abstract

This chapter describes the various mechanisms that Microsoft® Windows®-based computers use to resolve host names, such as www.example.com, to their corresponding IP addresses. Network administrators must understand host name resolution in Windows to troubleshoot issues with host name resolution and to prepare for the complexities of Domain Name System (DNS).

On This Page

Chapter ObjectivesChapter Objectives
TCP/IP Naming SchemesTCP/IP Naming Schemes
Host Name Resolution ProcessHost Name Resolution Process
The Hosts FileThe Hosts File
The DNS Client Resolver CacheThe DNS Client Resolver Cache
Chapter SummaryChapter Summary
Chapter GlossaryChapter Glossary

Chapter Objectives

After completing this chapter, you will be able to:

  • Define a host name.

  • Explain how a host name is resolved to an IP address using the Hosts file and the Windows DNS client resolver cache.

  • Explain how a host name is resolved to an IP address using a DNS server.

  • Explain how a host name is resolved to an IP address using additional Windows-specific methods.

  • Describe how to modify the Hosts file so that host names are resolved to both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) addresses.

  • Describe the characteristics of the DNS client resolver cache and how to display and flush the cache with the Ipconfig tool.

TCP/IP Naming Schemes

Before communication can take place, each interface on each TCP/IP node must be assigned a unicast IP address. A TCP/IP host and its interfaces can also be assigned names. However, the naming scheme affects the way that a host or interface is referenced in applications. For example:

  • When using a Windows Sockets application, a user specifies either an IP address or a host name (also known as a domain name). If the user specifies a host name, TCP/IP for Windows XP and Windows Server™ 2003 attempts to resolve the name to an IP (IPv4 or IPv6) address. If the user specifies an IP address, name resolution is not necessary.

  • When using a network basic input/output system (NetBIOS) application, a user specifies a computer name, which the application converts into a 16-character NetBIOS name. TCP/IP for Windows XP and Windows Server 2003 attempts to resolve the NetBIOS name to an IPv4 address.

With NetBIOS applications, users must always specify the NetBIOS name and not the IPv4 address. Windows Sockets applications allow users to specify the destination host by its host name or IP address.

Host Names Defined

A host name is an alias assigned to identify a TCP/IP host or its interfaces. Host names are used in all TCP/IP environments. The following describes the attributes of a host name:

  • The host name does not have to match the NetBIOS computer name, and a host name can contain as many as 255 characters.

  • Multiple host names can be assigned to the same host.

  • Host names are easier to remember than IP addresses.

  • A user can specify host name instead of an IP address when using Windows Sockets applications, such as the Ping tool or Internet Explorer.

  • A host name should correspond to an IP address mapping that is stored either in the local Hosts file or in a database on a DNS server. TCP/IP for Windows XP and Windows Server 2003 also use NetBIOS name resolution methods for host names.

  • The Hostname tool displays the computer name of your Windows–based computer, as configured from the Computer Name tab of the System item of Control Panel.

Host Name Resolution Process

Host name resolution is the process of resolving a host name to an IP address before the source host sends the initial IP packet. Table 7-1 lists the standard methods of host name resolution for TCP/IP for Windows XP and Windows Server 2003.

Resolution Method

Description

Local host name

The configured host name for the computer as displayed in the output of the Hostname tool. This name is compared to the destination host name.

Hosts file

A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX \etc\hosts file. This file maps host names to IP addresses. For TCP/IP for Windows XP and Windows Server 2003, the contents of the Hosts file are loaded into the DNS client resolver cache. For more information, see "The DNS Client Resolver Cache" in this chapter.

DNS server

A server that maintains a database of IP address-to-host name mappings and has the ability to query other DNS servers for mappings that it does not contain.

Table 7-1  Standard Methods of Host Name Resolution

Table 7-2 lists the additional methods used by TCP/IP for Windows XP and Windows Server 2003 to resolve host names.

Resolution Method

Description

DNS client resolver cache

A random access memory (RAM)-based table of the entries listed in the local Hosts file and the names that were attempted for resolution by using a DNS server.

NetBIOS name cache

A RAM-based table of recently resolved NetBIOS names and their associated IPv4 addresses.

NetBIOS name server (NBNS)

A server that resolves NetBIOS names to IPv4 addresses, as specified by Requests for Comments (RFCs) 1001 and 1002. The Microsoft implementation of an NBNS is a Windows Internet Name Service (WINS) server.

Local broadcast

Up to three NetBIOS Name Query Request messages are broadcast on the local subnet to resolve the IPv4 address of a specified NetBIOS name.

Lmhosts file

A local text file that maps NetBIOS names to IPv4 addresses for NetBIOS processes running on computers located on remote subnets.

