|Platform: win2019||Date: (C)2020-09-22 (M)2020-09-26|
Primary DNS Suffix Devolution
Determines whether the DNS client performs primary DNS suffix devolution in a name resolution process.
When a user submits a query for a single-label name, such as 'example', a local DNS client attaches a suffix, such as 'microsoft.com', resulting in the query 'example.microsoft.com', before sending the query to a DNS server.
If a DNS Suffix Search List is not specified, the DNS client attaches the Primary DNS Suffix to a single-label name, and, if this query fails, the Connection-Specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the Primary DNS Suffix of the computer (drops the leftmost label of the Primary DNS Suffix), attaches this devolved Primary DNS suffix to the single-label name, and submits this new query to a DNS server.
For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name 'example,' and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted. The primary DNS suffix cannot be devolved beyond devolution level.
If this setting is enabled with appropriate devolution level, DNS clients on the computers to which this setting is applied attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS Suffix.
If this setting is disabled, DNS clients on the computers to which this setting is applied do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS Suffix.
If this setting is not configured, it is not applied to any computers, and computers use their local configuration.
(1) GPO: Computer Configuration\Administrative Templates\Network\DNS Client!Primary DNS Suffix Devolution
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient!UseDomainNameDevolution
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:56045|