Configuring IP Addressing and Name Resolution

Article
09/11/2009

Address assignment and name resolution are two complex and often-misunderstood areas of IP functionality. You can configure Microsoft Windows XP Professional TCP/IP to automatically obtain an IP address for your computer each time that one is needed, or you can manually specify an IP address. Additionally, you can use one of several methods to identify your Windows XP Professional–based computer by name rather than IP address.

For information on how to obtain the Windows XP Professional Resource Kit in its entirety, please see https://www.microsoft.com/mspress/books/6795.asp.

Bb457118.3squares(en-us,TechNet.10).gif

For more information about installing and configuring a DHCP server, see “Dynamic Host Configuration Protocol” in the TCP/IP Core Networking Guide of the Microsoft Windows 2000 Server Resource Kit.
For more information about deploying TCP/IP network services, see the Deploying Network Services book of the Microsoft Windows Server™ 2003 Deployment Kit.
For more information about address translation, see “Unicast IP Routing” in the Internetworking Guide of the Microsoft Windows 2000 Server Resource Kit.
For more information about DNS, see “DNS” in the TCP/IP Core Networking Guide.

Overview of Addressing and Name Resolution

In Windows XP Professional TCP/IP, 32-bit addresses are used to identify each node in the network. This means that every interface on every device has its own address. There are two types of authorized addresses: public authorized addresses and private authorized addresses. Unauthorized addresses can also be used. Four different methods can be used to assign IP addresses. Additionally, several methods exist for resolving device names to IP addresses.

Types of IP Addresses

To communicate on a private network or the Internet, each computer on a TCP/IP network must be identified by a unique 32-bit IP address. Public IP addresses and authorized private IP addresses on the Internet are assigned and managed by the Internet Assigned Numbers Authority (IANA). It is also possible, although not always advisable, to assign an unauthorized private address (that is, an address of your own choosing.)

Public IP Addresses

For a computer to be visible on the Internet, it must be reachable through a public IP address. The IANA assigns ranges of public IP addresses to organizations that can then assign IP addresses within those ranges to individual computers. This prevents multiple computers from having the same IP address.

The public IP address for your Windows XP Professional–based computer can be assigned through a Dynamic Host Configuration Protocol (DHCP) server available in your enterprise network, configured manually, or provided by an Internet service provider (ISP) through a dial-up connection.

Authorized Private IP Addresses

The IANA has reserved a certain number of IP addresses that are never used on the global Internet. These private IP addresses are used for networks that do not want to directly connect to the Internet but nevertheless require IP connectivity. For example, a user wanting to connect multiple Windows XP Professional–based computers in a home network can use the Automatic Private IP Addressing (APIPA) feature to allow each computer to automatically assign itself a private IP address. The user does not need to configure an IP address for each computer, nor is a DHCP server needed. For more information about APIPA, see “Types of IP Address Assignment” later in this chapter.

Computers on a network using authorized private IP addressing can connect to the Internet through the use of another computer with either proxy or network address translator (NAT) capabilities. Windows XP Professional includes the Internet Connection Sharing (ICS) feature that provides NAT services to clients in a private network. For more information about Internet Connection Sharing, see Chapter 25, “Connecting Remote Offices.”

Unauthorized Private IP Addresses

It is possible, when there is an absolute certainty that your network will never access the Internet, to assign to a node a 32-bit unauthorized private IP address of your choosing. Keep in mind that if any Internet connectivity is ever established with any node on your network, these unauthorized private IP addresses could generate significant problems that would require you to immediately change the IP address of every node that you had assigned in this manner.

Types of IP Address Assignment

Windows XP Professional provides four methods for assigning IP addresses to TCP/IP clients:

Dynamic Host Configuration Protocol (DHCP).

Provides automatic configuration of IP addresses and other configuration options (autoconfiguration) for clients in a network with one or more DHCP servers. This is the default addressing method in Windows XP Professional.
Automatic Private IP Addressing (APIPA).

Automatically assigns a private IP address to clients in a single-subnet environment where no DHCP server is available. When communicating within their own subnet, computers using APIPA addresses can communicate only with other computers using APIPA addresses. For more information about APIPA, see “Enabling IP Address Assignment” later in this chapter.
Static IP Addressing.

Allows you to manually configure the IP address if DHCP and APIPA are not available or are not feasible. This method can be time-consuming and prone to error, especially on larger networks.
Alternate IP Configuration.

Allows a single interface to make use of more than one IP address as long as only one is used at a time. New in Windows XP Professional, Alternate IP Configuration allows the user to configure a Windows XP Professional–based computer to use one address (either a specified static address or an automatically configured one) and then if that attempt is not successful, to make another preconfigured attempt.

For more information about choosing a method for IP address assignment that best meets the needs of your environment, see “Choosing an IP Address Assignment Method” later in this chapter.

Types of TCP/IP Name Resolution

In general, users prefer to use computer names instead of IP addresses. In Windows XP Professional, TCP/IP allows a computer to communicate over a network with another computer by using a host name or a NetBIOS name in place of an IP address. The mechanisms for name resolution that Microsoft Windows supports include:

Domain Name System (DNS).

A global, distributed database based on a hierarchical naming system. The hierarchical naming structure of DNS complements the hierarchical planning structure implemented in the Active Directory directory service, and is used as its naming service. DNS name resolution is used on the Internet to map friendly names to IP addresses, and vice versa. In Microsoft Windows 2000, Microsoft Windows Server™ 2003, and Microsoft Windows XP environments, DNS is the default name resolution method.
NetBIOS over TCP/IP (NetBT).

Provides name resolution and connection services for clients using Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Windows Me) operating systems, applications, and services. Microsoft Windows 2000 Server and Windows Server 2003 include a NetBIOS name server known as the Windows Internet Name Service (WINS). NetBIOS over TCP/IP (NetBT) name resolution can take the form of any of four standard name-resolution node types defined in RFCs 1001 and 1002, as well as a fifth node type unique to the Windows implementation of IP name resolution. For more information about these node types, see “Configuring NetBIOS Name Resolution” later in this chapter.

When one computer attempts to communicate with another computer using one of these mechanisms for name resolution, the device name must be resolved to an IP address and ultimately to a hardware address.

Enabling IP Address Assignment

Windows XP Professional provides three methods for assignment of IP addresses to TCP/IP clients, as well as an additional technique that allows more than one IP address to be assigned per interface:

DHCP
APIPA
Static IP Addressing
Alternate IP Configuration

Choosing an IP Address Assignment Method

You can choose one of three methods for the assigning of an IP address to an interface. In addition, there is a fourth technique that can add some flexibility to your decision-making process. Each of the three addressing schemes available in Windows XP Professional is designed to meet different connectivity needs.

Choosing DHCP

DHCP dynamic addressing allows the automatic assignment of a public address for a specified period of time. A configured DHCP server provides a database of available IP addresses. The server can also be set up to provide configuration options for DHCP clients, including addresses of DNS and WINS servers, gateway addresses, and other information. DHCP provides an efficient IP configuration option for larger networks, providing simplified client configuration and reuse of IP addresses.

At startup, each DHCP client requests configuration data from the server, allowing autoconfiguration of the IP address, subnet masking, and other options. The IP address is assigned to each client for an amount of time determined by the server, called a lease, which can be renewed periodically. Halfway through the lease duration, the DHCP client requests a lease renewal. If this attempt is not successful, the IP address is returned to the database and made available to other DHCP clients. For more information about the DHCP lease process, see “DHCP Lease Process” later in this chapter.

Choosing APIPA

Automatic Private IP Addressing (APIPA) is appropriate for simple networks that have only one subnet. With APIPA, if no DHCP server is available, the computer automatically assigns itself a private IP address. If a DHCP server later becomes available, the computer changes its IP address to one obtained from the DHCP server.

Using APIPA, a Windows XP Professional–based client assigns itself an IP address from a range reserved for authorized private class B network addresses (169.254.0.1 through 169.254.255.254), with a subnet mask of 255.255.0.0. A computer with an authorized private address cannot directly communicate with hosts outside its subnet, including Internet hosts. APIPA is most suitable for small, single-subnet networks, such as a home or small office. APIPA is enabled by default if no DHCP servers are available on the network.

Note APIPA assigns only an IP address and subnet mask; it does not assign a default gateway, nor does it assign the IP addresses of DNS or WINS servers. Use APIPA only on a single-subnet network that contains no routers. If your small office or home office network is connected to the Internet or a private intranet, do not use APIPA.

Choosing Static IP Addressing

Static addressing involves the manual assignment of a designated fixed address. If your network does not include a DHCP server and APIPA cannot be used, use manual IP addressing. You must configure the IP address and subnet mask to meet the client computer’s connectivity requirements.

Choosing Alternate IP Configuration

With alternate IP Configuration, you can configure an interface that has more than one address. If you need to connect to more than one network (presumably from different locations), you can configure a second address (either static or APIPA) for the same interface. Alternate IP Configuration will allow your Windows XP Professional–based computer to look for the first address and, if that address is not available, to look for the second.

Configuring DHCP

In an effort to make implementing the TCP/IP protocol more manageable, Microsoft worked with other industry leaders to create an Internet standard called Dynamic Host Configuration Protocol (DHCP) for the automatic allocation of TCP/IP configuration. DHCP is not a Microsoft standard, but a public Request for Comments standard, RFC 2131, that Microsoft has implemented.

By implementing a DHCP server within an enterprise, a network administrator is able to establish a range of valid IP addresses to be used by each subnet, as well as a series of options for configuring the subnet mask, the default gateway, and addresses for DNS and WINS servers. An individual IP address from the range, and the options associated with that range, are assigned dynamically to any DHCP client requesting an address. If DHCP is available company-wide, users can move from subnet to subnet and always have a valid IP address. DHCP permits the administrator to assign a lease time that defines how long an IP address configuration remains valid. A Microsoft Windows NT version 3.5 or later or a Windows 2000–based server running the DHCP service, or any computer or network device running RFC 2131–compliant software, can act as a DHCP server.

