Advanced DNS configuration on client machines

Dholland64
Dholland64 used Ask the Experts™
on
I need to clear the "Append Parent suffixes of the primary DNS Suffix" check box in the Advanced TCP/IP properties on all client machines on a domain.
Is there a way to do this via DHCP scope options or a GPO?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Look in your GPO under Computer...Policies...Admin Templates...Network...DNS Client

There are a number of options here that should help you.

Author

Commented:
Not sure exactly how to configure this. Here is what is happening...

I'll start by saying I inherited this configuration
The AD domain is xxxx.xxxx.com. Coincidentally there is a public DNS record for xxxx.com , some server in Germany
Randomly client machines have name resolution errors, cannot connect to exchange and server shares. When you ping "servername" it resolves to the public IP
I think I need to configure the DNS devolution level, if I understand this correctly if I set the level to 1 it would accomplish what I need to happen. Correct?
Your client machines should have IPs of then local Dns servers on their Nics. So if your using dhcp don't add any external dns server to the dns options your hand out to the clients. The local dns server should have itself and any other local dns server on their Nics configuration. Then on the dns server mgmt tool you add a forwarder to your ISP dns server or a public server. So when the workstations try to resolve the name of a local server the dns servere inside will return the information it has for it. Does that make sense?
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Commented:
The fact that you AD domain name matches to another domain name out on the Internet can add some complexity.

DHCP Servers: Use the Internal IP of your domain DNS servers.  Also, you can set a DNS domain suffix to be blank or the fully qualified AD domain name.

DNS Servers: Do your users need to get to the public sites for the parent xxxx.com domain in Germany?  If not, you can create a matching zone and records on your DNS server, which will let you redirect that site just for your users.

Author

Commented:
amenezes0617, yes this makes perfect sense, and this is exactly how it is set up. DC one points to itself for primary and DC2 to secondary. DC2 points itself for primary and DC1 for secondary. Forwarders are configured for the opendns servers, and root hints are not enabled

 mmahaek, the public site is in no way affiliated with this company, so users would never need to get to anything on that public network

To be less cryptic, the AD domain is ctur.ctur.com which is totally different from this company's public DNS domain. ctur.com just happens to also be an active public address, and when you ping anything.ctur.com on the internet it resolves to the public IP.
What happens at this site is occasionally a user will not be able to connect to exchange, and when you ping mailserver on that PC it resolves to the ctur.com public IP. This usually happens right after the user logs on, and after a few minutes (usually 10-30 minutes) the problem goes away and the PC is able to resolve the mailserver to the local address.
 Clearing Append Parent suffixes of the primary DNS Suffix makes this problem go away
Just looking for a way to keep this from happening
You should be able to do that via group policies.
Computer Config>Policies>Admin Templates>Network>DNS Client
Principal Support Engineer
Commented:
The actual setting you'll need to change in the GPO is named "Primary DNS Suffix Devolution."  As long as ctur.ctur.com is your only internal domain and you do not also have an internal domain named ctur.com, disable this setting.

Author

Commented:
DrDave, exactly what I was looking for!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial