DNS Suffix Search list does not work when Group Policy applies the “DNS Suffix Search List”

active-directorydomain-name-systemwindows-server-2012

I have a DNS Suffix Search list applied through Group Policy in an AD Domain with Windows 2012 server. When the DNS Suffix Search list is applied with Group Policy to the computers of a domain – those computers cannot ping a single qualified hostname and have it append the fqdn. As soon as the Group Policy is blocked – by doing block inheritance and the same DNS Suffix search list is manually input on the Network Adapter under DNS –> Append These DNS Suffix (in order); then it works – which is the same place the GPO puts those suffix.

In Linux it works great and it works in windows but only when done manually. Please help – I know this Group Policy setting is meant to accomplish this.

Best Answer

If I'm following the description of your problem - for example - With GPO in place and suffix search contains "corp.acme.com" and/or "acme.com", lookup for "roadrunner.corp" fails while "roadrunner" succeeds?

Modify your GPO to also contain the following setting: Computer Configuration / Administrative Templates / Network / DNS Client / Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries = Enabled

There a long explanation with more examples in the MMC help text for this policy setting.

Related Solutions

DNS resolution problems and DNS suffix search order

After reading this I had a look at a Ubuntu 8.10 installation I've just finished on Virtualbox. resolve.conf contains:

# Generated by NetworkManager
domain ourdomain.local
search ourdomain.local
nameserver 192.168.0.6
nameserver 192.168.0.7

As a result, it handles lookups just fine and I can reach any machine with either the host name or the FQDN. My MacBook also handles lookups just fine, both at work and at home, but I'm unable to check its resolve.conf right now (the screen is broken). Neither the work network (Windows DHCP) nor my home network (Linux DHCP) have option 119. In fact both pass the domain name only as option 15.

The only issue I had getting this to work was that Linux and Mac didn't like it when my home network used a single word domain name. Adding ".local" to the end of it is the only change I had to make.

Group policy settings not applied

two possible simple solutions: - 'hook' the policy to each tree where you want to apply it - Exclude the deep freeze machines by only applying the root gpo to machines in a particular security group

gpupdate not doing anything may have something to do with the link speed detection - does windows detect it as being slow - ie. WAN? You can see this in gpresult. Gpresult should also tell you which gpos are being applied or not applied.

Ian

Best Answer

Related Solutions

DNS resolution problems and DNS suffix search order

Group policy settings not applied

Related Topic