You're are correct about the LMHOSTS file on each client, unless you
consider the fact that you can quite easily use a centralized LMHOSTS file
used as an "include" in the client machines LMHOSTS file. This way you only
manage one LMHOSTS file located on a server somewhere.
I personally have not tried using round robin DNS for this particular
solution, and the MS docs don't say anything about it either. I guess it's
merely a function of how the client goes about resolving the proxy server
name or group name. If it's an TCP/IP based DNS lookup great, on the other
hand, if it's a NetBIOS name lookup, it won't work without WINS -- in which
case you're better off just letting WINS handle it. I suspect that its a
NetBIOS lookup -- but am not certain at this point. If you find out, post
it to the list please.
Personally, I think WINS is the way to go with this solution if your
network runs a WINS server.
Mark Joseph Edwards (mark @
Netropolis Technology Group - NTg
From: Bob Beck <beck @
To: Mark Joseph Edwards <mark @
Cc: Firewalls @
Subject: Re: Microsoft Proxy 1.0/ Firewall-1
Date: Tuesday, November 19, 1996 2:30 PM
Not really a function of MS proxy, but rather a function of
WINS. The problem with the method below is that it only works in the
land of the one True Faith, and leaves you with the specification of
the proxies in the LMHOSTS file on each client.
You can do the same thing with a "round robin" DNS setup that
round robins the IP addresses returned for the name lookups. This also
means your list of proxies is managed on your (internal) DNS, so
changing it doesn't mean changing all the clients. If Microsoft Proxy
will use the DNS (as opposed to WINS only) for name lookups then this
method should work with it too.
I've heard of several products (IBM LoadLeveler is one) that will
try to allocate based on load. I've not used them, or seen them in a
firewall environment trying to balance load on a proxy server. Anyone
played with LoadLeveler or anything like it in a firewall environment?
> Microsoft's Proxy Server can in fact practice some level of load
> It's accomplished by using either LMHOSTS or WINS. Your choice. Each
> is slightly different.
> In LMOHSTS, you create a "group" token with a unique #DOM tag, and add
> proxy server to the group. Then on the clients, you use that group name
> the config. Example:
> 126.96.36.199 proxy1 #DOM:proxygate
> 188.8.131.52 proxy2 #DOM:proxygate
> 184.108.40.206 proxy3 #DOM:proxygate
> In WINS, you create a gateway with all the proxy server addresses, and
> that name in the client config.
> What happens is the MPS will use each gateway listed in round-robin
> Unfortunately I don't think there is a way of sending traffic to the
> loaded server as you asked. However these methods will offload major
> portions of traffic from any one server.
> Refer to the online HTML documentation that comes with the software for
> more info on this.
> I hope this helps.
> Mark Joseph Edwards (mark @
> Netropolis Technology Group - NTg
> netmeeting: phone.ntshop.net