Service design change: DNS search suffixes

September 27, 2016

Managed Workstation service design change: DNS search suffixes

What and When

We’ll be making a change to all managed workstations over a period of a week, in increasing numbers of computers. A few will get this change Friday night 9/30, more Monday night, and so on. Every managed workstation get this change by 10/7.

In the past, we’ve provided configuration of a setting which gives managed workstations a hint to address the situation where a user doesn’t provide a fully qualified name for a server they want to connect to. We are no longer providing that configuration.

This configuration setting is called the DNS search suffix.

We’ll be removing this configuration. By removing our configuration, we open the door for this setting to be managed on each computer with different values. Prior to this change users could not manage this setting themselves.

What you need to do

You may find you need to fully qualify server names, e.g. enter “homer.u.washington.edu” instead of just “homer”.

Alternatively, you may wish to customize the DNS search suffix setting on your computer. To do so, you may wish to consult one of these websites for instructions:
https://technet.microsoft.com/en-us/library/bb847901(v=exchg.150).aspx
http://www.computerstepbystep.com/dns-suffix-search-list.html

If you do customize this setting on your computer, keep in mind that you are maintaining it.

More info

We are no longer providing this configuration for a number of reasons that include:

  • There is no technical reason why this setting needs to be configured across all managed workstations. This setting is a usability feature. If users don’t want to enter fully qualified server names, this setting is best left maintained by each user to the values they desire.
  • When someone enters a non-fully qualified server name, each DNS suffix “hint” in this setting is tried until a potential match is found. This means that attempts to contact a server can be significantly delayed while each possible suffix is tried. This also means DNS servers get spurious queries for servers which don’t actually exist. Put simply, this setting is a highly inefficient way of helping users who don’t wish to fully qualify server names. Most people don’t know that they are relying on this setting, and that their reliance on this setting might actually be causing slow behavior they don’t like.
  • The setting has a hard limit in terms of how many DNS suffixes can be included. When this setting is managed centrally, hard decisions must be made about which DNS suffixes are included. The UW has an unusually large number of DNS domains compared to other organizations, and over the years we’ve had to turn down many DNS suffixes in the interest of serving the broadest set of customers. Removing ourselves from being in the middle of managing this setting seems like the most responsible choice.
  • Configuring this setting does add some small delay to boot and logon time, so removing it speeds things up.

The DNS suffixes that we previously configured for this setting are:
clients.nebula2.washington.edu
nebula2.washington.edu
nebula.washington.edu
cac.washington.edu
u.washington.edu
admin.washington.edu
washington.edu
exchange.washington.edu

Brian Arkills
Managed Workstation service owner