[#namtoadr]:

Name Resolution

Name resolution may be even more important than routing: It may be used for internal communications even if there are no Internet/remote connections that are actively up. A lot of software uses name resolution, including security software. If users cannot authenticate, that may limit their ability to do anything, even if routing to the Internet does work.

On the other hand, getting routing operational may be more important than many other individual services, including local name resolution servers. Both may be nice to have, but in many cases a remotely working server (that provides public name resolution services) may be sufficient enough for many features, like web browsing, to work well enough.

[#nmrsprio]: Name Resolution/Lookup Methods/Priority

Most software will follow a specific order of using various name resolution services. Some software, however, may provide its own implementation to determine what name resolution methods may be used, and may rely on a more custom method instead of using the standardized approach that is used by most programs. A couple of examples of this are:

  • The sendmail uses information specified in a /etc/mail/service.switch file (as discussed by OpenBSD FAQ: FAQ about name resolution used by sendmail (FAQ 10.6)).
  • (The following is based on reported information. Determine accuracy.) In Microsoft Windows, database applications may rely on ODBC configurations. These configurations can match to a system name to a specific network address, and then database applications that try to access that computer name may access the computer that is specified by the ODBC configuration. This may happen even if other name resolution methods would have that computer name reference a different computer.

    To implement such a thing (or to see if it has been implemented), perhaps see Microsoft Q110507: Configuring ODBC Data Sources On The Fly. Perhaps see: ODBC Data Source Administrator (Odbcad32.exe). Perhaps see: Microsoft Q942976: 32-bit and 64-bit ODBC Administartor tool, DSNs.)

Now that some examples of exceptions have been shown, let's see what is used more commonly.

Lookup Methods/Priority in Unix
[#reslvcnf]: /etc/resolv.conf*

This is determined by “/etc/resolv.conf*”. Specifically, the file /etc/resolv.conf is used to check for name resolution options. However, if support for /etc/resolv.conf.tail exists and is supported, then that configuration file is then checked and any options in that file override what is in the /etc/resolv.conf file.

This allows for a DHCP client to modify some settings by completely overwriting /etc/resolv.conf, but still allows for customized settings to be used (and not be automatically overwritten) by having customized settings go into the /etc/resolv.conf file.

See also: DNS Resolver.

Name switch service

See: /etc/nsswitch.conf as, if the file comes pre-bundled with the operating system, it may affect name resolution. Various programs using standard libaries related to the C programming language may access this file to determine how name resolution should occur. Such programs may pay more attention to this file than the traditional standard /etc/resolv.conf file. A standard manual page for the nsswitch.conf file notes, “Within each process that uses nsswitch.conf, the entire file is read only once; if the file is later changed, the process will continue using the old configuration.” In reality, however, it is likely up to an individual program to determine when it scans the configuration file; software may also be more prone to dump cached previous results when being restarted. So, after updating this configuration file, restarting programs (that use the configuratino file) may be needed. (Related discussion at ServerFault.com website.)

Before editing any of the default versions of these name resolution configuration files, do read what is in there. Sometimes a DHCP client may modify a file, but perhaps only if the file is detected as being uncustomized (probably based on viewing the time stamp). Files that might exist, and be related to customizing name resolution, include:

  • netconfig (perhaps initially Red Hat and now SuSE as well) may create a /etc/resolv.conf file that starts with:

    ### /etc/resolv.conf file autogenerated by netconfig!
    #
    # Before you change this file manually, consider to define the
    # static DNS configuration using the following variables in the
    # /etc/sysconfig/network/config file:
    # NETCONFIG_DNS_STATIC_SEARCHLIST
    # NETCONFIG_DNS_STATIC_SERVERS
    # NETCONFIG_DNS_FORWARDER
    # or disable DNS configuration updates via netconfig by setting:
    # NETCONFIG_DNS_POLICY=''
    #
    # See also the netconfig(8) manual page and other documentation.
    #
    # Note: Manual change of this file disables netconfig too, but
    # may get lost when this file contains comments or empty lines
    # only, the netconfig settings are same with settings in this
    # file and in case of a "netconfig update -f" call.
    #
    ### Please remove (at least) this line when you modify the file!

    (Note: the above may not be an exact quote: specifically white space is highly suspected to be altered from the original file. URL was added to the quoted text.)

    The file may or may not then have impactful resolv.conf lines.

  • SuSE: See /etc/sysconfig/networking/profiles/default/resolv.conf, Web page section mentioning /etc/sysconfig/network/config and its default: MODIFY_RESOLV_CONF_DYNAMICALLY="yes"
  • Debian's postinst running “install_from_default /usr/share/base-files/nsswitch.conf /etc/nsswitch.conf”?)
Mac OSX

Some people may think that supporting /etc/nsswitch.conf in addition to /etc/resolv.conf was unnecessary complexity. Well, that complexity is nothin' compared to what Mac OSX supports.

Check out the discussion at Spiff's answer to Johannes Ernst's SuperUser.com question on possibilities of where “ host information come from on a Mac” (an answer to: Johannes Ernst's SuperUser.com question on possibilities of where “ host information come from on a Mac”).

Microsoft Windows

One step that is commonly performed is checking DNS cache. On supporting operating systems (at least including Windows XP and newer), the DNS cache may be seen by running:

IPConfig/displaydns

(If unwanted values still remain, using IPConfig/flushdns will clear them.)

Other steps are mentioned by Microsoft KB Q172218: Microsoft TCP/IP Host Name Resolution Order discusses this. (That KB article was formerly at “http://support.microsoft.com/support/kb/articles/Q172/2/18.ASP”.)

For some reason, this article seems to skip mentioning of DNS cache, which may override the hosts file.

[#dns]: Domain Name System (“DNS”) and similar/related (e.g. EDNS, Reverse DNS (“RDNS”), DNSSEC, DynDNS, Zone Transfers)

Further information is included in the section about the Domain Name System (“DNS”). (Here is a brief overview of some of the topics.)

The protocols implementing/related to DNS

Further information is included in the section about the Domain Name System (“DNS”). (Here is a brief overview of some of the topics.)

EDNS
DNS
DNSSEC
[#dnscurve]: DNSCurve
[#revdns]: “Reverse DNS” (“RDNS”, “rDNS”)

These are methods of getting a domain name from an IP address (instead of “forward DNS”, usually just referred to as “DNS”, which resolves an IP address from a domain name).

Reverse DNS via the web
...
Querying via DNS
...
Other options
...
DNS Software clients

Further information is included in the section about the Domain Name System (“DNS”). (Here is a brief overview of some of the topics.)

A whole lot of Internet-aware software
...
nslookup
Using the nslookup command line
...
Using nslookup's interactive mode
...
Domain Information Groper (“dig”)
...
dnsq(r)
...
Other(s)
The host command
Server software implementing DNS

Further information is included in the section about the Domain Name System (“DNS”). (Here is a brief overview of some of the topics.)

WHOIS

The WHOIS protocol is a differnet protocol than the DNS protocol. However, the information about the WHOIS protocol is located within the DNS section since the domains are the same domains that DNS uses.

[#hostsfil]: HOSTS file
Overview/usage/history

The file may (typically) be queried before other name resolution systems including DNS: This is used before DNS as described by the section on Name Resolution/Lookup Methods/Priority. Perhaps for this reason, User Account Control (“UAC”) may prevent this file from being modified (according to a web page titled “HOWTO: Edit the HOSTS file in Vista”).

This is typically checked for name resolution before DNS. In Unix, the file /etc/resolv.conf may determine this: Usage of the hosts file is referenced by a reference to “file” on a “lookup” line. For example, if a line says “lookup file bind” and if that line comes before other lines which start with the word “nameserver”, then the hosts file will be checked before the local instance of a nameserver and before the other specified DNS entries are queried. For implementations that use, or are meant to be similar to, Microsoft's TCP/IPv4 implementations, Q172218: Microsoft TCP/IP Host Name Resolution Order states this is checked before DNS (which is checked before NetBIOS). (However, there may be exceptions: OpenBSD FAQ 10.6: Sendmail using DNS before /etc/hosts discusses an exception.)

