Don't Append Primary DNS Suffix

Discussion in 'Windows Vista Networking' started by Victor S., Sep 30, 2008.

  1. Victor S.

    Victor S. Guest

    How can I configure Windows Vista to append the connection-specific DNS
    suffix to DNS lookups but not the primary DNS suffix?

    Here is the problem I am having. Laptops are joined to the AD domain so
    their primary DNS suffix is the domain name. (I will use company.com as an
    example.) Unfortunately, someone else registered our internal domain name on
    the Internet and has a wildcard/catch-all DNS entry set so every hostname
    resolves to the same IP address (e.g., 72.3.135.151). Internally, DNS
    resolution works well because the internal DNS servers are authoritative for
    the domain name. However, when not on the company network (such as when at a
    client's site), all DNS lookups not using a FQDN return the same external IP
    address (e.g., 72.3.135.151). Also, even if using the FQDN in nslookup,
    everything always resolves to the same external IP address because nslookup
    always appends the primary DNS suffix (e.g. hostname.test.com becomes
    hostname.test.com.company.com, which returns 72.3.135.151).

    I realize that there are workarounds (e.g. make the primary DNS suffix
    different than the domain name, always use FQDNs, append a period at the end
    of the FQDN in nslookup), but all of them have their problems and drawbacks.
    For example, even if users get used to using FQDNs, some of our clients have
    web-based applications that use just the hostnames. When using one of these
    applications is accessed with one of our laptops, links to server2 get
    redirected to server2.company.com, which brings up an external webpage and
    breaks the app.

    So, if it's possible, the only good solution I can see is to configure
    Windows to ignore the primary DNS suffix and only append the
    connection-specific suffix.
     
    Victor S., Sep 30, 2008
    #1
    1. Advertisements

  2. Victor S.

    Kerry Brown Guest

    If it is just the company laptops with the problem adding the servers to the
    hosts file on the laptops may work. This will only work if the servers are
    only using a public IP address. If they have a private IP address that is
    used internally then the laptops won't be able to access them while
    connected to the internal network
     
    Kerry Brown, Oct 1, 2008
    #2
    1. Advertisements

  3. Victor S.

    Victor S. Guest

    I'm not sure which servers you are suggesting should be added to the hosts
    file or how it might prevent the primary DNS suffix from being appended. In
    any case, almost everything uses internal IP addresses. Those servers that
    do use external IP addresses are not a problem since the FQDN for them is
    always specified.

    If you can think of a way that your recommendation can be modified to
    prevent the appending of the primary DNS suffix when using internal IP
    address, please let me know. Any other suggestions would also be
    appreciated.

    Thanks,

    Victor
     
    Victor S., Oct 1, 2008
    #3
  4. Victor S.

    Kerry Brown Guest

    If a name exists in the hosts file DNS is never used to resolve the name.
    You would create entries like this:

    192.168.2.1 servername
    192.168.2.1 servername.domain.com
     
    Kerry Brown, Oct 1, 2008
    #4
  5. Victor S.

    Victor S. Guest

    OK. I understand now. It will definitely help in some situations but I'm
    still hoping to find a way to have Vista bypass appending the primary DNS
    suffix to lookups but still use the connection-specific DNS suffix. Your
    response will work around the last of the situations that have come up, but
    if I can replace all of the workarounds with one solution (one that is
    easier on the users), I would prefer that.

    Thanks,

    Victor
     
    Victor S., Oct 1, 2008
    #5
  6. Victor S.

    Kerry Brown Guest

    If your Active Directory domain name is the same as the public domain name
    some one else has registered I don't think you will find one solution that
    works in all cases. Even when you own the public domain name, having the
    same AD domain name and public name is hard to manage for laptops that
    travel outside the domain. If you do find a solution please post back with
    how you did it.
     
    Kerry Brown, Oct 2, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.