DNS Devolution

I am a bit confused about DNS devolution, when it is needed and when it is
not. Do you want to have devolution turned on for servers that are not in an
AD domain (i.e. DMZ servers)?

I know it should be turned on in my AD domain. I am confused with how I
should set a suffix list on my DMZ servers if I use DNS devolution.

Any help is appreciated.

Thanks.

When is it needed? When you want to use it, typically when you need to
resolve things by a host name only.

Imagine you had child.domain.com and domain.com. If you had a server in
child.domain.com and wanted it to be able to resolve
"someserver.domain.com" using only "someserver" then it would make sense
to use primary dns suffix devolution.

Chris

Snowmizer wrote:
> I am a bit confused about DNS devolution, when it is needed and when it is
> not. Do you want to have devolution turned on for servers that are not in an
> AD domain (i.e. DMZ servers)?
>
> I know it should be turned on in my AD domain. I am confused with how I
> should set a suffix list on my DMZ servers if I use DNS devolution.
>
> Any help is appreciated.
>
> Thanks.

Would it really make sense to do this on a DMZ server that isn't part of my
domain? The only thing in this is a standalone server used for websites.

"Chris Dent" wrote:

>
> When is it needed? When you want to use it, typically when you need to
> resolve things by a host name only.
>
> Imagine you had child.domain.com and domain.com. If you had a server in
> child.domain.com and wanted it to be able to resolve
> "someserver.domain.com" using only "someserver" then it would make sense
> to use primary dns suffix devolution.
>
> Chris
>
> Snowmizer wrote:
> > I am a bit confused about DNS devolution, when it is needed and when it is
> > not. Do you want to have devolution turned on for servers that are not in an
> > AD domain (i.e. DMZ servers)?
> >
> > I know it should be turned on in my AD domain. I am confused with how I
> > should set a suffix list on my DMZ servers if I use DNS devolution.
> >
> > Any help is appreciated.
> >
> > Thanks.
>

In my opinion, no, I'd leave it alone unless you find it's needed

Chris

"Snowmizer" <> wrote in message
news:C469422F-85CA-4678-9581-...
> Would it really make sense to do this on a DMZ server that isn't part of
> my
> domain? The only thing in this is a standalone server used for websites.
>

I agree with Chris. If this is an external server that has no need to access
anything internal by hostname only, which is when the suffix is used in the
resolution process (devolution), then it's not needed. If it was, then I
would assume you would have some rules to allow internal access from the DMZ
for the perimeter machines to access something internally, otherwise, you're
ok.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum to benefit from collaboration
among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Great. At least I know I was thinking correctly. I can turn this off in the
registry correct?

"Ace Fekay [MCT]" wrote:

> "Snowmizer" <> wrote in message
> news:C469422F-85CA-4678-9581-...
> > Would it really make sense to do this on a DMZ server that isn't part of
> > my
> > domain? The only thing in this is a standalone server used for websites.
> >
>
> I agree with Chris. If this is an external server that has no need to access
> anything internal by hostname only, which is when the suffix is used in the
> resolution process (devolution), then it's not needed. If it was, then I
> would assume you would have some rules to allow internal access from the DMZ
> for the perimeter machines to access something internally, otherwise, you're
> ok.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum to benefit from collaboration
> among responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
> Microsoft Certified Trainer
>
> http://twitter.com/acefekay
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
>
>

"Snowmizer" <> wrote in message
news:C6C0B9C9-B5ED-4438-8F63-...
> Great. At least I know I was thinking correctly. I can turn this off in
> the
> registry correct?

I didn't realize you changed something in the registry regarding this
setting, unless I missed that in your posts? I would put it back to default.
Was there anything else changed?

Ace