This file is often used to redirect traffic, such as blocking traffic to certain sites which may be known to advertise or sites that provide some sort of checks regarding usage being consistent with “digital rights”. Some large files may include:

Wikipedia's article on the “History of the Internet”: section titled “NIC, InterNIC, IANA and ICANN” says that SRI International distributed a hosts file.

[#hstsfloc]: File locations
Wikipedia's entry on “Hosts (file)”: section on file's location has information about various platforms.
A popular location
For many operating systems, /etc/hosts is the name of the file.
Microsoft Windows

For Microsoft Windows, the exact location may be impacted by a registry entry, although searching for a file named HOSTS in %WinDir% and/or %SystemRoot% (both of which generally refer to the C:\Windows\ directory), and/or the sub-directories of those locations, will generally yield a file named HOSTS.

Modern full/standard versions of Microsoft Windows

Microsoft KB Q314053: TCP/IP and NBT configuration parameters for Windows XP indicates the location is specified by a registry value called DatabasePath, located under HKLM\SYSTEM\CurrentControlSet\Services\Tcpip under either Parameters, or first under Parameters\Interface and then under an ID for the adapter. If it is stored under Parameters then this REG_EXPAND_SZ value can be seen by running: Reg query HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters /v DataBasePath

The default location is %SystemRoot%\System32\drivers\etc (which is the exact text of the data stored in that registry value, including the literal unexpanded variable name).

Older operating systems using Microsoft networking code
See Microsoft KB Q172218: Microsoft TCP/IP Host Name Resolution Order mentions some paths.
Other operating systems
Wikipedia's article on a Hosts file: section about where the file is found in operating systems shows some specific examples. Looking for *hosts* is an approach which will work for many operating systems.
Format of file
Start with an IP address. (For Microsoft Windows, Windows Vista and Windows Server 2008 allow this to be an IPv6 address.) RFC 952
Default hosts files/Misc
Microsoft Windows
Microsoft KB Q172218: “How do I reset the hosts file back to the default?” shows the contents of the default file for Windows XP and Server 2003, and the contents of the default file for Windows Vista and 2008, and the contents of the default file for Windows 7. That KB article also has “Microsoft Fix it 50267” which may be able to restore a default file. See also: Win98 RK Appendix F: Windows 98 (LM)HOSTS file info which is similar to Setting up HOSTS Files in Win95, Win2K support.
OpenBSD
The /etc/hosts file created during the operating system's installation procedure may/does vary based on names provided for the system and/or individual NICs.
[#netbnams]: NetBIOS names
Naming format
16 bytes: Wikipedia on NetBIOS name says “Microsoft limits the host name to 15 characters and reserves the 16th character as a NetBIOS Suffix.” Q163409 (URL ???): “NetBIOS Suffixes (16th Character of the NetBIOS Name)” used by Microsoft (Windows NT/2K)
[#nbns]: NetBIOS Name Service (“NBNS”)
Windows Internet Naming Service (“WINS”)

Possibly the most famous implementation on NBNS is WINS: In fact the name WINS may be more recognized then NBNS.

WINS may differ a bit from NBNS, by intelligently violating the specification somewhat. This differences in the network communications should not cause problems, and may even optimize things a bit by not sending as much (unnecessary) network traffic. Finding details on this may be a challenge, but if this is indeed true, then Microsoft's choice to name their implementation does make some sense from a technical, and not just a marketing, perspective.

For reverse, info has some info on WINS-R.

LMHOSTS

There may be a file called LMHOSTS (the LM stands for “LAN Manager” ???) similar to a HOSTS file. (Location where LMHOSTS is found???) Unlike the HOSTS file, which Q172218 shows is queried before DNS, LMHOSTS is used “to provide a backup name resolution service in case the” (NBNS) “server is not available”, as noted by Microsoft page about LMHOSTS file.

Support for this may be disabled (e.g. in Vista: Network Connecion properties, TCP/IPv4 settings, General tab's “Advanced...” TCP/IP settings button, WINS tab, “Enable LMHOSTS lookup” is checked by default.)

Computer Browser service

MS KB Q188001: Microsoft Computer Browser Service says that “Microsoft Active Directory services in Windows 2000 and Windows XP” replaces the role of the computer browser service, although “the computer browser service” is still available “to provide the network basic input/output system (NetBIOS) name resolution”, a service which “is provided for backwards compatibility with client computers that are running earlier versions of Windows.” This service is part of Windows XP, Server 2003, and Vista. Q188001 specifies a “name resolution requirement” which is “that the distributed WINS infrastructure must be working properly.”

The role of “Master Browser” may be assigned. An order of what machines participate in this election process, at least for pre-XP machines, is on Q188001. NIC properties (in the Device Manager???) may disable (a computer??? NIC??? network connection???) from participating in an election to be a Master Browser. (Perhaps also see NetBIOS suffix names, one may say Master Browser???) Wikipedia's page on a “Domain Master Browser” describes how master browsers on different subnets may share information with an AD PDC.

Much of the following text comes from http://www.chicagotech.net/browser.htm (warning: page redirects after a short time) This should be verified/etc. says http://www.chicagotech.net/browser.htm Also Multihomed servers can create unexpected and undesirable effects with the browser service and a master browser cannot be multihomed because the PDC will contact only the master browser on one of its network adapters.

In general, computer browser performance improves with fewer protocols or network cards on a computer. All domain controllers must be singlehomed computers for browsing to operate correctly. Also the computer browser is dependent on NetBIOS. Therefore, in a mixed OS network environment (win9x, NT, ME, W2K and XP), you should have a WINS server in a domain network and enable NetBIOS over TCP/IP (instead of loading NetBEUI) on w2k/xp in the home or small network.

In W2K/XP: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters IsDomainMaster=FALSE

Change master browser in 9X: From network neighborhood properties select File & print sharing, select and click properties then select "Master Browser" from the right list and choose disabled from the left list.

See also, in that same registry key: MaintainServerList (set to no in win2k and false in NT)

http://technet.microsoft.com/en-us/library/cc751005.aspx Windows 3.x Edit the SYSTEM.INI file and add MaintainServerList=No, Yes, or Auto under label [Network]. also it says: Open the registry key HKLM\System\CurrentControlSet\Services\Browser\Parameters and change IsDomainMasterBrowser's value to Yes.

Some details technical specifications, which look similar in nature to an RFC, has been made available at multiple locations: CIFS/E Browser Protocol Preliminary Draft (from IETF, using HTML), CIFS/E Browser Protocol Preliminary Draft (draft-leach-cifs-browser-spec-00.txt) From Samba.org, and cifsbrow.doc file from Microsoft's FTP site's developer area.

See nbtstat???

May require File And Print sharing to be one of the protocols bound to the network connection (like TCP/IP), and if the machine has Windows Firewall than an exception may be needed for File and Print sharing.

[#llmnr]: Link-local Multicast Name Resolution (“LLMNR”)
See RFC 4795: Link-local Multicast Name Resolution (“LLMNR”). (For IPv6 and IPv4.) IANA's list of TCP and UDP port numbers shows TCP and UDP port 5355 reserved for LLMNR.
Name Service Switch via Multicast DNS (“nss-mdns”)
Overview of nss-mdns
Misc notes

The following came from some older notes, which should be reviewed and then merged with some of the other notes.

Host lookup
RFCs 952 and 953 (maybe related to a HOSTS file???)
Multicast Domain Name Service
RFC 4795: Link Local Multicast Name Resolution (“LLMNR”), Wikipedia's article on “Zero configuration networking”: “Name resolution” section
IEN

Unknown: RFC 2132 supports this with code 5. (DNS is supported with code 6.) Therefore, should this be checked out to see if it is important/used???

Name resolution services may often be an early requirement for a functional network, because it is often used. Not only is DNS widely used by client software for end user convenience, but also by some software that may use DNS. For example, using (at least some implementations of) the SMB protocol may require name services to be working. Therefore, setting this up early may often be quite worthwhile.

See: network addresses.