Don't Append Primary DNS Suffix

  • Thread starter Thread starter Victor S.
  • Start date Start date
V

Victor S.

How can I configure Windows Vista to append the connection-specific DNS
suffix to DNS lookups but not the primary DNS suffix?

Here is the problem I am having. Laptops are joined to the AD domain so
their primary DNS suffix is the domain name. (I will use company.com as an
example.) Unfortunately, someone else registered our internal domain name on
the Internet and has a wildcard/catch-all DNS entry set so every hostname
resolves to the same IP address (e.g., 72.3.135.151). Internally, DNS
resolution works well because the internal DNS servers are authoritative for
the domain name. However, when not on the company network (such as when at a
client's site), all DNS lookups not using a FQDN return the same external IP
address (e.g., 72.3.135.151). Also, even if using the FQDN in nslookup,
everything always resolves to the same external IP address because nslookup
always appends the primary DNS suffix (e.g. hostname.test.com becomes
hostname.test.com.company.com, which returns 72.3.135.151).

I realize that there are workarounds (e.g. make the primary DNS suffix
different than the domain name, always use FQDNs, append a period at the end
of the FQDN in nslookup), but all of them have their problems and drawbacks.
For example, even if users get used to using FQDNs, some of our clients have
web-based applications that use just the hostnames. When using one of these
applications is accessed with one of our laptops, links to server2 get
redirected to server2.company.com, which brings up an external webpage and
breaks the app.

So, if it's possible, the only good solution I can see is to configure
Windows to ignore the primary DNS suffix and only append the
connection-specific suffix.
 
If it is just the company laptops with the problem adding the servers to the
hosts file on the laptops may work. This will only work if the servers are
only using a public IP address. If they have a private IP address that is
used internally then the laptops won't be able to access them while
connected to the internal network
 
I'm not sure which servers you are suggesting should be added to the hosts
file or how it might prevent the primary DNS suffix from being appended. In
any case, almost everything uses internal IP addresses. Those servers that
do use external IP addresses are not a problem since the FQDN for them is
always specified.

If you can think of a way that your recommendation can be modified to
prevent the appending of the primary DNS suffix when using internal IP
address, please let me know. Any other suggestions would also be
appreciated.

Thanks,

Victor
 
If a name exists in the hosts file DNS is never used to resolve the name.
You would create entries like this:

192.168.2.1 servername
192.168.2.1 servername.domain.com
 
OK. I understand now. It will definitely help in some situations but I'm
still hoping to find a way to have Vista bypass appending the primary DNS
suffix to lookups but still use the connection-specific DNS suffix. Your
response will work around the last of the situations that have come up, but
if I can replace all of the workarounds with one solution (one that is
easier on the users), I would prefer that.

Thanks,

Victor
 
If your Active Directory domain name is the same as the public domain name
some one else has registered I don't think you will find one solution that
works in all cases. Even when you own the public domain name, having the
same AD domain name and public name is hard to manage for laptops that
travel outside the domain. If you do find a solution please post back with
how you did it.
 
Back
Top