WindowsNetworking.com Newsletter of April 2008

WindowsNetworking.com Monthly Newsletter of September 2009 Sponsored by: SpamTitan

Welcome to the WindowsNetworking.com newsletter by Thomas W Shinder MD, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: tshinder@windowsnetworking.com

Download a free copy of SpamTitan anti-spam filter today–runs on VMWare and includes Kaspersky AV

SpamTitan is the best anti-spam filter for small and medium business on the market today. Its powerful and proven technology will greatly reduce the volume of spam, reduce the workload of mail servers and enhance the productivity of end users. Why not deploy SpamTitan using Vmware and benefit from the flexibility offered by virtualisation to build scalability, redundancy and back up into your email gateway. Available from $395.

Get your free copy today

1. WINS is Finally Dead with Windows Server 2008

Name resolution is critical on any network. Think about the times when name resolution systems on your network fell apart - was it a minor outage or did everything grind to a halt? If you ask me, I would say that it was most likely the latter. That is how important name resolution is.

If you have been in the Windows networking game for a while, you might remember when TCP/IP was not part of the client/server networking stack. Back then, we used NetBEUI and name resolution was done with network broadcasts. There were no name servers - if a host was outside of broadcast range, you could not reach it anyhow since NetBEUI was not a routable protocol.

Things have changed quite a bit since Windows adopted TCP/IP as the default client/server networking protocol. While there were a lot of implications in this change, one of most important ones was the fact that computers on different network segments could communicate with one another - meaning that broadcast name resolution was no longer going to work. For name resolution, we needed a better way.

Microsoft introduced WINS with Windows NT with the goal of enabling name resolution across routed networks. Clients and servers would be configured as WINS clients and send their name registration information to the WINS server. The WINS server then kept a database of these names and answered queries for names from WINS clients. If all this sounds similar to DNS, you are not too far off the mark.

The problem with WINS is actually in the details of NetBIOS name resolution, how name registration is performed, and the scalability of WINS databases. WINS is pretty good with a relatively small network at a single site, or even if there is only a single WAN link. But put it in a multiple site network with tens of thousands of clients and you will be living in a world of hurt.

For the last several years DNS has been the name resolution method of choice and WINS has been slowly fading into the background. However, many organizations still use WINS with static registrations to resolve common single label name entries on the network. Users are accustomed to a handful of single label names to reach file servers, web servers, FTP servers and other frequently used resources. IT has dealt with this situation by using WINS and static entries, since the IP addresses of these servers will rarely (never) change.

Microsoft is pushing you to retire WINS because IPv6 does not support it. I find that an interesting argument because I read a lot about organizations rethinking their IPv6 plans because they do not see any evidence that the benefits of a transition to IPv6 will outweigh the costs. However, as I mentioned earlier, there are other reasons why you might want to consider putting WINS to bed, especially if you are a large organization and have a number of sites you need to manage.

Microsoft is trying to solve the single label name resolution issue by using a new feature in DNS called DNS Global Names Zones. With this feature, when DNS servers receive a name resolution request, it will first check the Global Names Zone first. If the host name is not contained in the single label name zone (Global Names Zone), then it checks the zones for which it is authoritative to deliver an answer.

The reason why it is called a Global Names Zone instead of a single label names zone is because of how DNS works. Remember, with DNS, a FQDN has to be unique within the organization. However, the same host name can be used in multiple domains. In contrast, with single label names, you have to make sure that the single label name is used only once in the organization. The Global Names Zone also makes sure that no computer can register a name that is in the Global Names Zone - thus guaranteeing that the name remains unique within the organization.

Give it a try. You will need to use Windows Server 2008 R2, but the process of creating the Global Names Zone is easy and all you do is add the single label name host as a CNAME record in that zone. For more information on how to do this, check the following link out.

Thanks!
Tom
See you next month!
tshinder@windowsnetworking.com

For ISA or TMG firewall, as well as other Forefront Consulting Services and Microsoft virtualization technology consulting in the USA, call me at 206-443-1117 or visit Prowess Consulting web site.

Got a networking question that you can't find the answer to? Send a note to Dr. Tom at tshinder@windowsnetworking.com and he'll answer your question in next month's newsletter.

=======================
Quote of the Month - "Sometimes the appropriate response to reality is to go insane. - Philip K. Dick (1928 - 1982)
======================

2. ISA Server 2006 Migration Guide - Order Today!

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his illustrious team of ISA Firewall experts now present to you , ISA Server 2006 Migration Guide. This book leverages the over two years of experience Tom and his team of ISA Firewall experts have had with ISA 2006, from beta to RTM and all the versions and builds in between. They've logged literally 1000's of flight hours with ISA 2006 and they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with their no holds barred coverage of Microsoft's state of the art stateful packet and application layer inspection firewall..

