DNS devolution

G

Guest

I have a question in regards to DNS using the 'Append parent suffixes of the
primary DNS suffix'.
Example:
Windows 2000 domain (corp.123.net.au)
External DNS is 123.net.au
Internal zone is corp.123.net.au
Forwarders set to external DNS
Clients have 'Append parent suffixes of the primary DNS suffix' set by
default.

Client tries to lookup workstation1
corp.123.net.au is appended first (not found), 123.net.au is then appended
(still not found), it then appends .net.au which is then forwarded off to a
root zone. Not good business.

Is there a way to stop this on the DNS server or do you have to modify each
client and set the search list which turns this option off on the client?
 
K

Kevin D. Goodknecht Sr. [MVP]

Read inline please.
In
Paul Cook said:
I have a question in regards to DNS using the 'Append parent suffixes
of the primary DNS suffix'.
Example:
Windows 2000 domain (corp.123.net.au)
External DNS is 123.net.au
Internal zone is corp.123.net.au
Forwarders set to external DNS
Clients have 'Append parent suffixes of the primary DNS suffix' set by
default.

Client tries to lookup workstation1
corp.123.net.au is appended first (not found), 123.net.au is then
appended (still not found), it then appends .net.au which is then
forwarded off to a root zone. Not good business.

Is there a way to stop this on the DNS server or do you have to
modify each client and set the search list which turns this option
off on the client?

There is a Group Policy you can apply to XP and later clients to stop DNS
Suffix devolution.
Or you can also apply a custom DNS suffix search list that does not include
the parent suffixes.

Both are found here:
Computer Configuration
-Administrative templates
-Network
-DNS Client


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
G

Guest

Thanks for the reply Kevin.

We have not implemented Group Policies as yet (it is on the cards) and there
are a mix of WinNT through to Win2k3 servers, so the the group policies will
be set for all new servers. Thought I might be scripting an update to all
machines.

Just in case anyone else needs to script this:
Registry key to update is:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
Just add a comma delimited list for Win2k and up and a space delimited list
for WinNT. You just need to determine if the machine is WinNT really.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top