James Bannan07 November 2006, 6:48 AM
Microsoft has built a Dynamic DNS type system into Vista, making it easy to connect to your PC from anywhere in the world without having to know its IP address. However, there's a catch (isn't there always?)
Want to be able to access your machine anytime, anywhere? Can’t be bothered purchasing a domain name and configuring Dynamic DNS? Microsoft has a solution: the "Windows Internet Computer Name" -- a unique domain name for your computer.
There is one small catch though: you have to be using the next-generation networking protocol IPv6 which, although thoroughly integrated into Windows Vista, isn't supported by most home routers yet.
The Windows Internet Computer Name is an advancement on the Peer Name Resolution Protocol (PNRP), which is a name registration and resolution protocol initially developed for Windows XP.
Unlike traditional DNS, where domain name servers are used essentially to store a list of domain names and their corresponding numeric IP addresses, PNRP does all the domain name resolution peer-to-peer. Put another way, users of Windows Vista provide PNRP domain name resolution services for other Windows Vista users.
If you are still trying to wrap your head around how exactly this can work efficiently, rest assured you're not alone. However, a Wikipedia article on the topic makes it sound suitably clever (speed of the system is 'logarithmic to the size of the cloud', for example.)
On a basic level, here's how PNRP works: your PC has an IPv6 address -- a much longer string of numbers than the typical xxx.xxx.xxx.xxx IPv4 address. IPv6 addresses are, by design, accessible to everyone on the public internet, because there's a practically unlimited number of them available (unlike IPv4). You specify a name for your PC, and PNRP makes that available to other PCs on the internet, allowing them to connect directly to you.
Yep, you're going to need a very solid firewall to ensure your PC is kept secure when running PNRP.
There’s a full run-down on PRNP on Microsoft TechNet – click here.
 Vista's PNRP Services |
To get PNRP up and running on your Vista machine, you need to decide whether to use a secure or non-secure address. Non-secure addresses are easier to remember, but are easily spoofed. Secure addresses are well, secure actually, but are a nightmare to remember (in fact they’re impossible) as they are the product of 128-bit hash encryption. On the plus side, they won’t be spoofed.
Either way – first you need to open a command window with admin rights.
 Open a Command Window with admin rights |
If you haven’t disabled UAC like everyone else using Vista, go to Start, All Programs, Accessories, right-click Command Prompt and select “Run as Administrator”. Type in the following commands and press Enter after each one: netsh, p2p, pnrp, peer.
 PNRP Command Window |
If you want a non-secure address, now type in: set machinename name=”(peername)” publish=start autopublish=”enable”. (peername) is the name you want to use – Microsoft actually recommends using an email address without the dots or ampersand, to try and guarantee the uniqueness of the name. For example – jamesbannan@email.com would make a computer name of jamesbannanemailcom.
 Set PNRP machine name |
For a secure name, instead of the above line type in: set machinename publish=start autopublish=”enable”. So you’re just leaving out the manual naming bit. Vista will auto-generate the name.
To view the name you’ve just set, from the netsh/p2p/pnrp/peer command line, type in: show machinename. Press Enter.
 Show PNRP machine name |
Take a look in the Services list (Start, Run, services.msc) and you’ll see that the Peer Name Resolution Protocol, Peer Networking Identity Manager and PNRP Machine Name Publication services are up and running.
 PNRP Services - Enabled |
This machine is now accessible publicly by another other machine running IPv6. You can PING, FTP, serve web pages via IIS and set up Windows Meeting sessions through the Windows Internet Name, as well as any other sort of peer-to-peer application, like game servers.
 PING PNRP machine |
WICN and PNRP are certainly very cool services. At the moment though, it does place the onus of security solidly on the client system. IPv6 does have quite a bit of in-built security, certainly more than IPv4, but we need to see some secure and practical implementations of IPv6 in the home before recommending that you go out and enable it.
The product manager for PNRP at Microsoft, Noah Horton, has a good blog that explains more about it.