[German]Microsoft plans to phase out support for the NetBIOS and LLMNR network protocols used for multicast name resolution in Windows in the future. Currently, this is already being tested in the last Windows Dev and Beta Insider builds. At a later point in time, the complete support in Windows should be dropped.
Advertising
The days I had already reported in the article Windows 11 Home: SMB1 will be disabled and removed in the future about Microsoft's plans to slowly phase out support for SMB1 (Server Message Block 1) under Windows. Security reasons have prompted Microsoft to take this step.
But the NetBIOS and LLMNR network protocols used for multicast name resolution, which are supported in Windows for historical reasons, also pose security risks. On the other hand, NetBIOS name resolution and LLMNR are hardly used today because mDNS is now used to detect multicast names. Currently, NetBIOS name resolution and LLMNR only act as a fallback solution in case mDNS does not work for multicast name detection.
Microsoft has published the Techcommunity post Aligning on mDNS: ramping down NetBIOS name resolution and LLMNR with more information about it – above tweet points out the facts.
NetBIOS and LLMNR will disappear
In the Techcommunity post, Microsoft states that NetBIOS name resolution on mobile interfaces has already been turned off by default for some time. The background is that NetBIOS should never be applied there. Now Redmond goes one step further.
Advertising
In the latest Windows Dev and Beta Insider builds, NetBIOS name resolution has been put into "learning mode". This means NetBIOS is now only used as a fallback in case mDNS and LLMNR queries fail. This means that devices will typically no longer use NetBIOS name resolution unless it is manually re-enabled, since mDNS responds first in most cases.
Intervention in case of connection problems
If the above Windows builds experience connection problems on the network, administrators can restore the previous NetBIOS name resolution functionality. To do this, a "Configure NetBIOS Settings" group policy is available that can be toggled between "Allow" or "Learn" modes. This group policy can be found at:
Computer Configuration -> Administrative Templates -> Network -> DNS Client
Alternatively, the behavior can be adjusted directly via a registry entry in the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
To do this, create a REG_DWORD named EnableNetbios and set it to one of the following values:
- 0 = Disabled
- 1 = Allowed
- 2 = Disabled on public networks
- 3 = Learning mode (the current default in Insider builds)
Note that these changes require administrative permissions.
Next steps
Currently, the default LLMNR behavior in Windows has not been changed. This is expected to come sometime in the next step, when mDNS is supported as the only multicast name resolution protocol enabled by default in Windows. Microsoft is making this dependent on the phase that is now underway.
Depending on how this first phase goes (so far the data suggests it is going well), these protocols will be disabled by default in all cases in the future. However, Microsoft states that this case of deactivation will follow a careful process that is open to feedback.
