locked
DHCP question (scope options) RRS feed

  • Question

  • We are trying to set up Intel AMT (vPro) management server in our office. The requirement for a vPro device to allow the management server gain out-of-band access to vPro devices is that the PKI cert installed on the management server must have the same domain name in its CN field as given by the local DHCP server (option 015).

    Now the problem is that the local domain name in our office is set to xxxxxxx.local whereas the certificate CN field has xxxxxxx.com because COMODO does not issue certificates with .local domain name.

    We have been wondering if we could change the connection specific DNS suffix to xxxxxxx.com in the DHCP option 015 to fix the problem but do not know how this will impact the local network.

    Please help.

    Thanks,

    Wednesday, July 27, 2016 7:26 PM

Answers

  • The default name resolution for unqualified names is: 'append primary and connection specific DNS suffixes'.  Using DHCP option 15 assigns a connection specific suffix. The default DNS suffix search list is your primary DNS suffix, followed by your connection specific suffix. For domain computers, the primary DNS suffix will be their domain name (unless you've manually overridden this).  So even if you assign xxxx.com through option 15, name resolutions will first attempt with a suffix of xxxx.local. Does that help?

    • Marked as answer by Abrar Baig Friday, July 29, 2016 3:26 PM
    Wednesday, July 27, 2016 8:04 PM

All replies

  • The default name resolution for unqualified names is: 'append primary and connection specific DNS suffixes'.  Using DHCP option 15 assigns a connection specific suffix. The default DNS suffix search list is your primary DNS suffix, followed by your connection specific suffix. For domain computers, the primary DNS suffix will be their domain name (unless you've manually overridden this).  So even if you assign xxxx.com through option 15, name resolutions will first attempt with a suffix of xxxx.local. Does that help?

    • Marked as answer by Abrar Baig Friday, July 29, 2016 3:26 PM
    Wednesday, July 27, 2016 8:04 PM
  • Hey Ryan

    Thanks for the info. We will test this and will update soon.

    Thank you,

    Wednesday, July 27, 2016 8:31 PM
  • That helped.

    Thanks Ryan.

    Friday, July 29, 2016 3:26 PM