ISC Bind in Active Directory

Phil Mayers p.mayers at imperial.ac.uk
Sat Oct 27 15:38:53 UTC 2012


On 10/27/2012 04:28 PM, Chuck Anderson wrote:
>> I don't disagree that broadcast netbios probably should be disabled
>> (though it's not at our site, for historical reasons, and I'm not
>> sure I'm willing to take on the monumental task of disabling it).
>>
>> WINS is slightly different, and the main reason to disable it is
>> that it hides misconfigurations by allowing non-DNS hostname lookups
>> on windows machines.
>
> Easy to disable both of those, just set these DHCP options in your
> server:
>
> option netbios-node-type 2;
> option netbios-name-servers 0.0.0.0;

It is easy, but whether it's safe is another matter.

There are, sadly, still current-generation 3rd party applications that 
rely on NetBIOS. I'm assured by my colleagues in our OS Admin group that 
applications exist which will only take old-style, downlevel domain 
names, and not DNS-style realms. These apps can therefore *only* find 
domain controllers by NBNS.



More information about the bind-users mailing list