[Linux] netbios-ns foolishness
Flavored UNIX
bogosort@flashmail.com
Mon, 30 Oct 2000 17:32:24 -0500 (EST)
Anyone sufficiently versed in those M$ OSes to explain to me why the Win98
boxen in my office insist on using netbios name service? The problem --
besides generating tons of useless traffic -- is that after several hours
(I haven't been able to pin down a timeframe) the machines stop using DNS
and rely on netbios name service, which we aren't running. Thus the
machines effectively lose internet service (even though of course they
still have connectivity, just not DNS).
Each Win98 box is configured only with TCP/IP on the ethernet adapter,
and are set to get all their info (IP, gateway, DNS) from a Linux
DHCP server. This process works flawlessly.
When the machines do lose DNS, nothing I've tried short of rebooting
fixes. Releasing and renewing the DHCP lease doesn't fix the problem.
Note that this doesn't happen to more than one Win machine at a time, so
it's definately not a problem with the Linux boxen.
Unfortunately I don't have a traffic dump of before the failure point, but
after the failure point I see a few of these everytime the box tries to
resolve a name:
16:47:15.646868 B 192.168.0.52.netbios-ns > 192.168.0.255.netbios-ns:NBT
UDP PACKET(137): QUERY; REQUEST; BROADCAST
Perhaps unrelated, I also see this strange bit of traffic:
16:54:58.998654 B arp who-has 192.168.0.52 tell 192.168.0.52
16:54:59.996538 M 192.168.0.52 > ALL-ROUTERS.MCAST.NET: icmp: router
solicitation
I'm guessing the silly looking broadcast is simply Gratuitous ARP, to
reset all the ARP cache timers, but what's that multicast icmp router
solicitation weirdness? Anyone have a clue as to what the Windows
network stack is doing?
javier