none
DNS Suffix for subdomains to replace WINS RRS feed

  • Question

  • we have a forest with several subdomains and are trying to get rid of WINS and replace it by DNS completely. as some of you might have already experienced themselves,  when removing WINS in a site, this might give issues to connect to other domains in the forest when not using the FQDN.  Since we have several subdomains,  adding a giant list of DNS suffixes for the search is not a real good option to me.  i was wondering if it would be a good solution to push a "primary DNS suffix" containing the parent domain to all subdomains.  lets say we have parent domain contoso.corp and subdomains one.contoso.corp, two.contoso.corp,.... will it give issues to create a global GPO setting the "primary DNS suffix" to "contoso.corp"? as far as i can see, the server seems to register itself in DNS with both the primary DNS suffix "contoso.corp" as its FQDN f.e. "one.contoso.corp".  i have been searching on tis for some time, and didnt find much info on above setup, so i was wondering if it is maybe a wrong tactic to use.

    Monday, May 6, 2019 7:59 AM

All replies

  • Hello Tom-DM,

    Thank you for posting in this forum.

    Given that WINS servers work differently than DNS servers, doing so can cause many problems.

    For example, when a client(A) in the two.contoso.corp subdomain wants to query a machine(B) in the one.contoso.corp subdomain. With WINS you can successfully query its records, but you can't do it with DNS. If you use a DNS server, A will first query B.two.contoso.corp according to your configuration. If no results are found, A will check B.contoso.corp. But A will never query B.one.contoso.corp.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 7, 2019 8:56 AM
  • Thanks Leon, i'm aware of this, thats actually the reason why i posted this question :-)  i'm more interested in what the result would be of setting a primary DNS suffix to the parent domain in all subdomains, and what would be the exact reason why we should maybe not doing this, because in our first tests with some clients this seems to run fine, but i want to be really sure before rolling out to the whole company through GPO
    Tuesday, May 7, 2019 9:03 AM
  • You're welcome, Tom-DM.

    That example is the reason why this is not recommended.

    But it seems that the client in the current environment has not encountered the situation I have outlined. All clients work fine in their own domain/subdomain (for now).

    You still want to implement this GPO, right?

    Best Regards,
    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Tuesday, May 7, 2019 9:37 AM
  • hmmm i think i'm still not seeing te issue :-)  example for your response:

    "If you use a DNS server, A will first query B.two.contoso.corp according to your configuration. If no results are found, A will check B.contoso.corp. But A will never query B.one.contoso.corp."

    -> but since i would use "contoso.corp" as primary DNS suffix for all clients in the subdomains, A will be able to locate the correct IP for B through B.contoso.corp (and vice versa) and there's no need anymore  to query B.two.contoso.corp.  
    Or is the point of this that all queries/load will go to the DNS server of contoso.corp outside the own subdomain? (on the other hand, since we were only using WINS servers in 1 location before the load would be identical to te one of WINS in the past). 

    i was also thinking that with primary DNS suffix set to contoso.corp none of the clients would register anymore with its own subdomain, however, that also doesn't seem to be the case, they still seem to register also automatically with their FQDN, so i don't see a possible problem in that either at the moment. 

    sorry if i might be missing out on something important here :-)

    Tuesday, May 7, 2019 10:03 AM
  • Hello Tom-DM,

    Records under the subdomain will only exist in the subdomain, they will not be stored in the parent domain.

    For two sub-domains A and B of the same level, if there is a client (xyz) in the A sub-domain to query the records in the B sub-domain, xyz first looks up the record in the A sub-domain. But there is no such record in the A subdomain.

    Then xyz will go to the parent domain, but it still can't be found.

    Then xyz will terminate the query.

    Depending on your configuration and how DNS works, xyz does not look for records in the B subdomain.

    Best Regards,

    Leon



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, May 8, 2019 9:31 AM
  • Hi,

    Just checking the current situation of your problem.
    Please let us know if you would like further help.

    Best regards,
    Leon

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 10, 2019 7:40 AM
  • Thanks Leon,  you mention "But there is no such record in the A subdomain." i know, but i never need to search in this other subdomain because if i configure a "primary DNS suffix" with the parent domain "contoso.corp"  through GPO for subdomain A, B, C,..... then every device is registered in "contoso.corp" through that GPO setting,  so indeed, none of the devices in A.contoso.corp, B, C,.... will be able to find an entry directly in any of the other sub-domains, but i don't really care about that, since with DNS Devolution they will Always do a second lookup attempt in the contoso.corp parent domain after they fail to find the entry in their own domain,  and because of the "primary DNS suffix" is set to "contoso.corp" through GPO, every device from every existing subdomain of contoso.corp will Always be registered in the parent and should be found back from any of the existing subdomains, no matter what subdomain you are inBecause of DNS devolution which will query contoso.corp on a second attempt after it failed to find the entry in its own domain.  every entry is registered in the parent with my "primary DNS suffix", so when your DNS search will not find anything in the subdomain it will Always be found in the parent.    if i test this in reality, it works perfect in any case,  clients of A.contoso.corp find clients in B.contoso.corp through the DNS table in contoso.corp where all devices are registered.
    Friday, May 24, 2019 11:45 AM
  • Hi Leon, sorry, i was out for some time, i've replied on your above answer. 
    Friday, May 24, 2019 11:46 AM
  • Hi Tom-DM,

    You have already tested it, and it does work.

    Good to see that you have solved the problem by yourself.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 27, 2019 3:22 AM