Table 7-2  Windows-Specific Methods of Host Name Resolution

Resolving Names with a Hosts File

TCP/IP for Windows XP and Windows Server 2003 does not search the Hosts file directly when performing name resolution. Rather, the entries in the Hosts file are automatically loaded into the DNS client resolver cache. Therefore, the process of resolving a host name with the Hosts file for a Windows-based computer is the following:

  1. Host name resolution begins when a user uses a Windows Sockets application and specifies the host name assigned to the destination host. Windows checks whether the host name matches the local host name.

    If the host name is the same as the local host name, the host name is resolved to an IP address that is assigned to the local host, and the name resolution process stops.

  2. If the host name is not the same as the local host name, Windows searches the DNS client resolver cache for an entry containing the host name.

    If Windows does not find the host name in the DNS client resolver cache and no other name resolution methods are configured or enabled (such as DNS or NetBIOS name resolution methods), the name resolution process stops, and an error condition is indicated to the Windows Sockets application, which then typically displays an error message to the user.

    If Windows finds the host name in the DNS client resolver cache, the host name is resolved to the IP address that corresponds to the entry in the cache.

  3. After the host name is resolved to a destination IP address, Windows forwards the packet to the next-hop IP address for the destination (either the destination or a neighboring router).

Unlike the Lmhosts file, which is used for remote NetBIOS-based hosts and IPv4 addresses only, the Hosts file maps host names of both neighboring and remote hosts to their IPv4 or IPv6 addresses.

Resolving Names with a DNS Server

DNS is a distributed, hierarchical naming system that is used on the Internet and in most intranets to resolve fully qualified domain names (FQDNs) to IP addresses. An example of an FQDN is www.microsoft.com. A DNS server typically maintains information about a portion of the DNS namespace, such as all the names ending with wcoast.example.com, and resolves DNS name queries for DNS client computers, either itself or by querying other DNS servers. Computers running Windows XP or Windows Server 2003 can act as DNS clients, and a computer running Windows Server 2003 can act as a DNS server to resolve names on behalf of a DNS client or other DNS servers.

If TCP/IP for Windows XP and Windows Server 2003 is configured with the IP address of a DNS server, the name resolution process is as follows:

  1. When a user uses a Windows Sockets application and specifies an FQDN for the destination host and the FQDN does not match the local host name or any entries in the DNS client resolver cache, the DNS client component of TCP/IP for Windows XP and Windows Server 2003 constructs and sends a DNS Name Query Request message to the DNS server.

  2. The DNS server determines whether a mapping for the name to an IP address is stored either locally or on another DNS server. Whether or not a mapping is found, the DNS server sends back a DNS Name Query Response message to the DNS client.

    If the DNS server does not respond to the request, the DNS client sends additional DNS Name Query Request messages. If the DNS server does not respond to any of the attempts, no other DNS servers are configured, and NetBIOS over TCP/IP is not enabled, an error condition is indicated to the Windows Sockets application, which then typically displays an error message to the user.

  3. After the FQDN is resolved to a destination IP address, Windows forwards the packet to the next-hop IP address for the destination (either the destination or a neighboring router).

Windows Methods of Resolving Host Names

If NetBIOS over TCP/IP is enabled, Windows by default attempts to resolve host names using NetBIOS methods when standard methods fail. NetBIOS name resolution methods include the NetBIOS name cache, configured WINS servers, NetBIOS broadcasts, and the Lmhosts file. For more information about NetBIOS over TCP/IP name resolution, see Chapter 11, "NetBIOS over TCP/IP."

When an application uses Windows Sockets and either the application or a user specifies a host name, TCP/IP for Windows XP and Windows Server 2003 attempts to resolve the name in the following order when NetBIOS over TCP/IP is enabled:

  1. Windows checks whether the host name is the same as the local host name.

  2. If the host name and local host name are not the same, Windows searches the DNS client resolver cache.

  3. If the host name cannot be resolved using the DNS client resolver cache, Windows sends DNS Name Query Request messages to its configured DNS servers.

  4. If the host name is a single-label name (such as server1) and cannot be resolved using the configured DNS servers, Windows converts the host name to a NetBIOS name and checks its local NetBIOS name cache.

    Windows creates the 16-byte NetBIOS name by converting the host name, which must be less than 16 bytes long, to uppercase and padding it with space characters if needed to create the first 15 bytes of the NetBIOS name. Then, Windows adds 0x00 as the last byte. Every Windows-based computer running the Workstation service registers its computer name with a 0x00 as the last byte. Therefore, the NetBIOS form of the host name will typically resolve to the IPv4 address of the computer that has a NetBIOS computer name that matches the host name.

    If the host name is 16 characters or longer or an FQDN, Windows does not convert it to a NetBIOS name or try to resolve the host name using NetBIOS techniques.

