DNS Devolution

Discussion in 'DNS Server' started by Snowmizer, Jul 28, 2009.

  1. Snowmizer

    Snowmizer Guest

    I am a bit confused about DNS devolution, when it is needed and when it is
    not. Do you want to have devolution turned on for servers that are not in an
    AD domain (i.e. DMZ servers)?

    I know it should be turned on in my AD domain. I am confused with how I
    should set a suffix list on my DMZ servers if I use DNS devolution.

    Any help is appreciated.

    Thanks.
     
    Snowmizer, Jul 28, 2009
    #1
    1. Advertisements

  2. Snowmizer

    Chris Dent Guest

    When is it needed? When you want to use it, typically when you need to
    resolve things by a host name only.

    Imagine you had child.domain.com and domain.com. If you had a server in
    child.domain.com and wanted it to be able to resolve
    "someserver.domain.com" using only "someserver" then it would make sense
    to use primary dns suffix devolution.

    Chris
     
    Chris Dent, Jul 28, 2009
    #2
    1. Advertisements

  3. Snowmizer

    Snowmizer Guest

    Would it really make sense to do this on a DMZ server that isn't part of my
    domain? The only thing in this is a standalone server used for websites.
     
    Snowmizer, Jul 28, 2009
    #3
  4. Snowmizer

    Chris Dent Guest

    In my opinion, no, I'd leave it alone unless you find it's needed :)

    Chris
     
    Chris Dent, Jul 28, 2009
    #4
  5. I agree with Chris. If this is an external server that has no need to access
    anything internal by hostname only, which is when the suffix is used in the
    resolution process (devolution), then it's not needed. If it was, then I
    would assume you would have some rules to allow internal access from the DMZ
    for the perimeter machines to access something internally, otherwise, you're
    ok.


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum to benefit from collaboration
    among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    http://twitter.com/acefekay

    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MCT], Jul 28, 2009
    #5
  6. Snowmizer

    Snowmizer Guest

    Great. At least I know I was thinking correctly. I can turn this off in the
    registry correct?
     
    Snowmizer, Jul 29, 2009
    #6
  7. I didn't realize you changed something in the registry regarding this
    setting, unless I missed that in your posts? I would put it back to default.
    Was there anything else changed?

    Ace
     
    Ace Fekay [MCT], Jul 30, 2009
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.