.      How to articles       Windows Services       Group Policy             Donate        
Computer step by step

Primary DNS suffix devolution

Description:

Specifies if the DNS client performs Primary DNS suffix devolution devolution during the name resolution process.

With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the Primary DNS suffix devolution name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.

The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the Primary DNS suffix devolution check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.Devolution is not enabled if a global suffix search list is configured using Group Policy.

If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:

The Primary DNS suffix devolution, as specified on the Computer Name tab of the System control panel.

Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.

For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.

If a DNS suffix search list is not specified, the DNS client attaches the Primary DNS suffix devolution to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the Primary DNS suffix devolution of the computer (drops the leftmost label of the Primary DNS suffix devolution), attaches this devolved Primary DNS suffix devolution to the single-label name, and submits this new query to a DNS server.

For example, if the Primary DNS suffix devolution ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the Primary DNS suffix devolution (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the Primary DNS suffix devolution is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The Primary DNS suffix devolution cannot be devolved beyond a devolution level of two. The devolution level can be configured using the Primary DNS suffix devolution devolution level policy setting. The default devolution level is two.

If you enable this policy setting, or if you do not configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved and the devolved Primary DNS suffix devolution.

If you disable this policy setting, DNS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved Primary DNS suffix devolution.

Supported on:

At least Windows Server 2003 operating systems or Windows XP Professional

GPO PowerShell Regedit CMD

In PowerShell we can use Get-GPRegistryValue cmled to identify the registry key(s) associated with:


More information about Get-GPRegistryValue can be found on this link:

https://docs.microsoft.com/en-us/powershell/module/grouppolicy/get-gpregistryvalue?view=win10-ps


For Enabled we get:

For Disabled we get: