How DNS devolution works in Windows Server 2008 R2

Domain Name System (DNS) devolution is a feature in Windows Server 2008 R2 that makes it

    Requires Free Membership to View

easier for DNS clients to locate network resources. To understand DNS devolution, think about how the name resolution process works in a normal Windows environment.

For example, let’s pretend that I have a domain named Domain1.com and a server within that domain named Server1.Domain1.com. If I want to map a drive letter to a share located on Server1.Domain1.com, I don’t have to provide the server’s fully qualified domain name (FQDN). Instead, I can just specify the host name followed by the share name (\\Server1\). The DNS server is then able to resolve the host name to a FQDN.

This works because NetBIOS over TCP/IP is usually enabled on Windows networks. When the host name is specified, Windows performs a quick check to make sure that the specified host name does not match the local host name. Assuming that the names do not match, Windows will check the DNS resolver cache and perform a DNS Name Query Request if necessary. This request resolves the specified host name. Other resolution methods are used when the host name can’t be resolved, but for our purposes the DNS Name Query Request is of primary interest.

The DNS Name Query Request method of resolving host names works well if the host is in the same domain as the computer making the name resolution request. The process can break down, however, if the requested host resides in an alternate domain. This is where DNS devolution comes into play.

DNS devolution allows clients to query parent DNS namespaces without explicitly specifying the parent’s FQDN. For instance, imagine that I am using a computer with a FQDN of Computer1.lab.IT.Domain1.com. A normal DNS Name Query Request would search the lab.IT.Domain1.com namespace. If devolution is used, however, then the following domains would be searched as necessary:

  1. Lab.IT.Domain1.com
  2. IT.Domain1.com
  3. Domain1.com

Requirements for using DNS devolution
Even though DNS devolution is fairly simple, there are a few caveats to using it. For starters, DNS devolution requires that you select the Append Parent Suffixes in the Primary DNS Suffix check box, which is located in the Advanced TCP/IP Settings dialog box on the client computer, as shown in Figure 1. This check box is selected by default on Windows 7 clients.

Figure 1. The Append Parent Suffixes check box must be selected to use DNS devolution.

Note that when using DNS devolution, you cannot provide Windows with a global suffix search list, which is sometimes done via Group Policy settings.

Configuring DNS devolution
The primary mechanism for configuring DNS devolution is the Group Policy Editor. There are two policy settings of interest and both are located at Computer Configuration \ Policies \ Administrative Templates \ Network \ DNS Client.

The first setting -- shown in Figure 2 -- is the Primary DNS Suffix Devolution setting. This is the setting that enables and disables DNS devolution.

Figure 2: DNS devolution is controlled by Group Policy settings.

The other setting you need to know about is the Primary DNS Suffix Devolution Level setting. This setting allows you to control the number of levels that are processed during DNS devolution. Earlier, I used a domain named Lab.IT.Domain1.com in one of my examples. This domain consists of three levels, including:

  1. Lab.IT.Domain1.com
  2. IT.Domain1.com
  3. Domain1.com

Setting the Primary DNS Suffix Devolution Level to 3 allows DNS devolution to occur all the way to the root domain (Domain1.com). Setting the level to 2 allows DNS devolution to occur for IT.Domain1.com, but not for Lab.IT.Domain1.com. In other words, the devolution process stops short of the root domain.

DNS devolution has been around for a while, but Windows Server 2008 R2 is the first system to introduce this concept of levels. To that end, only Windows 7 and Windows Server 2008 R2 can use all of the DNS devolution features by default. You can add full DNS devolution support to older versions of Windows, however, by downloading a DNS update.

You can follow SearchWindowsServer.com on Twitter @WindowsTT.

Brien M. Posey, MCSE, is a Microsoft MVP for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. For more information, visit www.brienposey.com.

This was first published in January 2011

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.