Netbios relies on domain master browsers, master browsers, backup browsers
and a lot of broadcasting. Apart from the high packet volume generated by a
netbios environment, providing netbios name resolution presents a security
risk since any system found as reachable but not accessible presents a
target end point that can and would be attacked.
This is specially critical on an operating system that is shared-level, like
non-nt based OSs. Crack the client, gain access to a network via netbios
redirector. Even with nt-based OSs, an account that doesn't lockout is
obviously the admin account, the perfect target. The hacker turns on the
dictionary based hacking tool and goes to sleep(knowing full well that the
admin can't audit/track a protocol that isn't routable).
In a pure dns environment, you only see what you can provide an existing
name for. And even then, you aren't dealing with a socket port 139 that
says: "please hack me, i'm here and willing to serve".
Besides, it just wouldn't make sense to use netbios since it doesn't support
domain hierarchys or fqdn, won't cross most routers, can't cross any
internet router, and makes poor use of the network hardware.
