1. The Windows XP workstation gets an IP (say, 192.168.10.11) from some
non-Windows DHCP server. The IP is registered in the normal (i.e.,
non-Windows) way as something like "dhcp-036.mydomain.com". (Note: The
IP it gets is not really private.
AHA! Registered where? And by what?
2. The Windows workstation has the computer name (e.g., "lancelot")
assigned manually when it is built. So, in our situation the hostname
will _always_ be different than the computer name. That the two names
are different is not the issue.
That's not necessarily true, in fact it's usually not true, but since you
still haven't checked I'll go with that.
3. This Windows workstation has a single NIC which has the option
"Register this connection's addresses in DNS" turned ON. According to
the help for this option this means that the workstation will try to do
a dynamic registration of the IP address with the full computer name.
The key word there is "try".
As there is only one Active Directory on our college campus, I presume
that this dynamic registration happens with one of the college's AD
servers. As the Windows XP's computer name is "lancelot" I am guessing
that the reverse mapping "lancelot.ad.mydomain.com" to 192.168.10.11 is
recorded somewhere in the guts of the Active Directory.
Only if it's set up that way. Although Active Directory relies on DNS for
much of it's functionality, DNS can be entirely separate. The reverse zone
is really not required for AD to function, although most admins use it to
locate computers, for example, when sniffing the wire where IP addresses,
not names, are in packet headers.
4. Thus, if log onto a Windows machine that is part of the Active
Directory and type "ping dhcp-036.mydomain.com" or "ping
lancelot.ad.mydomain.com" in both cases I get responses from the same
address, as expected.
5. If I am on a Linux server and do "ping lancelot.ad.mydomain.com",
not surprisingly I get a complaint that it cannot resolve the hostname.
If the windows box and the Linux box are using the same DNS server, they
should both be able to resolve the same names. In the end, the only thing
that matters when looking up a name is what's in the DNS database on the DNS
server being queried. So go to a Windows box, open a terminal, and type
"ipconfig /all". Note the address of the DNS server. Then go to a linux
server and type "nslookup lancelot.ad.mydomain.com x.x.x.x" where x.x.x.x
is the IP address of the DNS server you got form ipconfig /all on the
Windows box. See if it can now resolve the name. If so, it means that the
linux box is using a different DNS server than the windows box (or some
other form of name resolution altogether, i.e HOSTS).
QUESTION: I want a script that will run on a Linux server and that when
given an IP address will return the computer name of the Windows client
that registered that IP dynamically with the Active Directory, if there
is one.
Windows hosts don't register themselves in Active Directory, they register
themselves in DNS - IF the DNS server is configured to accept that
registration. Just because the client is configured to register itself
doesn't mean the server is configured to allow it. Most Active Directories
host their own DNS, but it's not required. If the campus uses Linux for
DHCP, it wouldn't surprise me if they were also using Linux for DNS. BIND 9
can be configured to accept dynamic DNS registrations from clients, although
security is more difficult to configure because it lives outside the Active
Directory security model.
(The IP address of the local AD domain controller would be
built-in to the script.) In my running example, I would type something
like "computername 192.168.10.11" and get back "lancelot". What tool
that runs on Linux will enable me to direct a query of this nature
against an Active Directory domain controller?
nslookup will do just fine, but once again you're querying the DNS server
for the AD domain (which is probably a domain controller, but not
necessarily). You just need to specify the address of the DNS server you
want to query in your nslookup command. You really don't need a script
unless you're calling it from another application. In fact I have a native
linux program written in C that calls nslookup to resolve names.
Just a bit of history which may help clear this naming thing up for you. A
windows "computername" is a leftover from a time before Windows networks
used TCP/IP. NetBIOS was the protocol, and NetBEUI was the transport. This
was an entirely broadcast-based system where computers coming on line would
announce themselves to the network and in turn receive a "browse list" from
the "master browser". That's what showed up in "network neighborhood". It
only worked on non-routed networks. In fact, NetBIOS over NetBEUI is not
routable. When networks grew to the point that they needed to be routed,
NetBIOS was patched into TCP/IP so that it could cross routed boundaries.
Because broadcasts are contained inside routed boundaries, the old
broadcast-based announcement wouldn't work, so WINS was invented. Much like
DNS (though not heirarchical), the WINS server could be queried for the
NetBIOS name (computername) of the windows node, and the IP address was
returned. It cut down on broadcasts and allowed unicasts between subnets to
a common server for name resolution. Windows computers register themselves
in WINS when they start up. The "browse list" was then learned from the WINS
server so computers on both sides of the router were visible in "Network
Neighborhood".
With the growth of the Internet and the need for a heirarchical structure
in - by now very large - corporate networks, it made sense to use the name
resolution method designed specifically to service the IP addressing scheme
(that MS was already using along with TCP as an addressing and transport
protocol suite). So DNS was incorporated. Since most networks used (still
use) a combination of DNS and NetBIOS (people still rely on "My Network
Places - still NetBIOS based), it made it less confusing for users if the
NetBIOS name and the DNS name were the same. NetBIOS uses the computer name
and DNS uses the hostname. 99% of the time they are the same. The "fully
qualified" DNS name is the hostname + the DNS heirarchy. So lancelot's
computername is it's NetBIOS name, just "lancelot". Normally it's hostname
would be the same, and it' FQDN would be lancelot.ad.mydomain.com. Members
of the ad.mydomain.com domain will automatically have the DNS suffix added
on to the hostname when making DNS queries, so "nslookup lancelot" from a
member computer works just as well as "nslookup lancelot.ad.mydomain.com".
And Windows is usually configured to try WINS if DNS resolution is not
available and vice versa. But it does confuse things. Where did the name
resoluton come from? And then to make matters even more confusing, NetBIOS
names CAN be different from hostnames. In fact this is common when naming
active directory domains (which use the same structure as DNS, and use DNS
for resolution, but are independent from DNS itself). If an organization's
domain is "SuperOpticalServices.local", the NetBIOS name is likely to be
SOS, just so we lazy admins don't have to type the whole thing out. Anyway,
that's why there are so many short names, long names, resolution methods,
cross-referencing, etc in a Windows network. Linux networks are much simpler
with just DNS.
....kurt