For more information about installing and configuring the DHCP service in Windows 2000, see “Dynamic Host Configuration Protocol” in the Networking Guide of the Microsoft Windows 2000 Server Resource Kit.

DHCP Lease Process

The first time that a Windows XP Professional–based client (with DHCP enabled) attempts to join a network, it automatically follows an initialization process to obtain a lease from a DHCP server. Figure 24-1 shows the lease process.

Figure 24-1 The DHCP lease process

The lease process involves the following steps:

The Windows XP Professional DHCP client requests an IP address by broadcasting a message (known as a DHCPDiscover message) to the local subnet.
The client is offered an address when a DHCP server responds with a DHCPOffer message containing an IP address, and associated configuration information, available for lease to the client.
The client selects the offered address and replies to the server with a DHCPRequest message.
The client is assigned the address, and the DHCP server sends an acknowledgment message (DHCPAck) approving the lease. Other DHCP option information, such as default gateway and DNS server addresses, might be included in the message.
After the client receives acknowledgment, it configures its TCP/IP properties using any DHCP option information in the DHCPAck message and completes the initialization of TCP/IP.

If no DHCP server responds to the client request, the Windows XP Professional–based client can proceed in one of two ways:

If APIPA is enabled, the client self-configures a unique IP address in the range 169.254.0.1 through 169.254.255.254. For more information about self-configuring IP addresses, see “Configuring APIPA” later in this chapter.
If APIPA has been disabled, the client network initialization fails. The client continues to re-send DHCPDiscover messages in the background until it receives a valid lease from a DHCP server. The client makes four attempts to obtain a lease, one every five minutes.

In rare cases, a DHCP server might return a negative acknowledgment (DHCPNack) to the client. This can happen if a client requests an invalid or duplicate address. If this occurs, the client must begin the entire lease process again.

Restarting a DHCP Client

When a Windows XP Professional–based client that had previously leased an IP address restarts, it broadcasts a DHCPRequest message containing a request for its previously assigned IP address. If the requested IP address is available, the DHCP server responds with an acknowledgment message, and the client joins the network.

If the client cannot use the IP address because it is in use by another client, or if the address is no longer valid because the client has been physically moved to a different subnet, the DHCP server responds with a negative acknowledgment (DHCPNack), causing the client to restart the lease process.

DHCP Lease Renewals

To ensure that addresses are not left assigned when they are no longer needed, the DHCP server places an administrator-defined time limit on the lease, known as a lease duration.

Halfway through the lease duration, the DHCP client requests a lease renewal, and the DHCP server extends the lease. If at any time a computer stops using its assigned IP address (for example, if a computer is moved to another network segment or is removed), the lease expires and the address becomes available for reassignment.

Configuring the Windows XP Professional DHCP Client

When TCP/IP is installed, Windows XP Professional automatically enables the option to obtain an IP address from a DHCP server. You can disable this option if you want to manually enter an IP address. For more information about disabling DHCP, see “Configuring an IP Address Manually” later in this chapter.

The IP configuration tool (Ipconfig.exe) allows users or administrators to examine the current IP address configuration assigned to the computer, the IP address lease time, and other useful data about the TCP/IP configuration.

Configuring APIPA

In Windows XP Professional, Automatic Private IP Addressing (APIPA) allows home users and small business users to create a functioning, single subnet TCP/IP network without the use of either static addressing or a DHCP server.

Manually configuring IP addresses can be tedious work in all but the very smallest networks and is prone to human error. Generally, autoconfiguration is a better choice. APIPA allows a Windows XP Professional client to assign itself an IP address in the following circumstances:

The client is configured to obtain a lease DHCP, but a DHCP server cannot be found, is unavailable, or is not used (for example, in a small office/home office network).
The client used DHCP to obtain a lease, but the client’s attempts to renew the lease through a DHCP server have failed.

In these cases, the Windows XP Professional client selects an IP address from the range of IANA-designated, private class B addresses (169.254.0.1 through 169.254.255.254) with the subnet mask 255.255.0.0. The client performs duplicate-address detection to ensure that the IP address that it has chosen is not already in use. If the address is in use, the client will select another IP address up to 10 times. After the client has selected an address that is verifiably not in use, it configures the interface with that address. In the background, the client continues to check for a DHCP server every five minutes. If a DHCP server is found, the APIPA autoconfiguration information is abandoned and the configuration offered by the DHCP server is used instead.

You can use the Ipconfig.exe command-line tool to determine whether APIPA is enabled.

To determine whether Automatic Private IP Addressing is currently enabled

At the command prompt, type:

ipconfig /all

The resulting text identifies your IP address and other information. Check the line that reads “Autoconfiguration Enabled.” If the text reads “YES” and the IP address is in the 169.254.0.1 through 169.254.255.254 range, Automatic Private IP Addressing is enabled.

You can disable automatic private IP addressing in one of two ways:

Manually configure TCP/IP. This method also disables DHCP. For information about manually configuring TCP/IP, see “Configuring an IP Address Manually” later in this chapter.
Disable automatic private IP addressing (but not DHCP) for a particular network interface by editing the registry.

Caution Do not edit the registry unless you have no alternative. The Registry Editor bypasses standard safeguards, allowing settings that can damage your system or even require you to reinstall Windows. If you must edit the registry, back it up first.

To disable APIPA for a particular network interface by editing the registry

You do this by adding the registry entry IPAutoconfigurationEnabled with a value of 0 (REG_DWORD data type) in the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ Parameters\Interfaces\interface-name
Use the Registry Editor Regedit.exe to add the above entry, and then restart the computer.

To disable APIPA for multiple adapters by editing the registry

Set the value of the IPAutoconfigurationEnabled entry to 0x0 (REG_DWORD data type) in the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Tcpip\ Parameters
Use the Registry Editor Regedit.exe to add the above entry, and then restart the computer.

Configuring an IP Address Manually

If you cannot use DHCP or APIPA for IP address and subnet assignment, the IP address for the Windows XP Professional–based client must be manually configured. The required values include the following:

The IP address for each network adapter installed on the computer.
The subnet mask corresponding to each network adapter’s local network.

To configure an IP address manually

In Control Panel, select Network and Internet Connections.
On the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area connection that you want to modify.
Select Properties.
On the General tab of the Properties sheet, select Internet Protocol (TCP/IP).
Click Properties.
On the General tab of the TCP/IP Properties sheet, select the Use the following IP address option.
Type the IP address, subnet mask, and default gateway for the selected adapter in the respective text boxes. The network administrator must provide these values for individual users, based on the IP addressing plan for your site.

The value in the IP Address text box identifies the IP address for this network adapter. The value in the Subnet Mask text box is used to identify the network ID for the selected network adapter.
Click OK to save the IP addressing information.
Click OK to save the connection properties.

Configuring Multiple IP Addresses on a Network Adapter

Multihoming involves the placement of more than one network adapter in a single computer. In addition, Windows XP Professional supports logical multihoming, by which multiple addresses are assigned on a single network adapter. This configuration is useful in an environment in which a single physical network is logically divided into subnets. For more information about multihoming, see “Configuring TCP/IP” on the companion CD.

To configure a multihomed system using a single network adapter

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area connection that you want to modify and then select Properties.
In the Local Area Connection Properties sheet, click the General tab. Select Internet Protocol (TCP/IP), and then click Properties.
In the Internet Protocol (TCP/IP) sheet, click the General tab. Select Use the following IP address. Add TCP/IP configuration information for the first IP address, and click Advanced.

Figure 24-2 shows the Advanced TCP/IP Settings dialog box.

Figure 24-2 Advanced TCP/IP Settings dialog box
In the Advanced TCP/IP Settings dialog box, under IP address, click Add to assign one or more additional IP addresses to the same interface.
In the TCP/IP Address box, enter an IP address and a subnet mask to assign an additional address to the same interface. Click Add. Repeat the process for each additional address that you want to assign to that interface.
In the Advanced TCP/IP Settings page, under Default Gateways, click Add to assign one or more additional default gateways to the same interface.
In the TCP/IP Gateway Address box, enter an IP address for an additional default gateway for the same interface. Use the check box to indicate whether the gateway’s metric is to be assigned automatically. If a metric is not to be assigned automatically, enter the metric. Upon completion, click Add. Repeat the process for each additional default gateway address that you want to assign to that interface.

Caution As a general recommendation, do not specify multiple default gateways.

Figure 24-3 shows the TCP/IP Gateway Address dialog box.

Figure 24-3 TCP/IP Gateway Address dialog box
Click OK three times so that all changes take effect.

Note A metric indicates the cost of the route (the number of hops to the destination). The TCP/IP Gateway Address dialog box allows you to indicate whether the default gateway is to have an automatically assigned or static metric. If it is to have a static metric, you can enter that metric in a text box. For more information about assigning a static metric, see “Configuring TCP/IP” on the companion CD.

For more information about the automatic determination of the default gateway address and about interface-based metrics, see “Configuring TCP/IP” on the companion CD.

Configuring an Alternate IP Address

Laptops and other mobile devices that participate on more than one network often use a static IP address at one location and a dynamically assigned IP address at another. For example, your computer might use dynamic addressing (DHCP) at the office but need to use a static IP address when at home to connect to a broadband ISP.

Windows XP Professional solves this problem by allowing the user to configure the computer to first try DHCP, and then, if the attempt fails, to try alternate static IP address settings.

