DNS Suffix Problem

T

TonyB

We use DHCP to allocate the primary DNS suffix (domain name) to clients. The
clients then dynamically create the search list for our active directory
domain. Example search list;

child.parent.co.uk
parent.co.uk
co.uk

Is there any way to stop the clients adding the "co.uk" top level domain to
the search list??? This is causing DNS resolution problems as if the clients
fail to resolve internally, they will try to resolve at the top level domain
which we don't want. For example, if they try to resolve the host 'host1',
and host1 is not on the local network, they will try and resolve host1.co.uk
(which could be a valid domain).

If this could be done automatically (e.g. group policy) that would be
excellent. I don't fancy having to manually create the DNS search list on
hundreds of clients!

Thanks
 
K

Kevin D. Goodknecht Sr. [MVP]

TonyB said:
We use DHCP to allocate the primary DNS suffix (domain name) to
clients. The clients then dynamically create the search list for our
active directory domain. Example search list;

child.parent.co.uk
parent.co.uk
co.uk

Is there any way to stop the clients adding the "co.uk" top level
domain to the search list??? This is causing DNS resolution problems
as if the clients fail to resolve internally, they will try to
resolve at the top level domain which we don't want. For example, if
they try to resolve the host 'host1', and host1 is not on the local
network, they will try and resolve host1.co.uk (which could be a
valid domain).

If this could be done automatically (e.g. group policy) that would be
excellent. I don't fancy having to manually create the DNS search
list on hundreds of clients!

Thanks

Yes, there is a group policy that can disable this on XP and 2k3 clients.
Computer Configuration
-Administrative Templates
-Network
-DNS Client Primary DNS Suffix devolution (Disable)

This will totally disable the devolution, since you have a fourth level
domain name, there is a policy in the same template to create your own list.

Keep in mind, this policy won't work on Win2k, those machines must be
manually configured.
 
T

TonyB

Thanks for the info. I checked this out, and updated our default domain
policy with the settings, but I can say it's made no difference to my (XP)
client. Same DNS search list, same problem.

I enabled and configured the DNS Suffix Search List
I set the Primary DNS Suffix
I set Primary DNS Suffix Devolution to disabled
I set Register PTR records to enabled
I set Replace Addresses In Conflicts to enabled

The last two options seemed pretty useful in making sure our DNS is
accurate.

Any other ideas?
 
K

Kevin D. Goodknecht Sr. [MVP]

TonyB said:
Thanks for the info. I checked this out, and updated our default
domain policy with the settings, but I can say it's made no
difference to my (XP) client. Same DNS search list, same problem.

I enabled and configured the DNS Suffix Search List
I set the Primary DNS Suffix
I set Primary DNS Suffix Devolution to disabled
I set Register PTR records to enabled
I set Replace Addresses In Conflicts to enabled

The last two options seemed pretty useful in making sure our DNS is
accurate.

Any other ideas?

Did you force the machine to update its group policy?
Did you verify the policy is in effect on the machine?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top