Managing DNS Suffixes Problem

You want to add, modify, or delete the DNS domain name suffixes that are used by a Windows Server 2003 computer, also referred to as the domain suffix search order. The domain name suffix order helps Windows resolve an "unqualified" name; that is, a computer name that does not have a domain name appended to it.

Solution

Using a Graphical User Interface

1. Open the Network Connections applet.

2. Double-click on the Local Area Connection icon.

3. Click on Internet Protocol (TCP/IP), and select Properties.

4. Verify that the radio button next to Use the Following IP Address is selected, and that the IP address, subnet mask, and default gateway are configured.

5. Click on Advanced and select the DNS tab. By default, the Append Primary and Connection Specific DNS Suffixes radio box will be selected, and there will be a check mark next to Append Parent Suffixes of the Primary DNS Suffix. To change this default behavior, select the radio button next to Append These DNS Suffixes (in Order).

6. To add a new DNS suffix, click the Add button. Use the Edit button to modify an existing DNS suffix, or the Remove button to delete a DNS suffix from the manually created suffix list.

7. To specify the DNS suffix for this network connection, enter the appropriate DNS suffix in the DNS Suffix for This Connection text box.

8. Click OK when you've made your changes. Using Group Policy

Tables 1-1, 1-2, and 1-3 contain the Group Policy settings that control the behavior of the DNS server search order.

Table 1-1. Setting the Primary DNS Suffix

Path Computer ConfigurationXAdministrative Templates\Network\DNS Client

Policy name Primary DNS Suffix Value DNS domain name

Table 1-2. Creating the DNS Suffix Search Order

Path

Computer ConfigurationXAdministrative

Templates\Network\DNS Client

Policy Name

DNS Suffix Search List

Value

One or more DNS domain names

Table 1-3. Controlling DNS Suffix Devolution

Path

Computer ConfigurationXAdministrative

Templates\Network\DNS Client

Policy Name

Primary DNS Suffix Devolution

Value

Enabled or Disabled

To manually configure the DNS suffix search order, configure the following Registry value. Add the DNS domain names in the order that they should appear in the search list:

[HKey_Local_Machine\System\CurrentControlSet\Services\Tcpip\Parameters\] "SearchList" = REG_SZ:"<DomainName>","<DomainName>","<DomainName>"

Note In this case, multiple entries are separated by commas instead of spaces.

To configure the DNS suffix search order to use the Windows default, set the previous Registry entry to a blank value.

To configure the connection-specific DNS suffix, configure the following Registry value:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ Tcpip\Parameters\Interfaces\{<Interface GUID>}\] "Domain" = REG_SZ: "<DNS suffix>"

To prevent the computer from performing primary DNS suffix devolution in a name resolution process, configure the following Registry value:

HKEY_LOCAL_MACHINE\System\CurentControlSet\Services\Tcpip\Parameters\ "UseDomainNameDevolution" = REG_DWORD: 0

Using VBScript

This code will change the DNS suffix search order to mycompany.com followed by east. mycompany.com. Simply modify the arrNewDNSSuffixOrder array with the appropriate DNS domain name values for your environment.

strComputer = "."

arrNewDNSSuffixOrder = Array("mycompany.com", "east.mycompany.com") ' --------- END CONFIGURATION ------

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set nics = objWMIService.ExecQuery _ ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")

Set Network = objWMIService.Get("Win32_NetworkAdapterConfiguration")

' now set the new DNS suffix search order SetSuffixes = _ Network.SetDNSSuffixSearchOrder(arrNewDNSSuffixOrder)

If SetSuffixes = 0 Then

WScript.Echo "Success! Replaced DNS ElseIf SetSuffixes = 1 Then

WScript.Echo "Success! Replaced DNS Else

WScript.Echo "Error! Unable to replace DNS domain suffix search order list." End If domain suffix search order."

domain suffix search order - pls. reboot."

How It Works

A fully qualified domain name (FQDN) consists of a host name, followed by domain names up to and including the top-level domain name (TLD). For example, a computer with the hostname of computerl located in the east.mycompany.com domain would have a FQDN of computerl. east.mycompany.com. The domain name suffix refers to the domain name that is appended to the hostname in order to create the FQDN. A Windows computer can have two possible domain name suffixes appended to it:

• The primary DNS suffix, which applies to all NICs configured on the computer.

• The connection-specific suffix, which only applies to one particular NIC. For example, a computer might have two NICs attached to two separate LANs and have a different connection-specific DNS suffix for each.

By contrast, an unqualified host name consists only of the hostname without any domain names appended to it. (This would be computerl in the previous example.) When presented with an unqualified hostname, Windows Server 2003 will append any configured DNS suffixes to the unqualified name in an attempt to resolve the name. If a Windows Server 2003 computer is presented with an unqualified hostname to resolve, by default it will append the following DNS suffixes in this order in an attempt to resolve the name:

1. The primary DNS suffix.

2. Any connection-specific DNS suffix that is present.

3. The paren t suffixes of the primary DNS suffix. This means that if the primary domain suffix is east.mycompany.com, DNS will try to append both east.mycompany.com as well as mycompany.com in an attempt to resolve the name.

You can modify this default behavior so that Windows will only append the DNS suffixes that you specify when attempting to resolve an unqualified name, using any of the methods specified in this section.

Using a Command-Line Interface

Unfortunately, there is no netsh option available for specifying the DNS suffix search order.

See Also

• Microsoft TechNet: "DNS Tools and Settings" (http://www.microsoft.com/ technet/prodtechnol/windowsserver2003/library/TechRef/ 099d4l68-4ac1-441d-8lb7-0f3f4909fbd4.mspx)

• Windows IT Pro, "Using VBScript Arrays in Scripts" (http://www.windowsitpro. com/ Article/ArticleID/5628/5628.html)

Was this article helpful?

+1 -1

Responses

Post a comment