  5. If Windows cannot find the NetBIOS name in the NetBIOS name cache, Windows contacts its configured WINS servers.

  6. If Windows cannot resolve the NetBIOS name by querying its configured WINS servers, Windows broadcasts as many as three NetBIOS Name Query Request messages on the directly attached subnet.

  7. If there is no reply to the NetBIOS Name Query Request messages, Windows searches the local Lmhosts file.

The name resolution process stops when Windows finds the first IP address for the name. If Windows cannot resolve the host name using any of these methods, name resolution fails, and the only way to communicate with the destination host is to specify either its IP address or another name associated with the host that Windows can resolve to an IP address.

Figure 7-1 shows all the methods used by TCP/IP for Windows XP and Windows Server 2003 for resolving host names.

Figure 7-1  TCP/IP for Windows XP and Windows Server 2003 methods for resolving host names

Figure 7-1  TCP/IP for Windows XP and Windows Server 2003 methods for resolving host names
See full-sized image

The Hosts File

The Hosts file is a common way to resolve a host name to an IP address through a locally stored text file that contains IP-address-to-host-name mappings. On most UNIX-based computers, this file is /etc/hosts. On Windows-based computers, this file is the Hosts file in the systemroot\System32\Drivers\Etc folder.

The following describes the attributes of the Hosts file for Windows:

  • A single entry consists of an IP (IPv4 or IPv6) address and one or more host names.

  • The Hosts file is dynamically loaded into the DNS client resolver cache, which Windows Sockets applications use to resolve a host name to an IP address on both local and remote subnets.

  • When you create entries in the Hosts file and save it, its contents are automatically loaded into the DNS client resolver cache.

  • The Hosts file contains a default entry for the host name localhost.

  • The Hosts file can be edited with any text editor.

  • Each host name is limited to 255 characters.

  • Entries in the Hosts file for Windows–based computers are not case sensitive.

The advantage of using a Hosts file is that users can customize it for themselves. Each user can create whatever entries they want, including easy-to-remember nicknames for frequently accessed resources. However, the individual maintenance required for the Hosts file does not scale well to storing large numbers of FQDN mappings or reflecting changes to IP addresses for servers and network resources. The solution for the large-scale storage and maintenance of FQDN mappings is DNS. The solution for the maintenance of FQDN mappings for changing IP addresses is DNS dynamic update. For more information about DNS and DNS dynamic update, see Chapter 8, "Domain Name System Overview."

An entry in the Hosts file has the following format:

Address          Name

The Address portion of the entry is either an IPv4 or IPv6 unicast address. The Names portion of the entry is one or more names (nicknames or FQDNs) separated by at least one space character. One or multiple space or tab characters must separate the address from the first name.

IPv4 Entries

For IPv4 entries, the address in the Hosts file entry is a unicast IPv4 address expressed in dotted decimal notation. For example, the following Hosts file contains IPv4 entries:

# 
# Table of IP addresses and host names 
# 
127.0.0.1        localhost 
131.107.34.1     router 
172.30.45.121    server1.central.example.com s1

In this example, you can refer to the server at the IPv4 address 172.30.45.121 by its FQDN (server1.central.example.com) or by its nickname (s1). This example assumes that the IP address for the server named server1.central.example.com will not change over time. For example, either server1.central.example.com is manually configured with an IP address configuration or it uses a Dynamic Host Configuration Protocol (DHCP) client reservation.

IPv6 Entries

For IPv6 entries, the address in the Hosts file entry is a global or site-local IPv6 address expressed in colon hexadecimal notation. For example, the following Hosts file contains both IPv4 and IPv6 entries:

# 
# Table of IP addresses and host names 
# 
127.0.0.1                       localhost 
131.107.34.1                    router 
172.30.45.121                   server1.central.example.com s1 
fec0::fa3:2aa:ff:fe9f:2a40      webv6.central.example.com w1 
2001:db8::10:2aa:ff:fe21:5a88  tsrvv6.wcoast.example.com ts1

You should not place entries for link-local addresses in the Hosts file because you cannot specify the zone ID for those addresses. This concept is similar to using the Ping tool to ping a link-local destination without specifying the zone ID. Therefore, entries in the Hosts file are useful only for global or site-local IPv6 addresses. The example entry for the site-local address fec0::fa3:2aa:ff:fe9f:2a40 assumes that only a single site is being used. For more information about IPv6 addresses and the use of the zone ID, see Chapter 3, “IP Addressing.”

The DNS Client Resolver Cache

The DNS client resolver cache is a RAM-based table that contains both the entries in the Hosts file and the host names that Windows has tried to resolve through DNS. The DNS client resolver cache stores entries for both successful and unsuccessful DNS name resolutions. A name that was queried but was not successfully resolved is known as a negative cache entry.  

