On 10/27/2012 04:28 PM, Chuck Anderson wrote:
I don't disagree that broadcast netbios probably should be disabled
(though it's not at our site, for historical reasons, and I'm not
sure I'm willing to take on the monumental task of disabling it).

WINS is slightly different, and the main reason to disable it is
that it hides misconfigurations by allowing non-DNS hostname lookups
on windows machines.

Easy to disable both of those, just set these DHCP options in your
server:

option netbios-node-type 2;
option netbios-name-servers 0.0.0.0;

It is easy, but whether it's safe is another matter.

There are, sadly, still current-generation 3rd party applications that rely on NetBIOS. I'm assured by my colleagues in our OS Admin group that applications exist which will only take old-style, downlevel domain names, and not DNS-style realms. These apps can therefore *only* find domain controllers by NBNS.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to