NetworkingDsc
NetworkingDsc copied to clipboard
Want to be able to turn off "Append parent suffixes of the primary DNS suffix"
Is there a resource today that can turn off (or on) the setting 'Append parent suffixes of the primary DNS suffix'?
If not, which resource would be be suited to do that?
Hi @johlju ,
I though MSFT_xDnsClientGlobalSetting
did this - but I am wrong :cry:
It appears after a little bit of research that the cmdlet Get/Set-DnsClientGlobalSetting
that should be able to set this value can only "get" the values:
But worse - the values returned in the object for Get-DnsClientGlobalSetting | Fl *
So changing the values in the IPv4 Network configuration DNS Client tab seems to have no effect on these values returned by Get-DnsClientGlobalSetting | Fl *
.
So MSFT_xDnsClientGlobalSetting
would be the place to do this - and in theory it would be fairly easy because this is a table driven resource, but it seems there is a limitation with the Get-DnsClientGlobalSetting
cmdlet - so we'd need to find other ways of setting and querying these values.
@PlagueHO So it seems there is two values... But do they do the same thing?
When using Set-DnsClientGlobalSetting -UseDevolution $false
the following registry key is set to '0'.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"UseDomainNameDevolution"=dword:00000000
When unchecking this box
This registry key is set to '0'.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"UseDomainNameDevolution"=dword:00000000
My knowledge of this is somewhat lacking. I'm happy to send in a PR to fix this. But how should this be fixed? 🤔
When using the current parameter UseDevolution
should we, after running the command Set-DnsClientGlobalSetting
, also change the registry key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
to either '0' or '1' (disabled or enabled). If so, is this a bug in Set-DnsClientGlobalSetting
?
Or is this other registry key an entire new parameter which has nothing to to with Set-DnsClientGlobalSetting
?
Hi @johlju - that is unfortunately above my level of expertise when it comes to where the Windows TCP/IP stack actually reads this setting from. But that said we can set this using this resource: https://github.com/PowerShell/xNetworking/wiki/xDnsClientGlobalSetting
Which uses the Set-DnsClientGlobalSetting -UseDevolution $false
method to set the value - does this actually check/uncheck the checkbox?
Unfortunately the cmdlet Set-DnsClientGlobalSetting -UseDevolution $false
doesn't check or uncheck that box.
And it seems, with the only knowledge of seeing the registry keys, that Set-DnsClientGlobalSetting
is setting something for the DNS Cache, while the check box in thre NIC properties is setting a registry at the "TCP/IP level". To me, these seem to be two different "services". First saying the cache should now use devolution and the other saying that the TCP/IP should not use devolution. But shouldn't all queries go thru the cache. So setting using the cmdlet might essentially make the desire state I'm after. But at he same time, if a user check the NIC settings it gonna seem like it is turned on.
But just unchecking the box in the NIC properties, it did not change the registry that the the cmdlet does, so then by unchecking it in the NIC interface properties, does it actually turnoff completely, or just half of it is not using devolution? :)
I think we need more knowledge before we can decide if it is gonna be part on set present parameter or if this is an entire new parameter. These times it would have been good to be able to escalate an issue to, in his case, a DNS guru :smile: I was hoping you were that guru :wink:
I'm using the Registey resource to change the registry key to uncheck the box in the NIC properties until I know more.
Yes, I agree - it would be good to have someone with that level of knowledge of the Windows DNS client, but I'm not that level of expert :cry: But I have run across problems like this before with odd settings that are either surfaced in unexpected places or not at all (or just named very oddly).
If it was as simple as setting a registry entry then it can be done, but often making a change like this requires other things to happen (flushing the DNS client cache for example) which is usually why using a cmdlet is the best way. If we can say that this is not surfaces in WMI/CIM or PowerShell then we should raise a uservoice issue.
@tysonjhayes - are you able to offer any depth here?
This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.
Old issue, set to stale, etc. But because I was with a similar issue, I got into this: https://powershell.org/forums/topic/network-adapter-settings-with-wmi-dns-suffix/
$class = [wmiclass]'Win32_NetworkAdapterConfiguration'
$class.SetDNSSuffixSearchOrder($null)
You may need to explore the details though. I think it is worth to comment with the link and snippet.
This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.
@cleydson Sorry that I haven't responded for so long. The proposal does not uncheck 'Append parent suffixes of the primary DNS suffix'.
This set's the search order
$class = [wmiclass]'Win32_NetworkAdapterConfiguration'
$class.SetDNSSuffixSearchOrder(@('company.local','sub.company.local'))
This just clears the search order, returning the default values, or the values that was set prior to settings the specific search order.
$class = [wmiclass]'Win32_NetworkAdapterConfiguration'
$class.SetDNSSuffixSearchOrder($null)
I think it's the AppendParentSuffixes
we are after from the MSFT_DNSClientGlobalSetting class.
PS > $dnsGlobalSettings = Get-CimInstance -Namespace root/standardCimv2 -ClassName MSFT_DNSClientGlob
alSetting
PS > $dnsGlobalSettings
Caption :
Description :
ElementName :
InstanceID :
AddressOrigin : 2
ProtocolIFType :
AppendParentSuffixes : True
AppendPrimarySuffixes : True
DNSSuffixesToAppend : {company.local}
DevolutionLevel : 0
SuffixSearchList : {company.local}
UseDevolution : True
UseSuffixSearchList : True
PSComputerName :
We just a need a way to change the value? 🤔 Tried this, but didn't work.
Set-CimInstance -Namespace root/standardCimv2 -Query 'select * from MSFT_DNSClientGlobalSetting' -Property @{ AppendParentSuffixes = $false }
Set-CimInstance -Namespace root/standardCimv2 -Query 'select * from CIM_DNSGeneralSettingData' -Property @{ AppendParentSuffixes = $false }
I'm a little late to the thread, but this is what I used.
I verified that it unchecks the box in the settings and changes the value in the registry as well.
Set-Itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name 'UseDomainNameDevolution' -value '0'
Thanks @StanJT - I think we're keen to implement this one using one of the methods suggested here, but it's not had enough time dedicated to it to get it done. It's on the backlog.
This took a couple of hours to figure out, but here is the solution:
Get-DnsClientGlobalSetting | Set-DnsClientGlobalSetting -SuffixSearchList ""
@SeanPearce74 I cannot see that it changes that checkbox in the initial issue description.
I'm a little late to the thread, but this is what I used.
I verified that it unchecks the box in the settings and changes the value in the registry as well.
Set-Itemproperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name 'UseDomainNameDevolution' -value '0'
with PowerShell as Admin and removing restrictions:
Set-ExecutionPolicy Unrestricted
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name 'UseDomainNameDevolution' -Value '0'