• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 913
  • Last Modified:

DNS serch suffixes


I would like to knwo if this is possible to do, using windows server 2003.

I for instance want to have a list of domains


this would all be set up ion a single DNS server.

now supose a PC with the FQDN mine.pc.domin.com pings the printer dell.printer.domin.com

now if we use the FQDN it will work. but if I only use the host name of 2Dell" then unless I have the serch suffix printer.domin.com in y network settigns, in a group policy or from the DHCP options it would fail.

what I want is a way that the client does not need a list of the search suffixes, but the DNS server deals with it.

Ie the client sends a request for the host Dell. and the DNS server check through all its lookup zones for a match to it. Or indeed the DNS server holds the lists of suffixes and tries each one in turn.

It seems that this would create less netwrok traffic, and allow me to seperate out my DNS recourds.

This seperation would be usefuill in terms of securirty where we want to be able to limit different networks/users to be able to access different ares of the DNS scope.

Any ideas how to achive this
Aaron Street
Aaron Street
1 Solution
It doesn't matter how you set up the dns server, the pc will search thu its domain suffix list until it gets an answer it likes or is out of dns servers.

You could cross register the devices in each domain, or perhaps something with wins.
Aaron StreetInfrastructure ManagerAuthor Commented:
i know the PC will do this,

but what I want to know is if you can get the DNS server to do the same thing.

so move the suffix search list from the PC to the DNS server.
Henrik JohanssonSystems engineerCommented:
If you want ot only use hostname independent of DNS-suffix, either configure DNS suffix search list on the clients to match all possibly DNS suffixes in the domain or implement WINS.
If configuring DNS-zone to be WINS-integrated (WINS-tab on DNS-zone), DNS server will forward unresolved queries for the requested DNS suffix to the WINS server and reply to the client with the requested FQDN if host was found in WINS.
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

Aaron StreetInfrastructure ManagerAuthor Commented:
does any one know how to set up NXT or DNAME recourds in DNS?

i thought i could put in an NXT recourd that was something like

domian.co.uk  to print.domian.co.uk

with the idea that if some one request the recourd


it will also be checks on the DNS server aginst


But this does not apear to happen? any ideas any one ?
Dave HoweSoftware and Hardware EngineerCommented:
sounds like a very specialized dns proxy - in practice, you would probably want it to return a cname to the true record, to avoid caching leaving legacy records for the "found" ones. you can append the true record as well, as a supplementary (permitted under dns protocol) if you want to avoid a second dns query.

most sites don't do this - its easier to push out the search suffixes using dhcp options or windows policy than to try and write a whole new sort of server from scratch, and dns traffic is such a tiny (and infrequent) part of the overall picture it isn't worth optimizing away.
Aaron StreetInfrastructure ManagerAuthor Commented:
but this seems such a simple thig to want to be able to do.

in windows 2008 thre seems to be the DNAME recourd which does what i want.

I dont what to have to add all the search suffixes to the PC (As there will be a few of them)

Like I said we will have a number of sub domains. what I need to be able to do is be able to limit who can see what other domain recourds.

for instance say i have 4 domains


i want to be able to say that if a request come in from PC.C.co.uk for recourd pc2.a.co.uk

then i also want to check pc2.b.co.uk and pc2.c.co.uk  but NOT pc2.d.co.uk

if pc.C.co.uk requests the same recourd then check PC2.B.co.uk and PC2.D.co.uk

this would be simple if i could put Dname entrys in to the zones. this would keep the managemnt much simpler and eaiser to follow.
NXT records are deprecated and have been resplaced by NSEC.

DNAME may work as it is the same as CNAME, but is done for a complete domain.

What I think you would do is:

domain1.com DNAME master.domain.com
domain2.com DNAME master.domain.com
domain2.com DNAME master.domain.com

host1.master.domain.com A
host2.master.domain.com A
host3.master.domain.com A

So, if somebody were to lookup host1.dommain1.com, it would point to host1.master.domain.com and resolve to
Aaron StreetInfrastructure ManagerAuthor Commented:
So am I correct that Dname are only avalible in windows 2008. DNs server (I will have to use microsoft for DDNS i'm afraid as it is company policy).

Do you know if there is a simmelr function in 2003? My trouble is of course that the DNS servers are also the DC's so upgrading them to 2008 its not a 5 min job.



Either there is a hot fix in Windows 2003 SP2 MS added some type of support for this.  You will  need to read it carefully, as it does not add real/full support for DNAME.
Aaron StreetInfrastructure ManagerAuthor Commented:
Cheers for that,

I think you answered my queries about dname and gave me some nice pointers how i can get this sorted out.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now