Change resolve order so Nautilus can browse local network when ISP uses DNS redirection

Bug #389909 reported by Martin G Miller on 2009-06-20
52
This bug affects 7 people
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
Undecided
Unassigned
samba (Ubuntu)
Wishlist
Unassigned

Bug Description

This has affected 8.04.1 and .2 and 8.10 and 9.04. I have over 12 machines spread over 3 separate networks in 3 different towns that all have the same problem. From the day their ISP started using DNS redirection, the ability to click on Places > Network and browse the local network has essentially been unusable. It takes over a minute and a half to just display the gui and then it fails to display the network properly, if at all. Network places that are displayed often return error messages if clicked on. Sometimes running the Network browse gui several times in a row returns normal function, sometimes it does not.

The fix is very simple.
Edit /etc/samba/smb.conf
Change the resolve order and remove the leading semicolon. Log off and back on and network browsing returns to normal. I have yet to find any negative affects from this change and it seems trivial to have it done by default.

change this:
# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast

to this:
# What naming service and in what order should we use to resolve host names
# to IP addresses
    name resolve order = lmhosts wins bcast host

Notice that host has been moved from 2nd place to 4th place.

affects: nautilus (Ubuntu) → samba (Ubuntu)
Vish (vish) wrote :

Thank you for bringing this bug to our attention. Unfortunately a paper cut should be a small usability issue that affects many people and is quick and easy to fix. I'm afraid this bug can't be addressed as part of this project.

Though the fix is simple. This is Bug does not affect the majority of users.[ single desktop users ] hence not a papercut.

A paper cut is a minor usability annoyance that an average user would encounter on his/her first day of using a new installation of Ubuntu 9.10.

For further info about papercuts criteria , pls read > https://wiki.ubuntu.com/PaperCut

Don't worry though, This bug has been marked as "invalid" ONLY in the papercuts project.
The Bug is still active in Samba.

Changed in hundredpapercuts:
status: New → Invalid
Thierry Carrez (ttx) wrote :

I acknowledge this is an issue but it's a difficult decision. Putting "bcast" before "host" by default slows down SMB host resolution for everyone, in order to make it usable for those using broken ad-crippled DNS...
On the other hand, this is generating a constant flow of Nautilus/samba bugs.

Changed in samba (Ubuntu):
status: New → Confirmed
Martin G Miller (mgmiller) wrote :

Is there any way to detect that DNS redirection is taking place other than the long delay in getting the gui to display? Or, you could just use a time-out that after a certain amount of time or a failure to detect the network correctly a suggestion pops up that DNS redirection is/may be taking place and offers to make the change to smb.conf. This way, you can leave the default as it is, but can make the change "on the fly" for those who are affected by it.

Your comment that changing the order slows down SMB host resolution confuses me a bit, because, once I make the change to smb.conf, the network browse gui pops up in under 1-2 seconds and browsing the network seems no more than about 1 second per click. It feels about the same as browsing the local network in Windows XP SP2 on the same network.

Admittedly, my networks are very small, so perhaps on a network with dozens or hundreds of machines, the resolve order makes a difference, but in my case with only 6 machines or so, it seems to have no negative affects at all.

The other question is what are Windows XP and KDE network browsing doing differently than Gnome? Windows XP and KDE are not affected by this issue at all. Until I figured out the order change, I used smb4k without any problems.

On Wed, Jul 01, 2009 at 03:50:16PM -0000, Martin G Miller wrote:
> Admittedly, my networks are very small, so perhaps on a network with
> dozens or hundreds of machines, the resolve order makes a difference,
> but in my case with only 6 machines or so, it seems to have no negative
> affects at all.

Exactly. This is why in corporate networks a WINS server is used in
order to avoid too much network traffic.

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

Given a way to detect broken DNS at package install time, it might be reasonable to set name resolve order to broadcast first
at that point, if such brokenness is detected. A comment line indicating that resolve order was set like this because DNS brokenness was detected at date/time could also be added to smb.conf.

While this wouldn't solve the issue for people who install SAMBA and then later deliberately break their own DNS, it should catch a reasonable fraction of cases.

Opinion: It's probably not politically feasible, but if Ubuntu checked for DNS brokenness at boot, and displayed a scary warning to contact your ISP and ask them to disable DNS redirection, over time we might see fewer ISPs do it, because they'd see increased costs in terms of the number of support calls? ;)

Thierry Carrez (ttx) wrote :

> The other question is what are Windows XP and KDE network browsing doing differently than
> Gnome? Windows XP and KDE are not affected by this issue at all. Until I figured out the order
> change, I used smb4k without any problems
When you access \\NAME on a non-AD, non-WINS-enabled Windows, it's NetBIOS resolution that is used:
http://technet.microsoft.com/en-us/library/bb727013.aspx#EFAA
Name resolution order in this case is broadcast, followed by DNS.
KDE/smb4k also use broadcast and bypass settings from "name resolve order".

> Your comment that changing the order slows down SMB host resolution confuses me a bit
If the host you're trying to reach doesn't live on the local subnet and you need DNS to get the right address, you'll have to wait for the broadcast to timeout before attempting the DNS query. So if you take a company with separate LANs and AD deployed, changing the default order will delay all share requests (and make useless noise on the LAN).