To configure a dynamically assigned private IP alternate address

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections properties sheet, select Network Connections.
In Network Connections, right-click Local Area Connections and click Properties.
In the Local Area Connection Properties properties sheet, click the General tab. Select Internet Protocol (TCP/IP) and click Properties.
On the Alternate Configuration tab of the Internet Protocol Properties page, select Automatic private IP address to specify a dynamically assigned private address as your alternate IP address.
Click OK.

To configure a static IP alternate address

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click Local Area Connections and click Properties.
In the Local Area Connection Properties sheet, click the General tab. Select Internet Protocol (TCP/IP) and click Properties.
On the Alternate Configuration tab, select User configured for a static address as your alternate IP address.
Enter your alternate IP address, alternate subnet mask, and alternate default gateway.
Type the preferred and alternate DNS server address for this network.
Type the preferred and alternate WINS server address for this network.
Click OK.

Configuring TCP/IP Name Resolution

TCP/IP-based services use IP addresses to identify each other, but users and applications frequently require computer names for host identification. A name resolution mechanism must be available on a TCP/IP network to resolve names to IP addresses.

To resolve a name to an IP address, the Windows XP Professional resolver first submits the name query to DNS. If DNS name resolution fails, the resolver checks the length of the name. If it is longer than 15 bytes, resolution fails. If it is not, the resolver then checks to determine whether NetBIOS is running. If it is not running, resolution fails. If it is running, the resolver then tries NetBIOS name resolution. Figure 24-4 illustrates this process.

Windows XP Professional provides several types of name resolution, including DNS, WINS, Hosts and Lmhosts files, and broadcast. Generally, a Windows XP Professional–based computer uses a combination of name-resolution types, to be chosen by the user.

Figure 24-4 Overview of name resolution

Windows XP Professional supports DNS dynamic update. Dynamic update is a standard, specified in RFC 2136, that provides a means of dynamically updating host data in a DNS database. Updates can come from DNS clients and/or DHCP servers. For more information about dynamic update, see “Configuring Dynamic Update” later in this chapter.

Choosing a Name Resolution Method

Windows XP Professional provides four methods for resolving names to IP addresses:

Domain Name System (DNS), accomplished by querying DNS servers. This is for applications and services that require host-to-IP name resolution.
NetBIOS name resolution, accomplished by querying WINS servers. This is included for compatibility reasons for applications and services that require NetBIOS-to-IP name resolution, such as the browsing function of Microsoft Windows NT 4.0, Windows 98, and Windows 95.
IP Host and NetBIOS name resolution, accomplished through Hosts files and Lmhosts files, respectively. These provide host name-to-IP and NetBIOS name-to-IP name resolution through manually maintained local files.
NetBIOS name resolution, accomplished by means of b-node broadcasts. B-node broadcasts are used for name resolution within the local subnet.

For Windows XP Professional–based clients, you need to determine whether the client needs to be configured to use DNS, WINS, or a combination of the two. In general, DNS is needed under the following circumstances:

The client is a member of an Active Directory domain. Active Directory uses DNS as its locator service and is tightly integrated with it. A locator service assists clients in finding other hosts and services, using only the domain names.
The client accesses the Internet.
The client is on a network that uses DNS to resolve host names.

Windows XP Professional supports NetBIOS over TCP/IP for backward compatibility with earlier versions of Windows. If a WINS server is available within your network, configure your Windows XP Professional–based computer to use WINS if the client uses applications or services that require NetBIOS name resolution.

If a WINS server is not available, configure the Windows XP Professional client to use Lmhosts for NetBIOS name resolution. If this is not possible, NetBIOS name resolution is provided by broadcasts, which cannot be used to resolve host names that are outside the local subnet.

You also need to determine whether autoconfiguration is available at the DHCP server. If you use DHCP for autoconfiguration, a DHCP server can provide client configuration details (including subnet mask, DNS and WINS servers, and other options). If you do not use DHCP, you must manually configure these parameters.

Configuring DNS Settings

DNS is the default name resolution method for Windows XP Professional clients, and it is required for their integration into a Windows–based Active Directory domain. However, for the network to use this method of name resolution, DNS must be properly configured. Table 24-1 indicates where you can find information about the DNS settings that you need to configure.

Table 24-1 DNS Configuration Topics

To configure this DNS setting...	...refer to this section
Configure domain name	“Configuring DNS to Resolve Host Names and Domain Names”
Configure primary DNS suffix	“Configuring DNS to Resolve Host Names and Domain Names”
Configure connection-specific DNS suffix	“Configuring DNS to Resolve Host Names and Domain Names”
Specify addresses of available DNS servers	“Specifying DNS Servers”
Specify how DNS client should resolve host names	“Configuring DNS Query Settings”
Optimize local DNS cache	“DNS Caching, Network Prioritization, and Security”
Prevent DNS client from accepting nonqueried servers	“DNS Caching, Network Prioritization, and Security”
Configure dynamic update, if used	“Configuring Dynamic Update”

Configuring DNS to Resolve Host Names and Domain Names

DNS provides name-to-IP mapping by means of a distributed database. In general, each organization runs its own DNS servers and maintains the name mapping database records, or resource records, for its domain. When a name resolution request is made, a DNS server first checks its own records for the corresponding IP address. If it does not have the answer, it will query other DNS servers for the information.

A Windows XP Professional client configured for DNS name resolution can use one or more DNS servers for name-resolution services. This section describes the procedures for performing the following tasks:

Configuring DNS host name and domain names
Configuring DNS query settings
Specifying DNS servers
DNS caching, network prioritization, and security

Table 24-2 summarizes the differences between each kind of name used in TCP/IP in Windows 2000 and Windows XP Professional. By default, the host name, a period, and the primary DNS suffix are concatenated to create a fully qualified domain name (FQDN) for the computer.

Table 24-2 DNS and NetBIOS Names

Name Type	Description
NetBIOS name	A NetBIOS name is used to uniquely identify a NetBIOS service that is “listening” on the first IP address that is bound to an adapter. This unique NetBIOS name is resolved to the IP address of the server through broadcast, WINS, or the Lmhosts file. By default, it is the same as the host name and can be up to 15 characters long. The NetBIOS name is also known as a NetBIOS computer name. For example, a NetBIOS name might be client1.
Host name	The term host name can mean either the FQDN or the first label (or part) of an FQDN. In this chapter, host name refers to the first label of an FQDN. For example, the first label of the FQDN client1.reskit.com is client1. The host name is also often referred to as the Computer name (as opposed to Full computer name, which is used to represent the full DNS computer name).
Primary DNS suffix	Every Windows XP Professional and every Windows 2000 Server–based computer can be assigned a primary DNS suffix to be used in name resolution and name registration. The primary DNS suffix is specified on the Computer Name tab of the My Computer properties sheet. The primary DNS suffix is also known as the primary domain name and the domain name. For example, the FQDN client1.reskit.com has the primary DNS suffix reskit.com.
Connection-specific DNS suffix	The connection-specific DNS suffix is a DNS suffix that is assigned to an adapter. The connection-specific DNS suffix is also known as an adapter DNS suffix. For example, a connection-specific DNS suffix might be reskit.com.
Fully qualified domain name (FQDN)	The FQDN is a DNS name that uniquely identifies the computer on the network. By default, it is a concatenation of the host name, the primary DNS suffix, and a period. The fully qualified domain name is also known as the full computer name. For example, an FQDN might be client1.reskit.com.

DNS and NetBIOS Names

The DNS host name is taken from the computer name assigned to it during Windows XP Professional installation. The host name can be 63 bytes (or characters) long, and uses the character set specified in RFC 2181. The host name is used in combination with the primary domain name to form the fully qualified domain name (FQDN).

The NetBIOS computer name is used to identify the local computer for authentication by hosts and tools that use NetBIOS over TCP/IP (NetBT) for name resolution. NetBIOS names contain 15 bytes. In a new Windows XP Professional installation, the NetBIOS name is initially taken from the assigned DNS host name. If the DNS host name exceeds 15 bytes, the host name is shortened to form the NetBIOS computer name. For more information about NetBIOS names, see “Configuring NetBIOS Name Resolution” later in this chapter.

You can change the DNS host name after installation, by means of the Computer Name tab in the System dialog box. When you do this, the same change will be made to the NetBIOS computer name, to the degree that the new name is in accordance with NetBIOS naming rules.

To change the DNS host name

In Control Panel, select Performance and Maintenance.
In the Performance and Maintenance Connections sheet, select System.
In the System Properties sheet (as shown in Figure 24-5), select the Computer Name tab.

Figure 24-5 Computer Name tab
Click Change.
Type the new host name in the Computer name text box, and click OK.
When prompted, click Yes to restart the computer.

Note If you enter a name that includes characters other than a-z, A-Z, 0-9 and “-”, a warning message appears suggesting that you use only these characters.

In Windows 95, Windows 98, and Windows NT, NetBIOS is used to name the computer. If a Windows XP Professional–based computer has been migrated from an earlier version of Windows, its host name is taken from the preexisting NetBIOS-based computer name. In a network that contains hosts that are not running Windows XP Professional or Windows 2000 Professional, this might present problems, because some characters that are allowed in NetBIOS names are not supported as legal characters in DNS names.

Primary DNS suffix

The primary DNS suffix is the name of the DNS domain to which the host belongs. If a Windows XP Professional–based computer is a member of an Active Directory domain, its primary DNS domain name is set by default to the DNS name of its Active Directory domain. This information is provided during Windows XP Professional installation, during migration to Windows XP Professional, or when the computer joins an Active Directory domain.

If a computer is a member of a workgroup or a member of a Windows NT domain, a DNS suffix is not automatically indicated. In such a circumstance, you can manually specify the primary DNS suffix.

