Browse Service Across an IP Router with TCP/IP
Currently, browser service communication relies almost entirely on broadcasts. On an IP internetwork, where domains are separated by routers, special broadcast problems can arise because broadcasts, by default, do not pass through routers. There are two issues to consider:
How browsers separated by a router can perform browser functions
How local clients can browse remote domains that are not on their local network subnet
The following topics discuss three methods that you can use to set up browsing on an IP internetwork with TCP/IP. They are presented in order of preference.
Domain Name System
Windows 2000 uses DNS as its primary method of name resolution. Every Windows 2000–based domain controller registers two names at startup: a DNS domain name with the DNS service and a NetBIOS name with WINS or another transport service.
If the originating computer and the targeted computer are configured to use IP and DNS, the name is resolved using DNS; otherwise, WINS resolves IP addresses from NetBIOS names so that datagrams can be sent to the targeted computer. Name resolution may not work properly if only DNS is used, due to limitations of resolving NetBIOS names through DNS. It is recommended that you use WINS as well as DNS.
For more information about DNS concepts, see "Introduction to DNS" in this book.
Windows Internet Name Service
The Windows Internet Name Service (WINS) resolves IP addresses from NetBIOS names so that datagrams can be sent to the targeted computer. Implementing WINS eliminates the need to configure the LMHOSTS file or to enable UDP port 137. Using WINS requires the following configuration:
WINS is configured on a computer running Windows 2000 Server, Windows NT Server 3.5 or later.
Clients are WINS-enabled.
WINS clients can be computers running Windows 2000, Windows NT 3.5 or later, Windows 95, Windows 98, Windows for Workgroups 3.11b running TCP/IP-32, Microsoft® LAN Manager 2.2c for MS-DOS, or Microsoft Network Client 3.0 for MS-DOS. The latter two are provided on the installation CDs for Windows NT Server version 3.5 or later.
It is recommended that you implement WINS for name resolution and browsing support. As an alternative, it is possible to have full domain browsing by using only LMHOSTS files on all computers, but this limits browsing to the local domain. Non-WINS clients still need the LMHOSTS file to browse across an IP internetwork, even if WINS has been implemented in the domain.
A client will participate in domain browsing only when that client is using a workgroup name that is equivalent to the domain name.
NetBIOS name resolution is typically performed through broadcasts, which will resolve names only on the local network subnet. To resolve names of computers located on another network subnet, the LMHOSTS file (located in the directory % Systemroot %\System32\drivers\etc) must be configured. The LMHOSTS file must contain a NetBIOS name–to–IP address mapping for all computers that are not on the local network subnet.
To implement communication between network subnets and the domain master browser, the administrator must configure the LMHOSTS file with the NetBIOS names and IP addresses of all browsers. To ensure that the master browser for each network subnet can access the domain's PDC, the PDC for each domain must have an entry in the LMHOSTS file on each master browser. Also, each entry must have the tag #DOM, which designates the named computer as a domain controller.
The LMHOSTS file on the master browser of each network subnet needs to contain the following information:
IP address and NetBIOS name of the domain master browser
Domain name, preceded by the tags #PRE and #DOM, as in the following example:
18.104.22.168 < Browser_name > #PRE #DOM:< domain_name >
To guarantee that the PDC can request the local browse list from the master browser of the network subnet, TCP/IP must cache the IP address of the client.
NetBIOS Name Service Broadcasts
Not all routers block all types of broadcast traffic. Some routers can be configured to forward specific types of broadcasts.
All broadcasts of NetBIOS over TCP/IP (NetBT) are sent to the UDP port number 137, which is defined as the port for NetBT Name Service. Routers normally block the forwarding of these frames because they are sent to the hardware and subnet broadcast addresses. However, some routers allow all broadcast frames sent to this particular UDP port — which is used only by NetBT — to be forwarded. As a result, to the browser it looks as if it is on one big network segment. All domains and workgroups on all network segments are seen by all computers.
This can be problematic since latency across the router or other connectivity problems can cause the wrong number of browsers to be elected (none or two or more.) Microsoft Support recommends that customers do not enable the forwarding of UDP port 137 and UDP port 138 broadcast packets.