Tag: Computer Configuration

Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process. With devolution a DNS client creates queries by appending a single-label unqualified domain name with the parent suffix of the primary DNS suffix name and the parent of that suffix and so on stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name. The DNS client appends DNS suffixes to the single-label unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. Devolution is not enabled if a global suffix search list is configured using Group Policy. If a global suffix search list is not configured and the Append primary and connection specific DNS suffixes radio button is selected the DNS client appends the following names to a single-label name when it sends DNS queries:The primary DNS suffix as specified on the Computer Name tab of the System control panel. Each connection-specific DNS suffix assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection. For example when a user submits a query for a single-label name such as “example” the DNS client attaches a suffix such as “microsoft. com” resulting in the query “example. microsoft. com” before sending the query to a DNS server. If a DNS suffix search list is not specified the DNS client attaches the primary DNS suffix to a single-label name. If this query fails the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix) attaches this devolved primary DNS suffix to the single-label name and submits this new query to a DNS server. For example if the primary DNS suffix ooo. aaa. microsoft. com is attached to the non-dot-terminated single-label name “example” and the DNS query for example. ooo. aaa. microsoft. com fails the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level and submits a query for example. aaa. microsoft. com. If this query fails the primary DNS suffix is devolved further if it is under specified devolution level and the query example. microsoft. com is submitted. If this query fails devolution continues if it is under specified devolution level and the query example. microsoft. com is submitted corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two. If you enable this policy setting or if you do not configure this policy setting DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved primary DNS suffix. If you disable this policy setting DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix.

Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones for example: “com. “By default a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone. If you enable this policy setting computers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update except the root zone. If you disable this policy setting or if you do not configure this policy setting computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.

Specifies the security level for dynamic DNS updates. To use this policy setting click Enabled and then select one of the following values:Unsecure followed by secure – computers send secure dynamic updates only when nonsecure dynamic updates are refused. Only unsecure – computers send only nonsecure dynamic updates. Only secure – computers send only secure dynamic updates. If you enable this policy setting computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. If you disable this policy setting or if you do not configure this policy setting computers will use local settings. By default DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused clients try to use secure update.

Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name. An unqualified single-label name contains no dots. The name “example” is a single-label name. This is different from a fully qualified domain name such as “example. microsoft. com. “Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example a DNS query for the single-label name “example” will be modified to “example. microsoft. com” before sending the query to a DNS server if this policy setting is enabled with a suffix of “microsoft. com. “To use this policy setting click Enabled and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string such as “microsoft. comserverua. microsoft. comoffice. microsoft. com” to specify multiple suffixes. If you enable this policy setting one DNS suffix is attached at a time for each query. If a query is unsuccessful a new DNS suffix is added in place of the failed suffix and this new query is submitted. The values are used in the order they appear in the string starting with the leftmost value and proceeding to the right until a query is successful or all suffixes are tried. If you disable this policy setting or if you do not configure this policy setting the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.

Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied. To specify the TTL click Enabled and then enter a value in seconds (for example 900 is 15 minutes). If you enable this policy setting the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting. If you disable this policy setting or if you do not configure this policy setting computers will use the TTL settings specified in DNS. By default the TTL is 1200 seconds (20 minutes).

Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates. Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records. Warning: If record scavenging is enabled on the zone the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records. To specify the registration refresh interval click Enabled and then enter a value of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example 1800 seconds is 30 minutes. If you enable this policy setting registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting. If you disable this policy setting or if you do not configure this policy setting computers will use the local or DHCP supplied setting. By default client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.