To set or change the primary DNS suffix

In Control Panel, select Performance and Maintenance Connections.
In the Performance and Maintenance sheet, select System.
In the System Properties sheet, select the Computer Name tab.
Click Change.
Click More.
In the Primary DNS suffix of this computer text box, type the primary DNS suffix and then click OK.

When a Windows XP Professional–based computer changes membership in an Active Directory domain, its DNS domain membership can be changed as well. To allow Windows XP Professional to automatically change the computer’s primary DNS domain name when its Active Directory domain membership changes, make sure that the check box for Change DNS domain name when domain membership changes is selected. (It is selected by default.)

Connection-specific domain name

Windows XP Professional permits each adapter to have a unique domain name, known as the connection-specific domain name.

For example, suppose the computer Client1 has the primary DNS suffix reskit.com, and it is connected to both the Internet and the corporate intranet. For each connection, you can specify a connection-specific domain name. For the connection to the Internet, you specify the name isp01.com, and the FQDN is then Client1.isp01.com.

Connection-specific domain names for each adapter can be assigned dynamically by the DHCP server or can be specified manually.

To set or change the connection-specific DNS suffix

In Control Panel, under Pick a Category, select Network and Internet Connections.
On the Network and Internet Connections sheet, under Pick a Control Panel icon, select Network Connections.
In Network Connections, right-click the local area connection you want to modify and then select Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
Click Advanced.
Select the DNS tab.
In the DNS suffix for this connection text box, type the domain name for the connection. Then click OK.

You can also specify whether a dynamic update client registers the computer’s FQDN containing the connection-specific DNS suffix. For more information about this configuration, see “Configuring Dynamic Update” later in this chapter.

Fully qualified domain name

By default, the primary DNS suffix combines with the host name to create a fully qualified domain name (FQDN). During DNS queries, the primary DNS suffix, connection-specific suffix(es), and devolved primary DNS suffixes could be appended to a single-label name—for example, client1. In that form, the name could then be submitted for DNS name resolution. In this example, when querying the DNS server for the IP address of client1, the primary DNS suffix reskit.com is appended to the shorter name client1, and the DNS server is actually asked to resolve the FQDN client1.reskit.com.

Note If an entry is specified in the Search these DNS domains (in order) box on the DNS tab of the Advanced TCP/IP Settings dialog box, that entry is used instead of the DNS suffixes to create an FQDN.

DNS Naming Restrictions

Different DNS implementations impose different character and length restrictions. Table 24-3 shows the restrictions for each implementation.

Table 24-3 Naming Restrictions

Restriction	Standard DNS (as included in Windows NT 4.0)	DNS in Windows XP Professional, Windows 2000, and Windows Server 2003	NetBIOS
Characters	Supports RFC 1123, which permits A-Z, a-z, 0-9, and the hyphen (-).	Supports RFC 2181, which permits more characters than RFC 1123. It is advisable, however, to use only the characters permitted by RFC 1123.	Unicode characters, numbers, white space, and these symbols: ! @ $ % ^ & ‘ ) ( . - _ { } ~
Computer/host name length	63 octets per label and 255 bytes for FQDN.	63 octets per label and 255 bytes for FQDN.	15 octets.

Characters

Supports RFC 1123, which permits A-Z, a-z, 0-9, and the hyphen (-).

Supports RFC 2181, which permits more characters than RFC 1123. It is
advisable, however, to use only the characters
permitted by RFC 1123.

Unicode characters, numbers, white space, and these symbols:

! @ $ % ^ & ‘ ) ( . - _ { } ~

Computer/host name length

63 octets per label and 255 bytes for FQDN.

15 octets.

According to RFC 1123, the only characters that can be used in DNS labels are A-Z, a-z, 0-9, and the hyphen (-). The period (.) character is also used in DNS names, but only between DNS labels and at the end of a FQDN. Many DNS servers, including Windows NT 4.0 DNS servers, follow RFC 1123.

Compliance with RFC 1123 can present a problem, however, on Windows XP Professional–based, Windows Server 2003–based, or Windows 2000–based computers that are upgraded from Windows NT 4.0. During the upgrade from Windows NT 4.0 to Windows 2000, Windows Server 2003, or Windows XP Professional, a computer’s host name (also known as Computer name) is set to the computer’s Windows NT 4.0 NetBIOS name. NetBIOS names can use characters that are illegal in DNS names according to RFC 1123, and it can be time-consuming to convert all the NetBIOS names to standard DNS names that are compliant with RFC 1123.

To simplify the migration process from Windows NT 4.0 and Windows 2000, DNS servers support a wider character set. RFC 2181, “Clarifications to the DNS Specification,” extends the character set allowed in DNS names. Based on this definition, the Windows 2000 and Windows Server 2003 DNS servers have been adjusted to accommodate UTF-8 character encoding, a larger character set. as described in RFC 2044. UTF-8 character encoding is a superset of ASCII and a translation of UCS-2 (also known as Unicode) character encoding. The UTF-8 character set includes characters from most of the world’s written languages, allowing a greater range of possible names.

Before using the extended character set, you must consider the following:

If a client name containing characters not in compliance with RFC 1123 is to be used, all DNS servers to which the client is to be registered must support RFC 2181. Avoid using UTF-8-compliant host names that contain characters other than those specified in RFC 1123 if your network includes any DNS servers that do not comply with this standard.
Some third-party resolver software supports only the characters listed in RFC 1123. Computers in your network using such software probably cannot look up clients with names that include nonstandard characters.

DNS Query Process

The DNS resolver attaches a domain name suffix to a name specified in a query if the name meets either of the following conditions:

The name is a single-label unqualified (that is, non-dot-terminated) name.
The name is a multiple-label unqualified (that is, non-dot-terminated) name and the resolver cannot resolve it as a fully qualified domain name.

The query process is shown in Figure 24-6 (part 1) and Figure 24-7 (part 2).

Figure 24-6 DNS name resolution, part 1

Figure 24-7 DNS name resolution, part 2

Adding Suffixes to Queries

You can use the DNS tab in the Advanced TCP/IP Settings dialog box to configure how suffixes are added to queries.

Figure 24-8 shows the DNS tab of the Advanced TCP/IP Settings dialog box.

Figure 24-8 Advanced TCP/IP Settings DNS tab

The option Append primary and connection specific DNS suffixes is selected by default. When enabled, it causes the resolver to append the primary DNS suffix to the name submitted for DNS name resolution, as defined on the Computer Name tab of the System Properties sheet, as well as the DNS suffix as defined in the DNS suffix for this connection field of each network connection.

For example, if your primary DNS suffix is dom1.acquired01-int.com, and this suffix is queried for the unqualified (non-dot-terminated) single-label name client1, the resolver queries for the following FQDN: client1.dom.acquried01-int.com.

If the query in the previous step fails, and if you have specified a connection-specific DNS suffix in the DNS suffix for this connection box or if the suffix is assigned by a DHCP server, the resolver appends that suffix.

For example, if you entered the name acquired01-ext.com in the DNS suffix for this connection box and then queried for the unqualified, single-label name client1, the resolver queries for the following FQDN: client1.acquired01-ext.com.

If the query in the previous step fails and if the Append parent suffixes of the primary DNS suffix option is selected (it is selected by default): the resolver performs name devolution on the primary DNS suffix. (That is, it strips off the leftmost label, and attempts to devolve the resulting domain name until only two labels remain.)

For example, if your primary DNS suffix is dom1.acquired01-int.com, and you selected the check box Append parent suffixes of the primary DNS suffix and then queried for the unqualified, single-label name client1, the resolver queries the following FQDN: client1.acquired01-int.com.

You can disable the name devolution option on the DNS tab of the Advanced TCP/IP Settings dialog box.

To disable name devolution

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area connection that you want to change and then select Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
Click Advanced, and then click the DNS tab.
Clear the check box Append parent suffixes of the primary DNS suffix.
Click OK.

The text box Append these DNS suffixes (in order) allows you to specify a list of domains to try, called a domain-suffix search list. If you enter a domain suffix search list, the resolver adds those domain name suffixes in order and does not try any other domain names. For example, if the Append these DNS suffixes (in order) box includes the names listed in Figure 24-8 and you enter the unqualified, single-label query “coffee,” the resolver looks for fully qualified domain names in this order:

coffee.redmond.reskit.com.
coffee.reskit.com.
coffee.com.

To add entries to the domain-suffix search list

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area connection that you want to change and then select Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
Click Advanced.
Click the DNS tab.
Select Append these DNS suffixes (in order).
Click Add.
To add a domain suffix to the list, type the domain suffix(es) that you want to include and click Add.

- or -

To remove a domain suffix from the list, select the domain suffix and then click Remove.
To change the domain suffix search order, select a suffix and then click the up-arrow or down-arrow button to move the suffix up or down the list.

Specifying DNS Servers

When a name is submitted to the DNS resolver (client) for name resolution, the Windows XP Professional resolver first checks the local cache. If the requested data is in the cache, the data is returned to the user. If the data is not in the cache, the resolver queries the DNS servers that are listed in the TCP/IP properties for each adapter.

The resolver can query through all the computer’s network connections, including remote access connections. In Windows NT 4.0, the resolver queries all servers through all adapters. In Windows 2000, Windows Server 2003, and Windows XP Professional, however, you can specify a list of DNS servers to query for each adapter.

Figures 24-9 (part 1), 24-10 (part 2), and 24-11 (part 3) illustrate the process by which the resolver queries the servers on each adapter.

