Options
DNS Suffixes
DB77
Member Posts: 19 ■□□□□□□□□□
OK So I am studying DNS suffixes on the client DNS settings from the MS Press booka nd had a few questions.
The first question is about connection specific DNS suffixes. The book uses the example that when other hosts query a host with dns connection specific suffixes they will connect to that host on a particular network link based on the dns suffix included in the query. I got that part. However if the host with the connection specific dns suffixes uses a single hostname tag to query am I to understand that what actually happens is that the host's primary dns suffix is appended first and then if not resolving goes through the connection specifix suffixes one by one until the hostname is resolved?
Second question has to do with dns suffix search lists. The MS press book is not clear but it seems that if you configure a DNS suffix search list then the host's primary dns suffix is not appended and only the suffixes in the search list get appended for the query? Is that correct? Also the book uses the example of an office network made up of two different AD domains, east.candpl.com and west.candpl.com. Both domains can currently communicate with each other when querying the fully qualified domain names but the questions is what can be done so that they can communicate with each other by using single hostname tags and the answer was to use group policy to setup dns suffix search list for the opposing domain. this does not seem to make sense to me because if you configure the hosts in the east domain with a suffix search list that includes the west domain then the primary dns suffix in the east domain never gets appended when east clients are querying other east clients because only suffix search list supercedes the primary dns suffix on the host. thus east hosts won't be able to resolve other east hosts. Is the solution to include the east's primary dns suffix to the search list or am i missing something?
The first question is about connection specific DNS suffixes. The book uses the example that when other hosts query a host with dns connection specific suffixes they will connect to that host on a particular network link based on the dns suffix included in the query. I got that part. However if the host with the connection specific dns suffixes uses a single hostname tag to query am I to understand that what actually happens is that the host's primary dns suffix is appended first and then if not resolving goes through the connection specifix suffixes one by one until the hostname is resolved?
Second question has to do with dns suffix search lists. The MS press book is not clear but it seems that if you configure a DNS suffix search list then the host's primary dns suffix is not appended and only the suffixes in the search list get appended for the query? Is that correct? Also the book uses the example of an office network made up of two different AD domains, east.candpl.com and west.candpl.com. Both domains can currently communicate with each other when querying the fully qualified domain names but the questions is what can be done so that they can communicate with each other by using single hostname tags and the answer was to use group policy to setup dns suffix search list for the opposing domain. this does not seem to make sense to me because if you configure the hosts in the east domain with a suffix search list that includes the west domain then the primary dns suffix in the east domain never gets appended when east clients are querying other east clients because only suffix search list supercedes the primary dns suffix on the host. thus east hosts won't be able to resolve other east hosts. Is the solution to include the east's primary dns suffix to the search list or am i missing something?
Comments
-
Optionscruwl
Member Posts: 341 ■■□□□□□□□□
I can't speak to exactly what the book says or means, but I can give you an example in our production here. We have as many as 10 if not more DNS search suffixes. And on our help desk making sure those are correct is part of our DNS/connectivity Trouble shooting. I can tell you that if the DNS search suffix doesnt include the hosts own DNSsuffix it can and does cause problems. Also the order in which those search suffixes are added is relevant.
-
OptionsDB77
Member Posts: 19 ■□□□□□□□□□
I labbed it out last night cruwl. If you don't add the host's primary DNS suffix to the search list the host will lose the ability to resolve others network hosts on the same DNS domain as it's own primary DNS suffix. The MS press book doesn't mention that. I guess it's part of reading between the lines. I also noticed that that if you're querying a hostname that matches a DNS suffix at the beginning of the list it seems to resolve quicker than if the matching suffix is lower on the list. Is that what you meant by the order of the suffixes is relevant?
-
Optionscruwl
Member Posts: 341 ■■□□□□□□□□
Yes thats what i ment. Say you have dnssuffix1.local dnssuffix2.com dnssuffix3.com. if the host in question is looking for host HOSTA. its going to go through the exact order: "dnssuffix1.local,dnssuffix2.com,dnssuffix3.com" you can re-arrange this order, so if hosts tend to look for other hosts in dnssuffix3.com more often then dnssuffix1.local you can arrange them like: "dnssuffix3.com,dnssuffix1.local,dnssuffix2.com". this will cause the host to append dnssuffix3.com first.
No i read the MSpress book, and i did pretty bad on my DNS section of the 70-640, so im reading another book: MCgraw hill MCTS configuring windows server 2008 AD study guide and just got to this section 5 minutes ago. This states in the globalNames Zone coverage: "When Clients request a single-label name resolution (single-label, meaning a name containing no domain portion of the FQDN), DNS Client software appends the primary DNS suffix and tries to locate the name in the same DNS zone where the client itself belongs. If this suffix is empty or the name could not be resolved, the client will try appending all search suffixes in order configured on the client."
The way i read this, is as long as the primary DNS suffix is set it should work with out adding the hosts own DNS suffix to the search order.... But my experiance is the same as your lab with out it in the search suffix it cannot find other hosts in the same DNS zone....