You are currently offline, waiting for your internet to reconnect

How WINS Lookup Works from Windows NT DNS

This article was previously published under Q173161
SUMMARY
The Microsoft Windows NT Server 4.0 Domain Name Service (DNS) Server hasthe ability to interact with a Windows Internet Name Service (WINS) Server.This article discusses this feature and the process that takes place when aDNS Server forwards a query to a WINS Server.

For additional information on DNS, please see the following whitepaperavailable on the Microsoft anonymous ftp server:

File : ftp://ftp.microsoft.com/bussys/winnt/winnt-docs/papers/Dnswp.exe
Title : "DNS and Microsoft Windows NT 4.0"
MORE INFORMATION
To allow for interoperability between DNS and WINS, two new resourcerecords were defined as part of the Windows NT DNS implementation. Thefollowing are the two new records:

  • WINS Lookup
  • WINS-R Lookup (WINS Reverse Lookup)

WINS Lookup

The first new record is called a WINS Lookup record and can only be a partof the zone root domain. Any queries that cannot be resolved by the staticentries in the DNS zone file will be forwarded to the WINS server(s)defined by the WINS Lookup record. This function is particularly useful forUnix clients that may need to contact DHCP/WINS enabled clients through IP.

The process that takes place is as follows:

  1. A client sends a fully-qualified domain name (FQDN) query to the DNS Server.
  2. The DNS Server, being unable to resolve the name locally, truncates the domain name from the host name and forwards the query to the configured WINS Server(s). The DNS Server uses a source port of UDP 53 (DNS) and a destination port of UDP 137 (NetBIOS Name Service). It also encrypts the name that it sends to the WINS Server.

    For additional information, please see the following article(s) in the Microsoft Knowledge Base:

    ARTICLE-ID: 160828
    TITLE : Network Monitor Parses DNS WINS Lookup queries as DNS Packets
  3. The WINS Server responds to the DNS Server with the resolved IP address and a source port of UDP 137 and destination port UDP 53.
  4. The DNS Server forwards the IP address in response to the client's original query.
NOTE: For network administrators who are familiar with protocol analyzers,a sample of packets has been included at the end of this article to displaythe actual network data that is exchanged in the above steps.

WINS-R Lookup

There is also a WINS-R or WINS Reverse Lookup entry that can be added tothe reverse zone. Because WINS does not have a reverse lookup capability,however, this record instructs the DNS server to perform a NetBIOS nodeadapter status lookup, or an NS Query, against the host.

For additional information, please see the following article(s) in theMicrosoft Knowledge Base:

ARTICLE-ID: 154553
TITLE : Windows NT 4.0 DNS WINS Reverse Lookups Do Not Use WINS

NOTE: The WINS Lookup and the WINS-R Lookup resource records areproprietary to the Microsoft NT DNS Server. You will want to prevent theresource records from being propagated in a zone transfer to a non-WindowsNT DNS Server. This can be accomplished by using one of the followingmethods:

  • Add the Local flag to the WINS record in the zone file using the following steps:

    1. Type the following at a command prompt, and then press Enter:
      net stop dns
    2. Using a text editor, open your zone file. For example, if your zone is Domain.com, then your default zone file name is Domain.com.dns.
    3. Locate the WINS record, and insert LOCAL so that your WINS record looks similar to the following:
               @   0   IN   WINS   LOCAL   a.b.c.d

      where a.b.c.d is the IP address of your WINS Server.
    4. Save the file and exit the editor.
    5. Type the following at a command prompt, and then press Enter:
      net start d
    -or-
  • Enable the Settings Only Affect Local Server option using the following steps:

    1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager.
    2. Double-click your DNS Server, right-click the zone name that contains the WINS record, and then click Properties.
    3. In the Zone Properties dialog, click on the WINS Lookup tab and click the Settings Only Affect Local Server option to enable it.

Network Monitor Trace Information

Network Monitor is a protocol analyzer that is available with MicrosoftSystems Management Server (SMS). Corresponding to the four steps listedabove there are four frames of data following to further illustrate theprocess involved when a Windows NT DNS Server forwards a query to a WINSServer.

Frame 1:

1  7.128 WIN95B  -->  DNS SERVER  DNS 0x1:Std Qry for thebunker.gotcha.com.of type Host Addr on class INET addr. WIN95B  -->157.54.51.20   IPDNS: 0x1:Std Qry for thebunker.gotcha.com. of type Host Addr on class INETaddr.    DNS: Query Identifier = 1 (0x1)    DNS: DNS Flags = Query, OpCode - Std Qry, RD Bits Set, RCode - No error        DNS: 0............... = Query        DNS: .0000........... = Standard Query        DNS: .....0.......... = Server not authority for domain        DNS: ......0......... = Message complete        DNS: .......1........ = Recursive query desired        DNS: ........0....... = No recursive queries        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 0 (0x0)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: thebunker.gotcha.com. of type Host Addr on classINET addr.        DNS: Question Name: thebunker.gotcha.com.        DNS: Question Type = Host Address        DNS: Question Class = Internet address class				


Frame 2:

2    7.129 DNS SERVER -->  WINS SERVER DNS 0x8008:Std Qry forFEEIEFECFFEOELEFFCCACACACACACAAA. of type Unknown Type on class INETaddr. 157.54.51.20 --> 157.54.51.30 IPUDP: Src Port: DNS, (53); Dst Port: NETBIOS Name Service (137); Length = 58(0x3A)UDP: Source Port = DNSUDP: Destination Port = NETBIOS Name ServiceUDP: Total length = 58 (0x3A) bytesUDP: UDP Checksum = 0x70ABUDP: Data: Number of data bytes remaining = 50 (0x0032)DNS: 0x8008:Std Qry for FEEIEFECFFEOELEFFCCACACACACACAAA. of type UnknownType on class INET addr.    DNS: Query Identifier = 32776 (0x8008)    DNS: DNS Flags = Query, OpCode - Std Qry, RD Bits Set, RCode - No error        DNS: 0............... = Query        DNS: .0000........... = Standard Query        DNS: .....0.......... = Server not authority for domain        DNS: ......0......... = Message complete        DNS: .......1........ = Recursive query desired        DNS: ........0....... = No recursive queries        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 0 (0x0)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: FEEIEFECFFEOELEFFCCACACACACACAAA. of typeUnknown Type on class INET addr.        DNS: Question Name: FEEIEFECFFEOELEFFCCACACACACACAAA.        DNS: Question Type = 0x0020        DNS: Question Class = Internet address class				


Frame 3:

3    7.133 WINS SERVER -->  DNS SERVER DNS 0x8008:Std Qry Resp. forFEEIEFECFFEOELEFFCCACACACACACAAA. of type Unknown Type on classINET addr. 157.54.51.30 -->  157.54.51.20 IPUDP: Src Port: NETBIOS Name Service, (137); Dst Port: DNS (53); Length = 70(0x46)    UDP: Source Port = NETBIOS Name Service    UDP: Destination Port = DNS    UDP: Total length = 70 (0x46) bytes    UDP: UDP Checksum = 0xBBB7    UDP: Data: Number of data bytes remaining = 62 (0x003E)DNS: 0x8008:Std Qry Resp. for FEEIEFECFFEOELEFFCCACACACACACAAA. of typeUnknown Type on class INET addr.    DNS: Query Identifier = 32776 (0x8008)    DNS: DNS Flags = Response, OpCode - Std Qry, AA RD RA Bits Set, RCode -No error        DNS: 1............... = Response        DNS: .0000........... = Standard Query        DNS: .....1.......... = Server authority for domain        DNS: ......0......... = Message complete        DNS: .......1........ = Recursive query desired        DNS: ........1....... = Recursive queries supported by server        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 0 (0x0)    DNS: Answer Entry Count = 1 (0x1)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Answer section: FEEIEFECFFEOELEFFCCACACACACACAAA. of type UnknownType on class INET addr.        DNS: Resource Name: FEEIEFECFFEOELEFFCCACACACACACAAA.        DNS: Resource Type = 0x0020        DNS: Resource Class = Internet address class        DNS: Time To Live = 0 (0x0)        DNS: Resource Data Length = 6 (0x6)        DNS: Additional Resource Data = 60 00 9D 36 33 1E				


Frame 4:

4   7.0134 WIN95B  -->  DNS SERVER  DNS 0x1:Std Qry Resp. forthebunker.gotcha.com. of type Host Addr on class INET addr.157.54.51.20 -->  WIN95B  IPDNS: 0x1:Std Qry Resp. for thebunker.gotcha.com. of type Host Addr on classINET addr.    DNS: Query Identifier = 1 (0x1)    DNS: DNS Flags = Response, OpCode - Std Qry, AA RD RA Bits Set, RCode -No error        DNS: 1............... = Response        DNS: .0000........... = Standard Query        DNS: .....1.......... = Server authority for domain        DNS: ......0......... = Message complete        DNS: .......1........ = Recursive query desired        DNS: ........1....... = Recursive queries supported by server        DNS: .........000.... = Reserved        DNS: ............0000 = No error    DNS: Question Entry Count = 1 (0x1)    DNS: Answer Entry Count = 1 (0x1)    DNS: Name Server Count = 0 (0x0)    DNS: Additional Records Count = 0 (0x0)    DNS: Question Section: thebunker.gotcha.com. of type Host Addr on classINET addr.        DNS: Question Name: thebunker.gotcha.com.        DNS: Question Type = Host Address        DNS: Question Class = Internet address class    DNS: Answer section: thebunker.gotcha.com. of type Host Addr on classINET addr.        DNS: Resource Name: thebunker.gotcha.com.        DNS: Resource Type = Host Address        DNS: Resource Class = Internet address class        DNS: Time To Live = 600 (0x258)        DNS: Resource Data Length = 4 (0x4)        DNS: IP address = 157.54.51.30				
Properties

Article ID: 173161 - Last Review: 02/26/2007 22:42:14 - Revision: 1.2

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows NT Server 4.0 Standard Edition
  • kbinfo kbnetwork KB173161
Feedback