Querying DNS Servers

Windows XP Professional allows multiple DNS servers to be specified. The first DNS server specified, known as the preferred DNS server, can be followed by an unlimited number of alternate DNS servers. The resolver queries the DNS servers in the following order:

The resolver sends the query to the first server on the preferred adapter’s search list and waits one second for a response.
If the resolver does not receive a response from the first server within the allotted time, it sends the query to the first DNS server on the search list of each adapter still under consideration. The resolver waits two seconds for a response.
If the resolver does not receive a response from any server within this allotted time, the resolver sends the query to all DNS servers on all adapters still under consideration and waits another two seconds for a response.
If the resolver still does not receive a response from any server within this time period, it sends the query to all DNS servers on all adapters still under consideration and waits four seconds for a response.
If, after these four seconds, the resolver does not receive a response from any server, it sends the query to all DNS servers on all adapters still under consideration and waits eight seconds for a response.
If the resolver receives a positive response within that time, it stops querying for the name, adds the response to the cache, and returns the response to the client.

Figures 24-9 Querying the DNS server, part 1

Figures 24-10 Querying the DNS server, part 2

If it has not received a response from any server within those eight seconds, the resolver responds with a time-out. Also, if it has not received a response from any server on a specified adapter’s search list, the resolver, for the next 30 seconds, responds to all queries destined for servers on that adapter’s search list with a time-out and does not query those servers.

If, at any point, the resolver receives a negative response from a server, it removes every server connected to that adapter from consideration during this search. For example, if in step 2, the first server on alternate adapter A gave a negative response, the resolver would not send the query to any other server on the list for alternate adapter A.

Figures 24-11 Querying the DNS server, part 3

The resolver also keeps track of which servers answer queries more quickly, and it might move servers up or down on the list based on how quickly they reply to queries.

If all DNS servers on an adapter are queried and none reply, either positively or negatively, all subsequent name queries to any server listed on that adapter will fail for a default period of 30 seconds. This feature decreases network traffic.

Figure 24-12 shows how the resolver queries each server on each adapter.

Figures 24-12 Name resolution for a multihomed client

To specify a preferred and alternate DNS server

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change and then click Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
On the General tab of the TCP/IP Properties sheet, select the method to be used to access the DNS servers for your network:
- If a DHCP server is available for automatic IP addressing and is configured to provide parameters for automatic DNS server configuration, select Obtain DNS server address automatically.
- If the IP addresses for the DNS servers are to be manually configured, select Use the following DNS server addresses option button. Type the IP addresses of the preferred and alternate DNS servers in the appropriate boxes.

To specify additional alternate DNS servers

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
On the General tab of the Network Connections Properties sheet, click Advanced.
Click the DNS tab.
Under DNS server addresses, in order of use, click Add.
Type the IP address of the DNS server that you want to add.
Click Add.

To remove an IP address from the list, select it and then click Remove.

The order of the IP addresses, and thus the search order, can be rearranged as needed to reflect changes in name server availability or performance, or to implement load balancing.

To set the DNS server search order

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
Right-click Local Area Connections, and click Properties.
On the General tab, in the Local Area Connection Properties dialog box, select Internet Protocol (TCP/IP), and click Properties.
On the General tab, in the Internet Protocol (TCP/IP) dialog box, click Advanced.
In the Advanced TCP/IP Settings dialog box, click the DNS tab.
In the DNS server addresses, in order of use box, select the IP address of the DNS server that you want to reposition.
Click the up-arrow or down-arrow button to reposition the selected IP address within the list of DNS servers, and click OK.

DNS Caching, Network Prioritization, and Security

The default settings of DNS might need to be changed to optimize the performance and security of the Windows XP Professional DNS client. You can make configuration changes to:

Configure caching and negative caching
Configure Subnet prioritization
Prevent the resolver from receiving responses from nonqueried servers

Configuring caching and negative caching

When the Windows XP Professional resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, thus creating a DNS resource record. The resolver always checks the cache before querying any DNS server, so if a DNS resource record is in the cache, the resolver uses the record from the cache rather than querying a server. This expedites queries and decreases network traffic for DNS queries.

You can use the Ipconfig tool to view and to flush the DNS resolver cache.

To view the DNS resolver cache

At the command prompt, type:

ipconfig /displaydns

Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records preloaded from the Hosts file as well as any recently queried names that were resolved by the system.

After a certain amount of time, specified in the Time to Live (TTL) associated with the DNS resource record, the resolver discards the record from the cache. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer.

To flush the cache manually by using Ipconfig

At the command prompt, type:

ipconfig /flushdns

The local Hosts file is preloaded into the resolver’s cache and reloaded into the cache whenever Hosts is updated.

The length of time for which a positive or negative response is cached depends on the values of entries in the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
DNSCache\ Parameters

The TTL for positive responses is the lesser of the following values:

The number of seconds specified in the query response the resolver received
The value of the registry entry MaxCacheEntryTtlLimit

The default TTL for positive responses is 86,400 seconds (1 day).

The TTL for negative responses is the number of seconds specified in the registry entry NegativeCacheTime.

The default TTL for negative responses is 300 seconds. If you do not want negative responses to be cached at all, set the value of NegativeCacheTime to 0.

Caution Do not edit the registry unless you have no alternative. The Registry Editor bypasses standard safeguards, allowing settings that can damage your system or even require you to reinstall Windows. If you must edit the registry, back it up first.

Configuring subnet prioritization

Each DNS database consists of resource records. In general, resource records contain information related to a particular host computer, such as its IP address, owner of the host, or the type of services it provides. Table 24-4 lists some of the common types of resource records.

Table 24-4 Common Types of Resource Records

Resource Record Type	Description	Explanation
SOA	Start of Authority	This record designates the start of a zone. It contains information such as the name of the zone, the e-mail address of the zone administrator, and settings that control how secondary DNS servers update the zone data files.
A	Address	This record lists the IP address of a particular host name. This is the key record for name resolution.
PTR	Pointer	This record designates a reverse mapping of a host IP address to a host DNS domain name.
CNAME	Canonical Name	This record specifies an alias or nickname for the standard (canonical) host name.
MX	Mail Exchanger	This record lists the host computer that is responsible for receiving e-mail sent to a domain.
NS	Name Server	This record specifies the name server responsible for a given zone.

If the resolver receives multiple IP address mappings (A resource records) from a DNS server, and some of the records have IP addresses from networks to which the computer is directly connected, the resolver places those resource records first. This reduces network traffic across subnets by forcing computers to connect to network resources that are closer to them.

For example, suppose there are three Web servers that all host the Web page for www.reskit.com and they are all located on different subnets. The DNS name server for the network contains the following resource records:

www.reskit.com.IN  A172.16.64.11 
www.reskit.com.IN  A172.17.64.22 
www.reskit.com.IN  A172.18.64.33

When a Windows XP Professional–based computer’s DNS resolver (client) receives a response to the query for the A record of www.reskit.com, it returns A records in order, starting with the IP addresses from subnets to which the computer is directly connected. For example, if a computer with the IP address 172.17.64.93 is queried for www.reskit.com, the resolver returns the resource records in the following order:

www.reskit.com.IN  A172.17.64.22 
www.reskit.com.IN  A172.16.64.11 
www.reskit.com.IN  A172.18.64.33

Subnet prioritization prevents the resolver from choosing the first IP address returned in the DNS query and using the DNS server’s round robin feature (defined in RFC 1794.) With round robin enabled, the server rotates the order of resource records returned when multiple A resource records exist for a queried DNS domain name. Thus, in the example described earlier, if a user queried for www.reskit.com, the name server replies to the first client request by ordering the addresses as follows:

172.16.64.11 
172.17.64.22 
172.18.64.33

It replies to the second client request by ordering the addresses as follows:

172.17.64.22 
172.18.64.33 
172.16.64.11

It replies to the third client request by ordering the addresses as follows:

172.18.64.33 
172.16.64.11 
172.17.64.22

With round robin enabled, if clients are configured to use the first IP address in the list that they receive, different clients will use different IP addresses, thus balancing the load among multiple network resources with the same name. However, if the resolvers are configured for subnet prioritization, the resolvers reorder the list to favor IP addresses from networks to which they are directly connected, reducing the effectiveness of the round robin feature.

Although subnet prioritization does reduce network traffic across subnets, in some cases you might prefer to have the round robin feature work as described in RFC 1794. If so, you can disable the subnet prioritization feature on your clients by adding the registry entry PrioritizeRecordData with a value of 0 (REG_DWORD data type) in the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
DnsCache\ Parameters

Preventing the resolver from accepting responses from nonqueried servers

By default, the resolver accepts responses from servers that it did not query, as well as from those it did. This presents a possible security liability, in that unauthorized DNS servers might pass along invalid A resource records for the purpose of misdirecting subsequent DNS queries. If you want to disable this feature, add the registry entry QueryIpMatching with a value of 1 (REG_DWORD data type) to the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
DnsCache\ Parameters

Configuring Dynamic Update

Windows XP Professional–based computers can dynamically update DNS entries in a manner compliant with RFC 2136. Dynamic update allows clients and servers to register DNS domain names (PTR resource records) and IP address mappings (A resource records) to an RFC 2136–compliant DNS server. This frees administrators from the time-consuming process of manually updating DNS entries.

Using Windows XP Professional, clients can send dynamic updates through three types of network connections: DHCP configured connections, statically configured connections, and remote access connections. By default, the DNS client on Windows XP Professional does not attempt dynamic update over a Remote Access or Virtual Private Network (VPN) connection. Regardless of which connection type is used, the DHCP client service sends dynamic updates to the authoritative DNS server. The DHCP client service runs on all computers regardless of whether they are configured as DHCP clients.

Configuring Dynamic Update for DHCP Clients

By default in Windows XP Professional, the DHCP client feature is configured to request that the client register the A resource record and that the DHCP server register the PTR resource record. By default, the name used in the DNS registration is a concatenation of the computer name and the primary DNS suffix. You can change this default by using the TCP/IP Properties sheet for your network connection.

