NetBIOS Name Service Messages

NetBIOS name service messages share a common structure. NetBIOS name service messages consist of the following:

• Name Service header. Fixed length (12 bytes long), containing information about the type of name service message and the numbers of the other records in the message.

• Question entries. Variable length for NetBIOS Name Registration, Refresh, or Release messages. This portion of the message contains the NetBIOS name being acted on by the message.

• Answer RRs. Variable length, containing resource records (RRs) returned in response to a question entry.

• Authority RRs. Variable length, containing RRs used to indicate the authority for the question being asked. These are not used by the WINS Server service in Windows Server 2008.

• Additional RRs. Variable length, containing other RRs that are not an answer to a question entry. This is almost the same structure as Domain Name System (DNS) Name Query Request and Response messages.

• Transaction ID. A 2-byte field that is used to identify a specific NetBIOS name service transaction. The sender of the request message creates the transaction ID and the responder copies it into the response message. This allows the WINS client to match the responses that it received from a WINS server with their requests. Each separate NetBIOS name service transaction has a different transaction ID. For example, if a WINS client is registering multiple names, each Name Registration Request message has a different transaction ID.

• Flags. A 2-byte field containing flags.

• Question Entry Count. A 2-byte field indicating the number of entries in the Question Entries section of the message. The sender of a request message always sets this value to 1 or more, although typically it is set at 1. The responder always sets this field to 0.

• Answer RR Count. A 2-byte field indicating the number of RRs in the Answer RRs section of the message. The sender of a request message sets this count to 0. The responder sets this to indicate the number of answers returned. This is typically 1 for unique NetBIOS name lookups and a larger number for Internet group name lookups.

• Authority RR Count. A 2-byte field indicating the number of RRs in the Authority RRs section of the message. Authority RRs are used for recursive NetBIOS name queries, which are not supported by the WINS Server service in Windows Server 2008. Therefore, this field is always set to 0 in NetBIOS name service messages to indicate that there are no authority RRs in the message.

• Additional RR Count. A 2-byte field indicating the number of RRs in the Additional RRs section of the NetBIOS name service message. These records are used when an RR needs to be included in any name service operation that is not a response to a name query request. For example, in a name release, an additional RR includes the name being released.


The fields within the Flags field are the following:
• Request/Response. A 1-bit field that is set to 0 for a request message or 1 for a response message.

• Operation Code. A 4-bit field that indicates the specific name service operation of the message. See Table 16-1 for a list of Operation Code values.

• Authoritative Answer. A 1-bit field that indicates, when set to 1 in a name query response, that the sender is authoritative for the NetBIOS name. For name service requests, this flag is always set to 0. For name service responses, the computer responding to the request sets it to 1 if it is authoritative for a NetBIOS name.

• Truncation. A 1-bit field that indicates, when set to 1 in a name query response, that the message was truncated because the original datagram containing the entire message exceeded 576 bytes. Similar to DNS truncation, RFC 1001 describes the use of TCP to obtain the original datagram. Windows Server 2008 and Windows Vista do not support
the use of TCP for NetBIOS name service messages. Therefore, the Truncation bit is always set to 0.

• Recursion Desired. A 1-bit field that indicates, when set to 1 in a name query request, that the query is recursive. When set to 0, the sender indicates an iterative query; the WINS server can return a list of other name servers that can be contacted to resolve the name. Windows Server 2008 and Windows Vista-based WINS clients set this flag to 1 for all name queries. If the flag is set to 1 in a name service message sent to a WINS server running Windows Server 2008, the WINS server sets it to 1 in the corresponding reply. Windows Server 2008 does not support iterative NetBIOS name queries.

• Recursion Available. A 1-bit field that indicates, when set to 1 in a name query response, that the WINS server can perform recursive queries. Set to 0 on all name request messages. The Windows Server 2008 WINS Server service sets this field to 1 in name service responses to indicate that it can perform recursive name query, name registration, and name release messages. If set to 0 in a response message, the client must iterate for name service queries and perform challenges for any name registrations.

• Reserved. A 2-bit field that is reserved and set to 0.

• Broadcast. A 1-bit field that indicates that the message is being sent as a broadcast (set to 1) or unicast (set to 0).

• Return Code. A 4-bit field that indicates the return code in a name query response. All name service requests set the value to 0. A return code of 0 in a name service response indicates a successful response (the answer is in the name query response message). A return code of 0 in name query responses means that the answer to the query is in the response message. A return code of 0 in name registrations means that the registration was successful.

Source of Information : Microsoft Press Windows Server 2008 TCP IP Protocols and Services