Thursday, March 6, 2014

What is DNS Devolution?

I came across this new buzz word when studying to upgrade my MCITP: EA to MCSE: Server Infrastructure.  This is a terminology I have never come across before and was not in my MCITP: EA.

Devolution is a method which allows member computers that are part of a child domain to resolve hostnames in parent domains.  Devolution creates new FQDNs by appending a single name queried like "Clints-PC" with parent suffixes for domains above it.

For example Clints-PC is in a child domain called "australia.corp.avantgardetechnologies.com.au" where avantgardetechnologies.com.au is the root domain with two child domains.  I have painted this in the following diagram.
 

If Clints-PC goes and pings "Avantgarde-FS01" the following will happen:

Clints-PC will query Avantgarde-FS01
Clints-PC will then query Avantgarde-FS01.australia.corp.avantgardetechnologies.com.au
Clints-PC will then query Avantgarde-FS01.corp.avantgardetechnologies.com.au
Clints-PC will then query Avantgarde-FS01.avantgardetechnologies.com.au

That is DNS Devolution my friends in a nutshell, it provides member computers the ability to search up the tree using different FQDN's until it can resolve one.

Also of importance, you can configure computers with a devolution value which is represented by a number.  This tells computers how far up the tree they can query before devolution will terminate.  The ability to control how far up the tree termination occurs is a new feature introduced in the Windows 7 / 2008 R2 operating systems.  For more information on this I recommend having a read of the following article http://technet.microsoft.com/en-us/library/ee683928.aspx

Now there are a few things you must also know about DNS Devolution.  Many companies that run multiple domains generally configure a "Global Suffix Search List" with Group Policy.  This specifies an order of domain names a single name resolution attempt will try and qualify itself against.  For example, lets say I have a global suffix search list as follows configured on the australia.corp.avantgardetechnologies.com.au domain pushed out with Group Policy:
  1. australia.corp.avantgardetechnologies.com.au
  2. sales.avantgardetechnologies.com.au
  3. avantgardetechnologies.com.au
With this configured, Clints-PC will now attempt to resolve the Avantgarde-FS01 in the order above and no longer work its way up the tree.  As soon as you configure a global suffix search list, DNS Devolution automatically gets disabled.

The second important thing you need to know about DNS Devolution is you must have "Append parent suffixes of the primary DNS suffix" check box selected under the Advanced TCP/IP settings for IPv4/IPv6.

That's it in a nutshell guys!  Thanks for reading.

No comments:

Post a Comment