To change the dynamic update defaults on the dynamic update client

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change and then click Properties.
Right-click the connection that you want to configure, and then click Properties.
Select Internet Protocol (TCP/IP), click Properties, click Advanced, and then select the DNS tab.
To configure the client to make no requests for DNS registration, cancel the selection of Register this connection’s address in DNS. Under this configuration, the client will not attempt to register any A or PTR DNS records corresponding to this connection.

- or -

To change the dynamic update default, select Use this connection’s DNS suffix in DNS registration.

If you choose to select Use this connection’s DNS suffix in DNS registration, the client requests that the server update the PTR record, using the name that is a concatenation of the computer name and the connection-specific DNS suffix. If the DHCP server is configured to register DNS records according to the client’s request, the client will then register the following:

The PTR record, using the name that is a concatenation of the computer name and the primary DNS suffix
The A record, using the name that is a concatenation of the computer name and the primary DNS suffix
The A record, using the name that is a concatenation of the computer name and the connection-specific DNS suffix

Statically Configured and Remote Access Clients

Statically configured clients and remote access clients do not communicate with the DHCP server.

Statically configured Windows XP Professional clients dynamically update their A and PTR resource records every time they start, just in case the records become corrupted in the DNS database.

Remote access clients dynamically update their A and PTR resource records when a dial-up connection is made. They also attempt to cancel the registration of the A and PTR resource records when the user terminates the connection. However, if a remote access client fails to cancel the registration of a resource record within four seconds, it terminates the connection and the DNS database contains a stale record. If the remote access client fails to de-register a resource record, it adds a message to the event log, which you can view by using the Event Viewer. The remote access client never deletes stale records.

Note By default, the DNS client on Windows XP Professional and Windows XP Home Edition do not attempt dynamic update over a Remote Access Server or Virtual Private Network connection.

Multihomed Clients

If a dynamic update client is multihomed (has more than one adapter and associated IP address), by default it registers DNS A record(s) containing the first IP address on each network connection. If you do not want the dynamic update client to register all of its IP addresses, you can configure it to not register A and PTR records containing the IP address(es) of one or more network connections. For more information about multihoming, see “Configuring TCP/IP” on the companion CD.

To prevent the computer from registering A and PTR records containing the IP address on a specific network connection

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change and then click Properties.
Select Internet Protocol (TCP/IP), click Properties, click Advanced, and then select the DNS tab.
Clear the Register this connection’s address in DNS check box.

The dynamic update client does not register all IP addresses with all DNS servers. For example, Figure 24-13 shows a multihomed computer, client1.noam.reskit.com, which is connected to both the Internet and the corporate intranet. Client1 is connected to the intranet by adapter A, a DHCP adapter with the IP address 172.16.8.7. Client1 is also connected to the Internet by adapter B, a remote access adapter with the IP address 131.107.0.16. Client1 resolves intranet names by using a name server on the intranet, NoamDC1, and resolves Internet names by using a name server on the Internet, ISPNameServer.

Figures 24-13 Dynamic update for multihomed clients

Note that although Client1 is connected to both networks, the IP address 172.16.8.7 is reachable only through adapter A, and the IP address 131.107.99.1 is reachable only through adapter B. Therefore, when the dynamic update client registers the IP addresses for Client1, it does not register both IP addresses with both name servers. Instead, it registers the name-to-IP address mapping for adapter A with NoamDC1 and the name-to-IP address mapping for adapter B with ISPNameServer.

Disabling Dynamic Update

Dynamic update is configured on Windows XPProfessional clients by default. Dynamic update can be disabled for all network interfaces on the computer by adding the registry entry DisableDynamicUpdate with a value of 1 (REG_DWORD data type) to the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ Parameters

To disable dynamic update for the network interface card with the device ID of interface, add the entry DisableDynamicUpdate with a value of 1 (REG_DWORD data type) to the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ Parameters\Interfaces\interface-name

If this entry exists in both the Interfaces subkey and the specific interface-name subkey, the more global of the two subkeys takes precedence.

Editing Hosts Files

For networks without access to a DNS name server, the creation of a local host table file, called a Hosts file, can provide host name resolution for applications and services. This file can also be used in an environment where name servers are available but not all hosts are registered. For example, a Hosts file can be used for a server that is not available for general use and is to be accessed only by a limited number of clients. This file must be manually created and updated as host names and addresses change.

TCP/IP in Windows XP Professional can be configured to search Hosts for mappings of remote host names to IP addresses. The Hosts file format is the same as the format for host tables in the 4.3 Berkeley Software Distribution (BSD) UNIX /etc/Hosts file. For example, the entry for a computer with an address of 192.176.73.6 and a host name of client1.reskit.com looks like this:

192.176.73.6      client1.reskit.com

The Hosts file can be created and modified with an ordinary text editor. An example of the Hosts format is provided in the file named Hosts in the Windows XP Professional systemroot\System32\Drivers\Etc directory. That Hosts file can be edited to include remote host names and IP addresses for each computer with which you communicate.

Configuring NetBIOS Name Resolution

Microsoft TCP/IP uses NetBIOS over TCP/IP (NetBT) as specified in RFCs 1001 and 1002, which define a software interface that supports name resolution for NetBIOS client and server programs in the LAN and WAN environments. Although DNS is the default name-resolution method for Windows XP Professional, NetBT is still provided to support NetBIOS methods of name resolution for clients running versions of Windows earlier than Windows 2000, and for Windows 2000 and later workgroups that do not implement Active Directory.

The following discussion describes the types of name-resolution methods that are available through NetBIOS over TCP/IP (including WINS) and contains procedures for configuring the different resolution methods.

NetBIOS Name-Resolution Basics

RFCs 1001 and 1002 define the following four node types:

B-node.

Uses broadcasts to resolve names.
P-node.

Uses point-to-point communications with a NetBIOS server (such as a WINS server) to resolve names.
M-node.

Uses broadcasts first (b-node), and then uses directed name queries (p-node) if broadcasts are not successful.
H-node.

Uses name queries first (p-node), and then uses broadcasts (b-node) if the name server is unavailable or if the name is not registered in the WINS database.

A fifth node type is unique to the Windows implementation of IP name resolution and is defined by Microsoft:

Microsoft-enhanced.

Uses the local Lmhosts file plus Windows Sockets gethostbyname( ) calls (using standard DNS and/or local Hosts files) in addition to standard node types.

Windows includes a NetBIOS name server known as the Windows Internet Name Service (WINS). If WINS is enabled on a Windows XP Professional–based computer, the system uses h-node by default. Without WINS, the system uses b-node by default. Non-WINS clients can access WINS through a WINS proxy, which is a WINS-enabled computer that listens to name query broadcasts and then queries the WINS server on behalf of the requesting client.

To see which node type is configured on a Windows XP Professional–based computer

At the command prompt, type:

ipconfig /all

The node type is indicated to the right of the heading Node type.

Using a name server to locate resources is generally preferable to broadcasting, for two reasons:

Broadcasts are not usually forwarded by routers. Therefore, only local subnet NetBIOS names can be resolved.
Broadcast frames are processed by all computers on a subnet.

Figures 24-14 (part 1) and 24-15 (part 2) illustrate the NetBIOS name-resolution methods used by Windows XP Professional.

Figures 24-14 NetBIOS name-resolution flowchart, part 1

Figures 24-15 NetBIOS name-resolution flowchart, part 2

Name Resolution Using WINS

Windows Internet Name Service (WINS) is a service that runs on Windows 2000 Server to provide NetBIOS name resolution. It provides a database for registering and querying dynamic NetBIOS name-to-IP address mappings in a routed network environment. You can use WINS either alone or in conjunction with DNS.

WINS reduces the use of local broadcasts for name resolution and allows users to locate computers on remote networks. Furthermore, when dynamic addressing through DHCP results in new IP addresses for computers that move between subnets, the changes are updated automatically in the WINS database. Neither the user nor the network administrator needs to make manual accommodations for name resolution.

WINS consists of two components: the WINS server, which handles name queries and registrations, and the client software (NetBIOS over TCP/IP), which queries for computer name resolution. The IP addresses of a WINS server need to be configured on your Windows XP Professional client to provide NetBIOS name resolution. In a network where dynamic update is not available, a WINS server can provide a DNS server configured for WINS lookup with dynamic updates of host names, provided that WINS is enabled at each client.

A WINS server is a Windows Server–based (that is, Windows NT Server version 3.5 or later) computer running the WINS server service. When TCP/IP is implemented under Windows XP Professional, WINS client software is installed automatically. WINS client support is configured with Windows XP Professional to maintain compatibility with computers not running Windows 2000 or Windows XP Professional operating systems, including clients and servers running versions of Windows earlier than Windows 2000.

If there are WINS servers installed on your network, you can use WINS in combination with broadcast name queries to resolve NetBIOS computer names to IP addresses. If you do not use this option, Windows XP Professional can use name query broadcasts (b-node mode of NetBIOS over TCP/IP) and the local Lmhosts file to resolve computer names to IP addresses. However, broadcast resolution is limited to the local network.

Additionally, a WINS server can be used in conjunction with a DNS server to provide dynamic registration of hosts in an environment without DNS update. When configured to use WINS lookup, a DNS server can forward queries to a WINS server for resolution of unknown A resource records for all WINS clients.

If DHCP is used for autoconfiguration, WINS server parameters can be provided by the DHCP server. Otherwise, you must configure information about WINS servers manually. WINS configuration is local for each network adaptor on a computer. The WINS server(s) for one network adaptor on a computer does not necessarily have to be the WINS server(s) for another network adaptor on the same computer.

Configuring WINS

The following procedure describes how to configure WINS and how to enable DHCP

To configure a computer to use WINS for name resolution

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change and then click Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
If a DHCP server is available that is configured to provide information on available WINS servers, select Obtain an IP address automatically.

- or -

If the WINS server information is not available from a DHCP server, do the following:
1. Click Advanced.
2. Select the WINS tab.
3. Click Add.
4. Enter the address of the WINS server, and click Add.

Figure 24-16 shows the WINS tab of the Advanced TCP/IP Settings dialog box.

Figures 24-16 WINS tab of the Advanced TCP/IP Settings dialog box

The order of the IP addresses can be rearranged as needed to reflect changes in name server availability or performance, or to implement load balancing.

To set the WINS server search order

On the WINS tab, under the WINS addresses, in order of use box, select the IP address of the WINS server that you want to reposition.
Click the up-arrow or down-arrow button to reposition the selected IP address within the list of WINS servers.

B-Node Broadcasts and Lmhosts

By default, a Windows XP Professional–based computer that is not configured as a WINS client or WINS server is configured as a b-node computer. A b-node computer is one that uses IP broadcasts for NetBIOS name resolution.

IP broadcasts can provide dynamic name resolution by registering address-to-name mappings in the computer’s cache. However, IP broadcasts have the following disadvantages:

They can lead to increased network traffic.
They are ineffective in routed networks. Resources located outside the local subnet do not receive name queries that are sent as IP broadcasts, because IP-broadcast packets are not passed to remote subnets by the router (default gateway) on the local subnet.

For networks without access to a WINS name server, Windows XP Professional enables you to manually provide NetBIOS name and IP address mappings for remote computers by using the Lmhosts file. This file can also be used in an environment where name servers are available but not all hosts are registered—for example, a server that is not available for general use but is to be accessed only by a limited number of clients.

Selected mappings from the Lmhosts file are maintained in a limited cache of NetBIOS computer names and IP address mappings. This memory cache is initialized when a computer is started. When the computer needs to resolve a name, the cache is examined first and, if there is no match in the cache, Windows XP Professional uses b-node IP broadcasts to try to find the NetBIOS computer. If the IP broadcast name query fails, the complete Lmhosts file is parsed to find the NetBIOS name and the corresponding IP address. This strategy enables the Lmhosts file to contain a large number of mappings, without requiring a large amount of static memory to maintain an infrequently used cache.

The Lmhosts file can be used to map computer names and IP addresses for computers outside the local subnet, an advantage over the b-node broadcast method. You can use the Lmhosts file to find remote computers for network file, print, and remote procedure services. The Lmhosts file is typically used for smaller networks that do not have name servers.

The Lmhosts file is a local text file that maps IP addresses to NetBIOS names. It contains entries for Windows-networking computers located outside of the local subnet. The Lmhosts file is read when WINS or broadcast name resolution fails; resolved entries are stored in a local cache for later access.

You can create an Lmhosts file by using a text editor. Lmhosts is a simple text file. An example of the Lmhosts format is provided in the file named Lmhosts.sam in the Windows XP Professional systemroot\System32\Drivers\Etc directory. This is only an example file. To activate the Lmhosts file, rename Lmhosts.sam to Lmhosts. Edit the Lmhosts file to include remote NetBIOS names and IP addresses for each computer with which you communicate.

The keywords listed in Table 24-5 can be used in the Lmhosts file in Windows XP Professional.

Table 24-5 Lmhosts Keywords

Keyword	Description
\0xnn	Support for nonprinting characters in NetBIOS names. Enclose the NetBIOS name in double quotation marks, and use \0xnn notation to specify a hexadecimal value for the character. This enables custom applications that use special names to function properly in routed topologies. However, Microsoft LAN Manager TCP/IP does not recognize the hexadecimal format. Note that the hexadecimal notation applies only to one character in the name. Use blanks to pad the name so that the special character is last in the string.
BEGIN_ALTERNATE	Used to group multiple INCLUDE statements. Any single successful INCLUDE statement causes the group to succeed.
END_ALTERNATE	Used to mark the end of an INCLUDE statement grouping.
DOM: domain	Part of the computer name-to-IP address mapping entry that indicates that the IP address is a domain controller in the domain specified by domain. This keyword affects how the Browser and Logon services behave in routed TCP/IP environments. To preload a DOM entry, you must first add the PRE keyword to the line. DOM groups are limited to 25 members.
INCLUDE filename	Forces the system to seek the specified filename and parse it as if it were local. Specifying a Uniform Naming Convention (UNC) filename allows you to use a centralized Lmhosts file on a server. If the server on which the specified filename exists is outside of the local broadcast subnet, you must add a preloaded entry for the server.
MH	Part of the computer name-to-IP-address-mapping entry that defines the entry as a unique name that can have more than one address. The maximum number of addresses that can be assigned to a unique name is 25. The number of entries is equal to the number of network adapters in a multihomed computer.
PRE	Part of the computer name-to-IP address mapping entry that causes that entry to be preloaded into the name cache. (By default, entries are not preloaded into the name cache but are parsed only after WINS and name query broadcasts fail to resolve a name.) The PRE keyword must be appended for entries that also appear in INCLUDE statements; otherwise, the entry in the INCLUDE statement is ignored.
SG name	Part of the computer name-to-IP address mapping entry that associates that entry with a user-defined special (Internet) group specified by name. The SG keyword defines Internet groups by using a NetBIOS name that has 0x20 in the 16th byte. A special group is limited to 25 members.

The following example shows how all these keywords are used:

192.176.94.102  "appname    \0x14"     #special app server 
192.176.94.123   printsrv  #PRE        #source server 
192.176.94.98   localsrv   #PRE 
192.176.94.97   primary    #PRE   #DOM:mydomain #PDC for mydomain 
#BEGIN_ALTERNATE 
#INCLUDE \\localsrv\public\lmhosts   #adds Lmhosts from this server 
#INCLUDE \\primary\public\lmhosts    #adds Lmhosts from this server 
#END_ALTERNATE

In the preceding example, the servers named printsrv, localsrv, and primary are defined, by the #PRE keyword, as entries to be preloaded into the NetBIOS cache at system startup.

The servers named localsrv and primary are defined as preloaded and also identified in the #INCLUDE statements as the location of the centrally maintained Lmhosts file.
Note that the server named “appname\0x14” contains a special character after the first 15 characters in its name (including the blanks), so its name is enclosed in double quotation marks.
The number sign, when not used with a keyword, designates the start of a comment.

WINS Proxy

RFC 1001 cautions against using the b-node method for name resolution in a routed network—that is, relying on broadcasts for name queries. However, in practice, b-nodes are sometimes useful in routed networks as sometimes b-nodes cannot be removed or updated. For this reason, Microsoft introduced WINS Proxies. A WINS Proxy is a WINS-enabled computer that helps to resolve name queries for computers that are not WINS-enabled in routed TCP/IP networks.

By default, computers that are not WINS-enabled use b-node name resolution. The WINS Proxy listens on the local subnet for b-node name-service broadcasts, and it responds on behalf of those names that are not on the local network. A WINS Proxy communicates with the WINS server, by means of directed datagrams, to retrieve the information necessary to respond to these broadcasts.

Because the WINS server does not respond to broadcasts, it is best if a computer configured as a WINS Proxy is installed on subnets containing computers that are not WINS-enabled.

The WINS Proxy checks broadcast name registrations against the WINS database by sending name-query requests to ensure that the names do not conflict with other names in the database. If a name exists in the WINS database, by default the WINS Proxy will send a negative name-registration response to the computer trying to register the name. In response to a name-release request, the WINS Proxy simply deletes the name from its cache of remote names.

The WINS Proxy always differentiates name queries for names on the local subnet from queries for remote names elsewhere in the network. It compares the subnet mask of any name it has resolved against its own subnet mask; if the two match, the WINS Proxy does not respond to the name query.

When the WINS Proxy receives a name query, it checks its remote name table. If the WINS Proxy does not find the name in the remote name table, it queries the WINS server and then enters the name into the remote name table in a “resolving” state. If the WINS Proxy receives a query for the same name before the WINS server has responded, the WINS Proxy does not query the WINS server again. When the WINS Proxy receives the response from the WINS server, the WINS Proxy updates the remote table entry with the correct address and changes the state to “resolved.” The WINS Proxy sends a reply message to the Windows XP Professional client only if the WINS Proxy has the response already in its cache.

The behavior of a b-node client does not change when a WINS Proxy is added to the local subnet. If the first name-resolution query times out, the client tries again. If the WINS Proxy has the answer cached by the time it intercepts the new query, the WINS Proxy answers the Windows XP Professional client.

Disabling NetBT

Windows XP Professional file and print sharing components use NetBT to communicate with versions of Windows earlier than Windows 2000 and with non-Windows clients. However, the Windows XP Professional file and print sharing components (the redirector and server) support direct hosting for communicating with other computers running Windows XP Professional, Windows 2000, and Windows Server 2003. With direct hosting, DNS is used for name resolution. No NetBIOS name resolution (WINS or broadcast) is used, and no NetBIOS sessions are established.

By default, both NetBT and direct hosting are enabled, and both are tried in parallel when a new connection is being established. The first method to succeed is used to establish the connection. You can disable NetBIOS support so that all traffic must use direct hosting.

To disable NetBT support

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area network connection that you want to change and then click Properties.
Select Internet Protocol (TCP/IP), and then click Properties.
Click Advanced.
Select the WINS Address tab.
Select Disable NetBIOS over TCP/IP.

Warning If you disable NetBIOS support, applications and services that depend on NetBIOS over TCP/IP will no longer function. Therefore, it is imperative that you verify that clients and applications no longer need such support before you disable it. Disabling NetBT can prevent creation of file- and print-sharing connections with clients and servers that are not running Windows XP Professional, Windows 2000, or Windows Server 2003.