The following list describes the attributes of the DNS client resolver cache:

  • It is built dynamically from the Hosts file and from DNS queries.  

  • Entries obtained from DNS queries are kept only for a period of time known as the Time to Live (TTL), which is set by the DNS server that has the name-to-IP address mapping stored in a local database.

  • Entries obtained from the Hosts file do not have a TTL and are kept until the entry is removed from the Hosts file.

  • You can use the ipconfig /displaydns command to view the contents of the DNS client resolver cache.

  • You can use the ipconfig /flushdns command to flush and refresh the DNS client resolver cache with just the entries in the Hosts file.

The following is an example display of the ipconfig /displaydns command:

C:\>ipconfig /displaydns 
  
Windows IP Configuration 
  
   localhost. 
   ------------------------------------------------------ 
     Record Name . . . . . : localhost 
     Record Type . . . . . : 1 
     Time To Live  . . . . : 31165698 
     Data Length . . . . . : 4 
     Section . . . . . . . : Answer 
     A (Host) Record . . . : 
                       127.0.0.1 
  
  
   dc7.corp.example.com. 
   ------------------------------------------------------ 
     Record Name . . . . . : dc7.corp.example.com 
     Record Type . . . . . : 1 
     Time To Live  . . . . : 852 
     Data Length . . . . . : 4 
     Section . . . . . . . : Answer 
     A (Host) Record . . . : 
                       157.60.23.170 
  
  
   1.0.0.127.in-addr.arpa. 
   ------------------------------------------------------ 
     Record Name . . . . . : 1.0.0.127.in-addr.arpa 
     Record Type . . . . . : 12 
     Time To Live  . . . . : 31165698 
     Data Length . . . . . : 4 
     Section . . . . . . . : Answer 
     PTR Record  . . . . . : 
                       localhost 
  
  
   mailsrv15.corp.example.com. 
   ------------------------------------------------------ 
     Record Name . . . . . : mailsrv15.corp.example.com 
     Record Type . . . . . : 1 
     Time To Live  . . . . : 2344 
     Data Length . . . . . : 4 
     Section . . . . . . . : Answer 
     A (Host) Record . . . : 
                       157.54.16.83

Chapter Summary

The chapter includes the following pieces of key information:

  • Window Sockets applications use host names or IP addresses when specifying a destination. Host names must be resolved to an IP address before communication with the destination can begin.

  • The standard methods of host name resolution include checking the local host name, checking the local Hosts file, and querying DNS servers. Windows-based hosts also check the DNS client resolver cache, which contains the entries in the Hosts file.

  • Windows-based hosts on which NetBIOS over TCP/IP is enabled also use NetBIOS methods to attempt to resolve a host name to an IPv4 address.

  • The Hosts file on a Windows-based computer is stored in the systemroot\System32\Drivers\Etc folder and can include entries that map IPv4 or IPv6 addresses to host names.

  • The Hosts file is dynamically loaded into the RAM-based DNS client resolver cache, which also contains the results of recent DNS name queries.

Chapter Glossary

DNS – See Domain Name System (DNS).

DNS client resolver cache – A RAM-based table that contains both the entries in the Hosts file and the results of recent DNS name queries.

DNS server – A server that maintains a database of mappings of DNS domain names to various types of data, such as IP addresses.

Domain Name System (DNS) – A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the specification of computers and services by user-friendly names, and it also enables the discovery of other information stored in the database.

Host name – The name of a computer or device on a network. Users specify computers on the network by their host names. To find another computer, its host name must either appear in the Hosts file or be known by a DNS server. For most Windows-based computers, the host name and the computer name are the same.

Host name resolution – The process of resolving a host name to a destination IP address.

Hosts file – A local text file in the same format as the 4.3 BSD UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the systemroot\System32\Drivers\Etc folder.

Lmhosts file – A local text file that maps NetBIOS names to IP addresses for hosts that are located on remote subnets. For Windows-based computers, this file is stored in the systemroot\System32\Drivers\Etc folder.

negative cache entries – Host names added into the DNS client resolver cache that were queried but that could not be resolved.

NBNS – See NetBIOS name server (NBNS).

NetBIOS name - A 16-byte name of a process using NetBIOS.

NetBIOS name cache – A dynamically maintained table that resides on a NetBIOS-enabled host and that stores recently resolved NetBIOS names and their associated IPv4 addresses.

NetBIOS name resolution – The process of resolving a NetBIOS name to an IPv4 address.

NetBIOS name server (NBNS) – A server that stores NetBIOS name to IPv4 address mappings and resolves NetBIOS names for NetBIOS-enabled hosts. WINS is the Microsoft implementation of a NetBIOS name server.

Windows Internet Name Service (WINS) – The Microsoft implementation of a NetBIOS name server.

WINS – See Windows Internet Name Service (WINS).


Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft