Wednesday, January 21, 2009

DNS Single Label Name Resolution

By default, DNS clients resolves single-label names using dns suffix orders obtained from various sources.


The following illustrates the basic sequence of operations performed by windows XP, Vista DNS clients while resolving single label host names.

1. Assume the single label host name for which name resolution required is "dnsclient".

2. If the group policy"DNS Suffix Search List" is not configured then do the following

I) If "DNS Suffix Search list" is specified on local computer, as shown below, then the Client machine tries to resolve the host name "dnsclient" by appending search list items



















If (I) fails then suffix adding is stopped and DNS failover to WINS server (if available) for resolving single label name


II) if "DNS Suffix Search list" is not specified on local computer, Then do the following

a) If "Primary DNS Suffix" Group Plociy is enabled, then client machines uses the "primary dns suffix" to resolve the name














b) if (a) fails and "Connection-Specifix DNS Suffix" group policy is enabled , then client machine tries to resolve names using Connection-Specifix DNS Suffix.




















c) if (a) fails and "Connection-Specifix DNS Suffix" group policy is not configured, then client machine uses all connection specific suffixes of each network adapter




















d) if (a) fails, "Connection-Specifix DNS Suffix" group policy is disabled and if
"Primary DNS Suffix Devolution" policy is enabled then dns client machine devoluates primary dns suffix and tries resolve the name



















e) if (a) and (b) fails, and "Primary DNS Suffix Devolution" policy is enabled then devoluates primary dns suffix and tries resolve the name.




















III) If "Primary DNS Suffix" Group Plociy is "disabled" or do "notconfigured", then

a) Local machine's "DNS Primary DNS suffix" value is used for resolving the name.

Local Primary DNS Suffix can be found in system prompertis "computername" tab.














b) if (a) fails and "Connection-Specifix DNS Suffix" group policy is enabled , then client machine tries to resolve names using Connection-Specifix DNS Suffix.


















c) if (a) fails and "Connection-Specifix DNS Suffix" group policy is not configured, then client machine uses all connection specific suffixes of each network adapter




















d) if (a) fails, "Connection-Specifix DNS Suffix" group policy is disabled and if
"Primary DNS Suffix Devolution" policy is enabled then dns client machine devoluates primary dns suffix and tries resolve the name



















e) if (a) and (b) fails, and "Primary DNS Suffix Devolution" policy is enabled then devoluates primary dns suffix and tries resolve the name.




















3) If the group policy "DNS Suffix Search List" is Disabled then, "

I) "Primary DNS Suffix" Group Plociy is enabled

a) If "Primary DNS Suffix" Group Plociy is enabled, then client machines use the "primary dns suffix" to resolve the name















b) if (a) fails and, "Connection-Specifix DNS Suffix" group policy is enabled , then client machine tries to resolve names using Connection-Specifix DNS Suffix.




















c) if (a) fails and "Connection-Specifix DNS Suffix" group policy is not configured, then client machine uses all connection specific suffix of each network adapter




















d) if (a) fails and "Connection-Specifix DNS Suffix" group policy is disabled if
"Primary DNS Suffix Devolution" policy is enabled then devolates primary dns suffix and tries resolve the name

e) if (a) and (b) fails, and "Primary DNS Suffix Devolution" policy is enabled then devalutes primary dns suffix and tries resolve the name

II) If "Primary DNS Suffix" Group Plociy is "disabled" or do "notconfigured",
then Local machine's "DNS Primary DNS suffix" value is used for resolving the name
Local Primary DNS Suffix can be found in system prompertis "computername" tab.













b) if (a) fails and "Connection-Specifix DNS Suffix" group policy is enabled , then client machine tries to resolve names using Connection-Specifix DNS Suffix.


















c) if (a) fails and "Connection-Specifix DNS Suffix" group policy is not configured, then client machine uses all connection specific suffixes of each network adapter




















d) if (a) fails, "Connection-Specifix DNS Suffix" group policy is disabled and if
"Primary DNS Suffix Devolution" policy is enabled then dns client machine devoluates primary dns suffix and tries resolve the name



















e) if (a) and (b) fails, and "Primary DNS Suffix Devolution" policy is enabled then devoluates primary dns suffix and tries resolve the name.
































4. If Group Policy "DNS Suffix Search List" is enabled

Then group policy "DNS Suffix Search List" is used for resolving single label name.













































6. If group policy "Connection-Specific DNS suffix" is enabled then group policy's connection specific DNS suffix takes precedence over local machines Connection-Specific DNS suffix and resolve the single label name.














If the name cannot be resolved via DNS by using various suffixes, the query fails over to WINS.

Note:
• May be a single labe name will be unique in a given domain, but may not be unique across multiple domains and/or forests, this is due to hierarchical structure of Domain Name System.

• DNS name query will timeout after 12 seconds. So a DNS Name query may time even before verifing all the suffixes availabe for the DNS client, In this case DNS will fall back to WINS resolution (if exists) after 12 seconds.

Example:

A companys internal website is http:\\myweb
• The fully qualified domain name (FQDN) of the Web server is webserver.myrootdns.com
• The Group Policy for all the DNS client has following list of dns suffixes


dnsserver.myrootdns.com
web.myrootdns.com
webserver.myrootdns.com

The following shows resolving single label name

1. A user types in http://myweb into the browser address bar
2. The browser calls the GetAddrInfo() function to resolve the name myweb
3. GetAddrInfo() invokes DNS Client to resolve the name.
4. DNS Client sends out the following qualified queries
a. myweb.dnsserver.myrootdns.com : gives Name Error
b. myweb.web.myrootdns.com: again Name
c. myweb.webserver.myrootdns.com : This Succeeds

No comments:

Post a Comment