Order your copy of ISA Server 2006 Migration Guide. You'll be glad you did.


   Click here to Order
   your copy today

Download a free copy of SpamTitan anti-spam filter today–runs on VMWare and includes Kaspersky AV

SpamTitan is the best anti-spam filter for small and medium business on the market today. Its powerful and proven technology will greatly reduce the volume of spam, reduce the workload of mail servers and enhance the productivity of end users. Why not deploy SpamTitan using Vmware and benefit from the flexibility offered by virtualisation to build scalability, redundancy and back up into your email gateway. Available from $395.

Get your free copy today

3. WindowsNetworking.com Articles of Interest

4. Administrator KB Tips of the Month

How Global Name Zones Work In Windows Server 2008

Microsoft has changed the functionality of DNS Server that ships with Windows Server 2008. DNS Server running on a Windows Server 2008 offers new functionality. One new feature is Global Name Zone or GNZ.
GNZ gives you the ability to move to a DNS-only environment by eliminating the need to have a WINS Server on the network for resolving single-label names.  

How does it work?

  • A user requests a resource by NETBIOS Name by adding the Domain Suffix and then send the request to the DNS Server.
  • If DNS Server hosts the GNZ, then the DNS Server will look in the GNZ first for the name and return the response to client as expected.
  • If name is not found in the GNZ, then the authoritative zone for the name is checked.

Note:
Unlike WINS the DNS Client must send a normal query (FQDN). If a DNS Client sends a query without the Domain Suffix, the DNS Server will not look into the GNZ for resolution. It will simply discard the request with negative response.

For more information, follow this link.

For more admin tips, check out the entire database over at WindowsNetworking.com.

5. Windows Networking Tip of the Month

Remember when you had to install a custom utility to open a command prompt to a directory you were at in Windows Explorer? With Windows 7, those days are gone!
Check this out. The figure below shows something like what you would get if you right clicked a folder in Windows Explorer.


Figure 1

Now try this - right click the folder while holding down the SHIFT key. Bam! You have two new options: Open in new process and Open command window here.


Figure 2

Download a free copy of SpamTitan anti-spam filter today–runs on VMWare and includes Kaspersky AV

SpamTitan is the best anti-spam filter for small and medium business on the market today. Its powerful and proven technology will greatly reduce the volume of spam, reduce the workload of mail servers and enhance the productivity of end users. Why not deploy SpamTitan using Vmware and benefit from the flexibility offered by virtualisation to build scalability, redundancy and back up into your email gateway. Available from $395.

Get your free copy today

6. WindowsNetworking Links of the Month

7. Ask Dr. Tom

QUESTION:

Hi Tom,

What is the deal with this new feature in Windows 7 called Aero Peek? My buddy was laughing at the feature, telling me that it is only useful if you find yourself missing your desktop wallpaper. I have a hard time understanding why Microsoft would put in a feature that sounds like it is not much in terms of practical use.

Appreciate you! - Jed.

ANSWER:

Hi Jed,

I asked my wife the same question, since I couldn't figure it out either. She showed me how when you have multiple windows open covering up your desktop gadgets, you can use Aero Peek to quickly see your clock, calendar, stock ticker, or whatever else you have a hankering to take a look at without having to move or minimize windows. It is actually pretty cool once you get the hang of it.

BTW - the Windows Key + SPACE does the same thing :)

QUESTION:

I heard about the Aero Peek feature and it's sort of cool. The problem is that I like to keep my hands off the mouse as much as possible and just use the keyboard. Is there a way to get the gadgets to appear by using a keyboard shortcut?
Thanks! - Larry.

ANSWER:

You bet! I am a big keyboard fan myself. With Windows 7 you can use the keyboard shortcut WinKey+G to bring up the gadgets. Pretty nice, eh? 

Got a question for Dr. Tom? Send it to tshinder@windowsnetworking.com.

Download a free copy of SpamTitan anti-spam filter today–runs on VMWare and includes Kaspersky AV

SpamTitan is the best anti-spam filter for small and medium business on the market today. Its powerful and proven technology will greatly reduce the volume of spam, reduce the workload of mail servers and enhance the productivity of end users. Why not deploy SpamTitan using Vmware and benefit from the flexibility offered by virtualisation to build scalability, redundancy and back up into your email gateway. Available from $395.

Get your free copy today