A DNS suffix is the DNS name without the hostname part.
The best way to show the true purpose of a DNS suffix, when and why you would need, it is through an example.
We know that any computer that joined an active directory domain will receive an additional part to the name which will compose the actually FQDN of the computer, like for example comp1.compinfopro.com. At the same time, this computer also receives the domain name as a primary DNS suffix.
Let’s say we have two domains inside an Active Directory forrest:
Forrest Root Domain: compinfopro.com
Child Domain: ro.compinfopro.com
We would of course, have some servers in each of them, but to make our example more obvious we will call one server in compinfopro.com domain as serv1.compinfopro.com – this would be the FQDN of the serv1 while a computer name in ro.compinfopro.com domain would be called PC1 with the FQDN of PC1.ro.compinfopro.com .
Now, if a user from PC1 wants to access the serv1 from root domain, he would have to type the FQDN, else he would get an error message most likely. Why?
Simple. Remember when I wrote about what happens when you join a computer to a domain, now if the user will try to access the serv1 and would call it only by name, it would append the same domain name, so the user would try to access according to his computer and DNS, a server with a FQDN of serv1.ro.compinfopro.com – which might exist or not on this domain. Depending on this, he would get an error that such a server does not exist or he would be pointed to another server different from what he wanted. However, he could reach the desired server by trying to access the full FQDN serv1.compinfopro.com which would point to the correct location he actually wanted to reach.
If you had more such cases or similar ones, of course you can’t ask all your users to type that long and boring name, so you can probably imagine there are other ways.
One other way would be to add the compinfopro.com to the DNS suffix search list on the PC1.ro.compinfopro.com computer name. After it’s done, the user can ping just by name the serv1 server, because the computer would be searching through the DNS suffix search list, until a successful reply is found.
There are cases when you could have the same server names or computer names and doing this might not be such a good idea because it might get confusing and sometimes even not help at all. For example, if you know a server name is in both domains, adding the DNS suffix won’t help much as the ping & match would stop at the default search. This search is the primary DNS suffix, the one automatically added to the computer when added to the domain, so a match with the server in the second domain would never be possible unless you use the FQDN, due to the fact that the next DNS suffixes in the list would never be looked at, if the first match (the default) is a success.
To summarize this, the DNS search order means that every time you try to resolve a hostname, the computer you are using to do this would append the DNS suffixes from the DNS search list to the hostname, until you get a successful resolution.
The DNS suffix search list can be modified by one of the two methods I will show you below. There is however another way to do this globally so you won’t have to work for each computer on your network and this is by modifying the DHCP scope settings used to provide network credentials to clients.
First method of modifying DNS suffix search list – Network Connection Settings
1. You will have to open the Local Area Network Connection settings with start – settings (if exists) – control panel – network connections (first network and internet connections – if you are using the category view) – double click your connection.
2. Click Properties.
3. Select Internet Protocol (TCP/IP) and click Properties.
4. Click Advanced.
5. Click DNS.
Now you can notice that we have this option checked called “Append primary and connection specific DNS suffixes”. We already learned that it is the default setting (primary) and adds the domain DNS suffix to any request.
6. Check the “Append these DNS suffixes (in order)” and use the Add button to add DNS suffixes you want to be searched. Note that this will also cancel the primary DNS suffix, so you have to add that too, and to respect the order, you would better add the ex primary DNS suffix as the first DNS suffix followed by the next one you want.
According to our example, the one below would be the next to follow in the search list.
In the end it would look something like this:
7. Click Ok and apply where needed and everything should be ok. If by mistake you type one in front of the other, you can just adjust the order by clicking the pointers in the way you want to get the DNS suffix, upper or lower:
The second one is greyed out because this DNS suffix is already the last one. You can get it in a lower search list order than it already is.
Second method of modifying DNS suffix search list – Registry Settings
This is actually the same thing because I will show you a key you have to modify in order to provide the same search list order. The first method represents the same thing with this one too, just that one is through connection settings and the other is via registry.
Why two methods ?
Simple, it also depends on the level of knowledge you got, how much you are willing to navigate between options, how many access rights you have, if you can do it remotely or not and many more. You have to pick based on what you need and what resources of those already mentioned you can use.
You should also know when you use the first method and write DNS suffixes tin that window, they will also be added to the same key in registry that I’m going to show you and backwards, when you add to the registry they will also be displayed in the window we saw at first method.
So let’s see how it is done:
1. Open a registry editor, you can use Windows default regedit by going to Start – Run – type “regedit” without the quotes.
2. Expand the Registry Folders to reach this path: HKLM – SYSTEM – CurrentControlSet – Services – Tcpip – Parameters
Note: HKLM stands for HKEY Local Machine while HKEY meands Handle to Registry Key.
3. Find SearchList String Value Key according to below picture:
4. By default, this should be blank as you can see in the picture above. This means you are running on default settings with primary DNS suffix being the domain DNS suffix. If you add a value here, the correspondence is that after you confirm with Ok, the same DNS suffix will also be added to the option displayed in method one, as you can see below and default settings are canceled.
When you add something here is the same thing with selecting (enable) the checkbox “Append these DNS suffixes in order”, while removing the content of this key and leaving it blank as you found is the same with selecting the original setting that says “Append Primary and Connection Specific DNS suffixes”.
5. Double click the SearchList key in the registry to add a new DNS suffix and type it in the Value Data textbox.
Usually when you wanna add a DNS suffix, you want to add one that is not the same with the primary one, so at least another one, which means you have to add two. To separate them use a comma, as you can see in below example and just press Ok when you are finished. Both registrations will also be found in the window from Connection Properties – Internet Protocol (TCP/IP) – DNS, in the same order you add them here. Comma in this case, in the registry editor will make it add the other DNS suffix on the next line. Same principle applies if you had more than two and you can see the comma in here as a mark for a new line in there.
Final result should look like this after you press Ok:
I hope this was clear enough and if you think there is more to uncover or you can add something, please do. I am also waiting for your questions if you have any.
Rating: 4.8/5 (13 votes cast)
DNS suffix - what does it mean, 4.8 out of 5 based on 13 ratings