Information technology tools and resources at the UW
20160927: Service design change: DNS search suffixes
Managed Workstation service design change: DNS search suffixes
What and When
We’ll be making a change to all managed workstations over a period of a week, in increasing numbers of computers. A few will get this change Friday night 9/30, more Monday night, and so on. Every managed workstation get this change by 10/7.
In the past, we’ve provided configuration of a setting which gives managed workstations a hint to address the situation where a user doesn’t provide a fully qualified name for a server they want to connect to. We are no longer providing that configuration.
This configuration setting is called the DNS search suffix.
We’ll be removing this configuration. By removing our configuration, we open the door for this setting to be managed on each computer with different values. Prior to this change users could not manage this setting themselves.
What you need to do
You may find you need to fully qualify server names, e.g. enter “homer.u.washington.edu” instead of just “homer”.
Alternatively, you may wish to customize the DNS search suffix setting on your computer. To do so, you may wish to consult one of these websites for instructions:
If you do customize this setting on your computer, keep in mind that you are maintaining it.
We are no longer providing this configuration for a number of reasons that include:
- There is no technical reason why this setting needs to be configured across all managed workstations. This setting is a usability feature. If users don’t want to enter fully qualified server names, this setting is best left maintained by each user to the values they desire.
- When someone enters a non-fully qualified server name, each DNS suffix “hint” in this setting is tried until a potential match is found. This means that attempts to contact a server can be significantly delayed while each possible suffix is tried. This also means DNS servers get spurious queries for servers which don’t actually exist. Put simply, this setting is a highly inefficient way of helping users who don’t wish to fully qualify server names. Most people don’t know that they are relying on this setting, and that their reliance on this setting might actually be causing slow behavior they don’t like.
- The setting has a hard limit in terms of how many DNS suffixes can be included. When this setting is managed centrally, hard decisions must be made about which DNS suffixes are included. The UW has an unusually large number of DNS domains compared to other organizations, and over the years we’ve had to turn down many DNS suffixes in the interest of serving the broadest set of customers. Removing ourselves from being in the middle of managing this setting seems like the most responsible choice.
- Configuring this setting does add some small delay to boot and logon time, so removing it speeds things up.
The DNS suffixes that we previously configured for this setting are:
Managed Workstation service owner