Troubleshooting Name Resolution and Addressing

When troubleshooting any connectivity issues, it is important to first ascertain whether the error condition was caused by a failure in host name resolution (for example, www.reskit.com) or in NetBIOS name resolution (for example, \\computername). If name resolution does not appear to be the problem, use TCP/IP troubleshooting tools such as Ping and Tracert to verify that IP addressing has been correctly configured on the Windows XP Professional–based client. For more information about TCP/IP troubleshooting tools, see “Configuring TCP/IP” on the companion CD.

The easiest way to distinguish host name resolution problems from NetBIOS name resolution problems is to find out whether the failing application uses NetBIOS or Windows Sockets. Most Internet- or intranet-based applications (such as Internet Explorer and other Web browsers, ftp clients, and telnet) use Windows Sockets. If the application uses Windows Sockets, the problem lies with host name resolution. If the application uses NetBIOS, the problem is with NetBIOS name resolution (broadcast, Lmhosts, or WINS). You can troubleshoot NetBIOS name-resolution problems with the various net commands and other administrator tools.

Checking NetBIOS Name Resolution

Several methods are available for detecting and resolving the most common types of NetBIOS name-resolution problems.

Resolving NetBios Error 53

The most common symptom of a problem in NetBIOS name resolution is that the Ping tool returns an Error 53 message. The Error 53 message is generally returned when name resolution for a particular computer name fails, but Error 53 can also occur when there is a problem establishing a NetBIOS session. You can use the net view command to distinguish between these two cases.

To determine the cause of an Error 53 message

At the command prompt, type:

net view * \\hostname

where *hostname* is a network resource that you know is active.

If the hostname and a list of the host’s shares appear on the screen, name resolution is probably not the source of the problem. It is possible, on occasion, for name resolution to be functioning properly and yet **net use** still returns Error 53 (for example, when a DNS or WINS server has a bad entry).

To confirm that name resolution is definitely not the source of your problem, try pinging the host name. If Ping also shows that name resolution fails (by returning the “Unknown host” message), check the status of your NetBIOS session.

To check the status of your NetBIOS session

At the command prompt, type:

net view \\ip address

where ip address is the same network resource that you used to determine the cause of the Error 53 message. If this also fails, the problem is in establishing a session.

If the computer is on the local subnet, confirm that the name is spelled correctly and that the target computer is running TCP/IP as well. If the computer is not on the local subnet, be sure that its name and IP address mapping are available in the DNS database, the Hosts or Lmhosts file, or the WINS database.

If all TCP/IP elements appear to be installed properly, Ping the remote computer to be sure that it has TCP/IP enabled.

Checking the Lmhosts File

The name resolution problem might be in your Lmhosts file, which looks for addresses sequentially from the top down. If more than one address is listed for the same host name, TCP/IP returns the first value it encounters, whether or not that value is accurate.

You can find the Lmhosts file in \systemroot\System32\Drivers\Etc. Note that this file does not exist by default; a sample file named Lmhosts.sam is supplied. This file must be renamed to Lmhosts before it can be used.

Note Although \systemroot\System32\Drivers\Etc is the default directory for the Lmhosts file, exactly which Lmhosts file is parsed depends on the value of the registry entry databasepath located in the subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. The database path tells the local computer where to look for the Lmhosts file.

Checking the WINS Configuration

Check to see that the WINS configuration is correct. In particular, check the address for the WINS server.

To check your WINS configuration

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area connection that you want to change and then click Properties.
In the Local Area Connection Properties sheet, select Internet Protocol (TCP/IP) and then click Properties.
In the Internet Protocol (TCP/IP) Properties sheet, click Advanced.
In the Advanced TCP/IP Settings dialog box, click the WINS tab.
In the WINS configuration dialog box, add the server’s IP address (if none is listed).
Check to see whether Lmhosts lookup is enabled.
Check to see whether NetBIOS settings are taken from the DHCP server, or whether NetBIOS is enabled or disabled. If you are using DHCP for this host computer, select Use NetBIOS setting from the DHCP server. Otherwise, select enable NetBIOS over TCP/IP.

Checking Hosts Files and DNS Name Resolution

If your problem is with Windows Sockets rather than with NetBIOS, you might have either a Hosts file error or a DNS configuration error. If you are using a Hosts file for host name resolution, you need to verify that the settings in the file are correct. If you are using DNS for host name resolution, verify that the DNS configuration is correct.

Checking the Hosts File

If you are having trouble connecting to a remote system using a host name and you use a Hosts file for name resolution, the problem might be with the contents of that file. Make sure that the name of the remote computer is spelled correctly in the Hosts file and by the application using the file.

The Hosts file or a DNS server is used to resolve host names to IP addresses whenever you use TCP/IP tools such as Ping. You can find the Hosts file in \systemroot\System32\Drivers\Etc.

This file is not dynamic; all entries are made manually. The file format is the following:

172.16.48.10    testpc1.reskit.com

The IP address and the friendly host name are always separated by one or more space or tab characters.

The following Hosts file problems can cause networking errors:

The Hosts file does not contain the specified host name.
The host name is misspelled, either in the Hosts file or in the command.
The IP address for the specified host name, as it appears in the Hosts file, is invalid or incorrect.
The Hosts file contains multiple entries for the same host on separate lines. Because the Hosts file is parsed from the top, the first entry found is used.

Checking Your DNS Configuration

If you are using DNS, be sure that you have checked the DNS tab of the Advanced TCP/IP Settings dialog box to confirm that the IP addresses of the DNS servers are correct and in the proper order. Use Ping with the remote computer’s host name, and then use its IP address to determine whether the host address is being resolved properly. If the host name ping fails and the IP address ping succeeds, the problem is with name resolution.

To check DNS configuration

In Control Panel, select Network and Internet Connections.
In the Network and Internet Connections sheet, select Network Connections.
In Network Connections, right-click the local area connection that you want to change and then click Properties.
Click Internet Protocol (TCP/IP), and then click Properties.
In the Microsoft TCP/IP Properties sheet, click the Advanced tab.
Click the DNS tab.
Confirm that DNS is configured properly. If you find that the IP address of a particular DNS server is missing, be sure to add it to the list of DNS server addresses.

Note This procedure does not apply to network connections configured by DHCP servers, as DHCP servers configure network connections with preferred and alternate DNS servers.

You can test whether the DNS servers are running by pinging their IP addresses or by opening a Telnet session to port 53 on the DNS server. If the connection is established successfully, the DNS service is working on the DNS server. After you have verified that the DNS service is running, you can perform Nslookup queries to the DNS server to further verify the status of the DNS records for which you are looking. For more information about Nslookup and other aspects of DNS configuration, see “Windows 2000 DNS” in the TCP/IP Core Networking Guide of the Microsoft Windows 2000 Server Resource Kit.

If both pinging by IP address and pinging by name fail, the problem is with the network connection, possibly physical connectivity or routing. For more information about troubleshooting network connectivity, see “Configuring TCP/IP” on the companion CD.

For more information about how DNS resolves host names, see “Configuring DNS to Resolve Host Names and Domain Names” earlier in this chapter.

DNS Error Messages

Errors in name resolution can occur when the entries in a DNS server or client are not configured correctly, when the DNS server is not running, or when there is a problem with network connectivity. To determine the cause of any name resolution problem, you can use the nslookup command-line tool.

Failed queries return a variety of messages, depending on whether the name cannot be resolved, the server does not provide a response, or the request times out. These messages generally indicate one of the following:

The server is offline.
The host computer does not have the DNS client service enabled.
There is a hardware or routing problem.

Troubleshooting IP Addressing

If host name resolution is successful, the problem must be something else. The solution might simply be a matter of correcting the IP configuration.

TCP/IP troubleshooting generally follows a set pattern. First, verify that the TCP/IP configuration on the problem computer is correct. The ipconfig command can be used to get the host computer configuration information, including the IP address, subnet mask, and default gateway. For more information about ipconfig, see “Configuring TCP/IP” on the companion CD.

Next, verify that a connection and a route exist between the computer and the destination host by using Ping and/or PathPing. Ping helps to verify IP-level connectivity; PathPing detects packet loss over multiple-hop trips. For more information about how these tools can be used to troubleshoot IP addressing problems, see “Configuring TCP/IP” on the companion CD.

If you have successfully pinged both your own machine and the loopback address, clear out the Address Resolution Protocol (ARP) cache and restart your computer. (For information about clearing out the ARP cache, see “Configuring TCP/IP” on the companion CD.) In addition, make certain that the default gateway is on the same network that your client is on, that it is a router, and that its name has been entered correctly. Then try Pinging a remote host to ensure that network-to-network communications are operating as expected. Use Tracert to examine the path to the destination.

On the CD For more information about troubleshooting IP addressing, see “Configuring TCP/IP” on the companion CD.

Additional Resources

These resources contain additional information related to this chapter:

“Configuring TCP/IP” on the companion CD, for more information on the TCP/IP fundamentals on which this chapter is based
The Deploying Network Services book of the Microsoft Windows Server™ 2003 Deployment Kit, for more information about deploying Windows TCP/IP network services
“Introduction to TCP/IP” in the TCP/IP Core Networking Guide, for more information about types of IP addresses and IP address assignment
“Dynamic Host Configuration Protocol” in the TCP/IP Core Networking Guide, for more information about DHCP
“Introduction to DNS” in the TCP/IP Core Networking Guide, for more information about DNS
“Windows Internet Name Service” and “Lmhosts File” in the TCP/IP Core Networking Guide, for more information about NetBIOS name resolution
“TCP/IP Troubleshooting” and “TCP/IP Tools and Troubleshooting Utilities” in the TCP/IP Core Networking Guide, for more information about troubleshooting name resolution and addressing