VPN refuse on netbios names

I was wondering if VPN server/service registers into DNS and WINS the authenticating host as the computer's netbios name or some entry name? To take that one further, if the vpn service doesn't register itself as the computer netbios name, then does the connection allow WINS to obtain the computer's name?

The whole point is that it appears that some DNS allow dns entries different than the netbios name. If a VPN login allows full networking protocol, which probably include nbns, then the computer logging in could register into the dns as one name and yet have a netbios name that is different. If that is true, can you block vpn authentication based on netbios name?

Can anyone tell me what document addresses this scenario?


Reply to
Loading thread data ...

Boy are you confoozed!

The answers depend on what type of VPN you are using and how is it set up - is it a site to site thru 2 vpn appliances? if so, none of the questions you ask really apply, since it;s the PC and not the VPN that registers with DNS and /or WINS.

if you are using VPN software on a PC to make the VPN connection, the answer to most of what you ask is "it depends on how the VPN client was designed"

ANY dns will allow a machine to regster an different name than the netbios name used by the device. WINS and DNS are independent of one another. MS clients will register the hostname the same on each, but that is the clients doing.

Reply to
T. Sean Weintz

So the vpn software loaded onto my computer that we use allows me to browse MS network at work. So does that necessarily mean that the computer I am using is registering it's netbios name with WINS. Or is there another method for a non-native AD network to browse.

My concern is that I saw a problem where the netbios name from a vpn user registered with WINS. Then because MS IP stack has a sequence of resolving resource, you know host file, dns,etc -like any IP stack design would, that MS IP stack includes WINS as an option, a WINS name was resolved. Now as you'd expect anyone using a typical network utility like ping and ms tracert would not expect to get a responce from a WINS entry. But they did. And when you look into the fine print of their IP stack, it's adaptable. So if DNS isn't 100% reliable, it might decide WINS is first choice then DNS. So what if a vpn user's computer is using a host name same as an internal non-netbios registered name, say the dns name for your oracle database on Solaris, then that client could register into WINS.

A lot of iffs, but when t1 lines get soggy, you'd like to be 100% sure on how your network is working.

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.