I am not sure the suggestion to detect broken DNS at package install time would solve this... since we had our share of samba "regression" bugs filed by people when their ISP suddenly changed its revenue model.

summary: - Nautilus can't browse local network if ISP uses DNS redirection
+ Change resolve order so Nautilus can browse local network when ISP uses
+ DNS redirection
Changed in samba (Ubuntu):
importance: Undecided → Wishlist
Martin G Miller (mgmiller) wrote :

>KDE/smb4k also use broadcast and bypass settings from "name resolve order".
So you are saying that trying to browse a network with seperate LANs and AD deployed using KDE would also be slower than trying to browse the same network with Gnome?

If that is true, then given the current state of DNS redirection by ISPs, Gnome is optimized for large company networking by default. This is creating problems for new users who are using simple home networking. This includes many small companies like my own that are on simple networks as well.

How about asking either at install time or the first time the network browse gui is used, if the machine is part of a large corporate network with seperate LANs and AD or if it is just part of a simple, typical home network? The resolve order can then be set appropriately. If you want to get really slick about it, there can be a button ("Network Configuration") in the network browse gui that allows you to switch between the 2 options.

The following is a true new user experience that I was involved with:
After his 3rd virus attack that cost him a weeks downtime and over $5000 to fix, I talked a colleague into changing his office machines (a total of 6 workstations) over to Ubuntu. As in my own case, his file server has to remain on Windows because of proprietary business applications. He uses a professional IT person to keep his network healthy. His expertise is primarily Windows, but he is also a Unix Admin. Shortly after doing the install he was having a lot of problems with network browsing and found that even sharing a printer connected to one of the Ubuntu workstations was totally unreliable. He added a desktop icon to restart samba, which he suggested the owner keep pushing over and over until the network finally responds. This kept happening several times a day. Everyone involved decided Ubuntu was creating usability problems and they were considering switching back. Once I told his IT guy about the resolve order change, all problems vanished. Had I not fixed this problem, there would have been another small company and IT person spreading the word that Ubuntu is "not stable, not ready, etc."

Thierry Carrez (ttx) wrote :

> So you are saying that trying to browse a network with seperate LANs and AD deployed
> using KDE would also be slower than trying to browse the same network with Gnome?

Not exactly, what I'm saying is that on *every* network that has a correct DNS setup, this change will result in a small performance hit and/or useless network noise. This is not a question of "large company networking". Everyone can setup dnsmasq for local name resolution and get rid of that annoyance. I just feel slightly uncomfortable impacting those who do it well to cater for protocol-breaking DNS providers. But it might be an acceptable trade-off... I just wait for others to give their opinion.

This impacts networks with more than one SMB host that do not have local DNS setup, and that happen to use OpenDNS or some other broken DNS as upstream DNS. With more and more small NAS/video boxes in home networks, and more and more ISPs switching to that dubious revenue model, this becomes a common occurrence.

Thierry Carrez wrote:
> Not exactly, what I'm saying is that on *every* network that has a
> correct DNS setup, this change will result in a small performance hit
> and/or useless network noise. This is not a question of "large company
> networking". Everyone can setup dnsmasq for local name resolution and
> get rid of that annoyance. I just feel slightly uncomfortable impacting
> those who do it well to cater for protocol-breaking DNS providers. But
> it might be an acceptable trade-off... I just wait for others to give
> their opinion.

I would tend to think that the type of people who run proper DNS
infrastructure should be able to handle changing the resolve order of
Samba, while those who don't (ie, home users) would not. In fact, the
solution to this problem is downright cryptic for people that are not
technically inclined.

As such, in the interest of making thing work out of the box for home
network users, I would change the default resolve order. It should
actually be made a debconf question with priority medium.

It is one of these cases where there is no sensible default for all
scenario. It boil to which use-case we should accommodate by default.

Also, to help us make an enlightened decision, it would be interesting
to know the default behavior of Windows.

Thierry Carrez (ttx) wrote :

IIUC Windows "default behavior" depends on whether the machine is joined to a domain. In a domain it will preferably resolve using DNS (theorically AD one), while outside a domain it will broadcast first.

That is what I would guessed too, and I think it would be a good default behavior. I know some people have very strong opinion on this issue. Should it be discussed at a Server team meeting, or even as a session in the next UDS? That way, we could get opinion from all stakeholders and formulate a coherent policy on the subject.

It would also be interesting to know what is the default behavior in Samba 4.

Michael DePaulo (mikedep333) wrote :

Just thought I'd point out that wikipedia has a section on this practice by ISPs.
http://en.wikipedia.org/wiki/DNS_hijacking#Use_by_ISPs

Also, my preferred workaround, either for individual machines by themselves, or for entire networks, is to use a real public DNS service. The only one I know of is Google Public DNS.
http://code.google.com/speed/public-dns/

Martin G Miller (mgmiller) wrote :

As the original poster of this thread, I thought I would add another 2 cents. I discovered my ISP (Cablevision in New York), offers the ability to "opt out" of DNS redirection. This is not widely disseminated knowledge and it is almost impossible to find unless you know it exists.

I changed my status to "opted-out" for DNS rerdirection both on my home and office networks and I have had no further problems in any new installs of 9.04, 9.10 or 10.04 beta that I have tried on either network.

As far as I can tell, this problem still remains and the only viable fixes are to use one of the following techinques:

1) Change the resolve order in /etc/samba/smb.conf
2) Use a public DNS server like Google as mentioned in #12 above
3) If your ISP allows, opt out of DNS redirection.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers