[Forgot Password]
Login  Register Subscribe

26408

 
 

132812

 
 

152126

 
 

909

 
 

121618

 
 

163

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-93025-5

Platform: win2019Date: (C)2020-09-22   (M)2020-09-26



Primary DNS Suffix Devolution Determines whether the DNS client performs primary DNS suffix devolution in a name resolution process. When a user submits a query for a single-label name, such as 'example', a local DNS client attaches a suffix, such as 'microsoft.com', resulting in the query 'example.microsoft.com', before sending the query to a DNS server. If a DNS Suffix Search List is not specified, the DNS client attaches the Primary DNS Suffix to a single-label name, and, if this query fails, the Connection-Specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the Primary DNS Suffix of the computer (drops the leftmost label of the Primary DNS Suffix), attaches this devolved Primary DNS suffix to the single-label name, and submits this new query to a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name 'example,' and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted. The primary DNS suffix cannot be devolved beyond devolution level. If this setting is enabled with appropriate devolution level, DNS clients on the computers to which this setting is applied attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS Suffix. If this setting is disabled, DNS clients on the computers to which this setting is applied do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS Suffix. If this setting is not configured, it is not applied to any computers, and computers use their local configuration.


Parameter:


Technical Mechanism: (1) GPO: Computer Configuration\Administrative Templates\Network\DNS Client!Primary DNS Suffix Devolution (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient!UseDomainNameDevolution

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:56045


OVAL    1
oval:org.secpod.oval:def:56045
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_2019

© SecPod Technologies