DNS Search Suffix When DHCP Option 015 and GPO is used

Question

We have an issue where the DNS Search Suffix seems to stop working. The machine is in Domain A which is trying to contact a resource in Domain B. Both domains are in different forests and connected via a two way trust.

This is a very intermittent problem but one thing I noticed is that in addition to setting the DNS Search Suffix List via GPO, option 015 with our primary domain (Domain A) is set as well. I'm wondering if this would cause any potential conflicts. You can only assign one DNS suffix via option 015 whereas we have 4 set via GPO.

If I check HKLM:\SOFTWARE\Policies\Microsoft\Windows NY\DNSClient\SearchList - the data in there matches the GPO.

If I check HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList - the data contains two comma-separated entries for Domain A.

I'm hoping someone can help as we've been struggling with this intermittent issue for some time.

Thanks in advance!

WB

Answer 1

Hi ,

If you are trying to simply add one additional suffix, DHCP Option 015 will work for your DHCP clients. If you’re trying to add more than one additional suffix, GPO should be the better alternative. Generally, we don't enable them at the same time.

Based on your situation, we recommend you only use GPO and remove the DNS Search Suffix in DHCP option 15. Then see if the issue is gone.

---Please Accept as answer if the reply is helpful---

Best Regards,

Candy