CitectSCADA v7.0 and above now uses native TCP/IP protocols. Name resolution on TCP/IP networks occur via DNS (Domain Name System). Windows, however, also supports the legacy NETBIOS methods over TCP/IP, but these have been deprecated for the newer versions of Windows, starting with Windows Vista and Server 2008.

For full details refer to http://technet.microsoft.com/en-us/library/bb727005.aspx

Summarising the article, initial name resolution on Microsoft Windows systems begins with DNS. The first things DNS clients do is compare the requested host name with the current system’s host name. If the names match, the query completes.

Failing that, the next place DNS clients look are in their local name cache. The local name cache contains the results from any previous name queries, and is prefilled with the contents of a HOSTS file. For Windows, the HOSTS file is typically in the Windows\System32\Drivers\Etc folder. The HOSTS file is monitored so any changes made to file will immediately update the local name cache [1].

When a name is not found in the local name cache, it then tries to resolve it by querying a DNS server. If the name resolves to an IP Address, it is copied into the local name cache, and the query completes. If the DNS query fails, then Windows will then try to use NETBIOS.

NETBIOS name resolution, or more specifically, NETBIOS-over-TCP/IP is similar to DNS. It has its equivalent of the local name cache file (LMHOSTS) and a Name Server (WINS). But in addition to this, it has the ability to discover the IP Addresses via broadcasting. That is, without any name servers, broadcasting can be used to find other NETBIOS hosts. NETBIOS is extremely inefficient. But in small networks, typically less than 50 devices (note the use of the word ‘devices’), it seems to work OK.

If none of the above methods are successful, then the name query fails. The main takeaway here is that you do not want name resolutions to fail, as each failure incorporates a time penalty.

If you do not have your own (private) DNS server which keeps track of all of your SCADA system’s host names, then you should be using HOSTS files. You cannot use a public DNS Server (such as Google) unless all of your SCADA systems are publically accessible. That is, anyone on the Internet can directly access them, which is not advisable, as SCADA networks are typically not hardened enough to cope with the malicious behaviours rampant on the Internet.

From a performance perspective, using HOSTS files in preference to a DNS server would be questionable. There may be some performance gains, but typically the additional burden of maintaining and deploying HOSTS files to each of the computers in the SCADA network, every time you change, is just not worth the trouble.

[1] Be aware that a number of Malware tools will use the HOSTS file for its own purposes, so editing the file may not be easy in those circumstances.