On 10/27/2012 04:28 PM, Chuck Anderson wrote:
I don't disagree that broadcast netbios probably should be disabled
(though it's not at our site, for historical reasons, and I'm not
sure I'm willing to take on the monumental task of disabling it).
WINS is slightly different, and the main reason to disable it is
that it hides misconfigurations by allowing non-DNS hostname lookups
on windows machines.
Easy to disable both of those, just set these DHCP options in your
server:
option netbios-node-type 2;
option netbios-name-servers 0.0.0.0;
It is easy, but whether it's safe is another matter.
There are, sadly, still current-generation 3rd party applications that
rely on NetBIOS. I'm assured by my colleagues in our OS Admin group that
applications exist which will only take old-style, downlevel domain
names, and not DNS-style realms. These apps can therefore *only* find
domain controllers by NBNS.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
