DNS serch suffixes

Posted on 2009-12-21
Medium Priority
Last Modified: 2013-11-25

I would like to knwo if this is possible to do, using windows server 2003.

I for instance want to have a list of domains


this would all be set up ion a single DNS server.

now supose a PC with the FQDN mine.pc.domin.com pings the printer dell.printer.domin.com

now if we use the FQDN it will work. but if I only use the host name of 2Dell" then unless I have the serch suffix printer.domin.com in y network settigns, in a group policy or from the DHCP options it would fail.

what I want is a way that the client does not need a list of the search suffixes, but the DNS server deals with it.

Ie the client sends a request for the host Dell. and the DNS server check through all its lookup zones for a match to it. Or indeed the DNS server holds the lists of suffixes and tries each one in turn.

It seems that this would create less netwrok traffic, and allow me to seperate out my DNS recourds.

This seperation would be usefuill in terms of securirty where we want to be able to limit different networks/users to be able to access different ares of the DNS scope.

Any ideas how to achive this
Question by:Aaron Street
LVL 10

Expert Comment

ID: 26100132
It doesn't matter how you set up the dns server, the pc will search thu its domain suffix list until it gets an answer it likes or is out of dns servers.

You could cross register the devices in each domain, or perhaps something with wins.
LVL 16

Author Comment

by:Aaron Street
ID: 26100328
i know the PC will do this,

but what I want to know is if you can get the DNS server to do the same thing.

so move the suffix search list from the PC to the DNS server.
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26101019
If you want ot only use hostname independent of DNS-suffix, either configure DNS suffix search list on the clients to match all possibly DNS suffixes in the domain or implement WINS.
If configuring DNS-zone to be WINS-integrated (WINS-tab on DNS-zone), DNS server will forward unresolved queries for the requested DNS suffix to the WINS server and reply to the client with the requested FQDN if host was found in WINS.
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

LVL 16

Author Comment

by:Aaron Street
ID: 26178907
does any one know how to set up NXT or DNAME recourds in DNS?

i thought i could put in an NXT recourd that was something like

domian.co.uk  to print.domian.co.uk

with the idea that if some one request the recourd


it will also be checks on the DNS server aginst


But this does not apear to happen? any ideas any one ?
LVL 33

Expert Comment

by:Dave Howe
ID: 26186347
sounds like a very specialized dns proxy - in practice, you would probably want it to return a cname to the true record, to avoid caching leaving legacy records for the "found" ones. you can append the true record as well, as a supplementary (permitted under dns protocol) if you want to avoid a second dns query.

most sites don't do this - its easier to push out the search suffixes using dhcp options or windows policy than to try and write a whole new sort of server from scratch, and dns traffic is such a tiny (and infrequent) part of the overall picture it isn't worth optimizing away.
LVL 16

Author Comment

by:Aaron Street
ID: 26190957
but this seems such a simple thig to want to be able to do.

in windows 2008 thre seems to be the DNAME recourd which does what i want.

I dont what to have to add all the search suffixes to the PC (As there will be a few of them)

Like I said we will have a number of sub domains. what I need to be able to do is be able to limit who can see what other domain recourds.

for instance say i have 4 domains


i want to be able to say that if a request come in from PC.C.co.uk for recourd pc2.a.co.uk

then i also want to check pc2.b.co.uk and pc2.c.co.uk  but NOT pc2.d.co.uk

if pc.C.co.uk requests the same recourd then check PC2.B.co.uk and PC2.D.co.uk

this would be simple if i could put Dname entrys in to the zones. this would keep the managemnt much simpler and eaiser to follow.
LVL 57

Accepted Solution

giltjr earned 2000 total points
ID: 26273787
NXT records are deprecated and have been resplaced by NSEC.

DNAME may work as it is the same as CNAME, but is done for a complete domain.

What I think you would do is:

domain1.com DNAME master.domain.com
domain2.com DNAME master.domain.com
domain2.com DNAME master.domain.com

host1.master.domain.com A
host2.master.domain.com A
host3.master.domain.com A

So, if somebody were to lookup host1.dommain1.com, it would point to host1.master.domain.com and resolve to
LVL 16

Author Comment

by:Aaron Street
ID: 26278484
So am I correct that Dname are only avalible in windows 2008. DNs server (I will have to use microsoft for DDNS i'm afraid as it is company policy).

Do you know if there is a simmelr function in 2003? My trouble is of course that the DNS servers are also the DC's so upgrading them to 2008 its not a 5 min job.

LVL 57

Expert Comment

ID: 26278553


Either there is a hot fix in Windows 2003 SP2 MS added some type of support for this.  You will  need to read it carefully, as it does not add real/full support for DNAME.
LVL 16

Author Closing Comment

by:Aaron Street
ID: 31668613
Cheers for that,

I think you answered my queries about dname and gave me some nice pointers how i can get this sorted out.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question