[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Primary DNS Suffix Devolution

ID: oval:org.secpod.oval:def:18966Date: (C)2014-05-29   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The Primary DNS Suffix Devolution machine setting should be configured correctly. Determines whether the DNS client performs primary DNS suffix devolution in a name resolution process. When a user submits a query for a single-label name, such as "example", a local DNS client attaches a suffix, such as "microsoft.com", resulting in the query "example.microsoft.com", before sending the query to a DNS server. If a DNS Suffix Search List is not specified, the DNS client attaches the Primary DNS Suffix to a single-label name, and, if this query fails, the Connection-Specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the Primary DNS Suffix of the computer (drops the leftmost label of the Primary DNS Suffix), attaches this devolved Primary DNS suffix to the single-label name, and submits this new query to a DNS server. If this setting is enabled with appropriate devolution level, DNS clients on the computers to which this setting is applied attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS Suffix. If this setting is disabled, DNS clients on the computers to which this setting is applied do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS Suffix. If this setting is not configured, it is not applied to any computers, and computers use their local configuration. Fix: (1) GPO: Computer Configuration\Administrative Templates\Network\DNS Client\Primary DNS Suffix Devolution (2) KEY: HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-10931-4
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-10931-4
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2

© SecPod Technologies