Primary DNS Suffix Devolution Level

This policy setting determines the Domain Name System (DNS) suffix devolution level that DNS clients will use, if the clients perform primary DNS suffix devolution in a name resolution process. When DNS suffix devolution is enabled, the leftmost label of a primary DNS suffix is dropped on each successive query attempt, when a query fails for a name to which a primary DNS suffix has been attached. The devolution level indicates the minimum number of labels that must be added to the query string after the primary DNS suffix is devolved.

When a user submits a query for a single-label name, such as "example," a local DNS client attaches a suffix, such as "microsoft.com" to the query, before sending the query to a DNS server. In this case, this results in the query "example.microsoft.com."

If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries is resolved, the client devolves the primary DNS suffix of the computer, attaches the devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.

For example, if the primary DNS suffix aaa.bbb.ccc.ddd.microsoft.com is attached to the single-label name "example" (which has no dot at the end), and if DNS suffix devolution is enabled and the level is set to 3, the following queries would be run:

Example.aaa.bbb.ccc.ddd.microsoft.com (If this query fails, for the next query the primary DNS suffix will devolve to bbb.ccc.ddd.microsoft.com.)

Example.bbb.ccc.ddd.microsoft.com (If this query fails, for the next query the primary DNS suffix will devolve to ccc.ddd.microsoft.com.)

Example.ccc.ddd.microsoft.com (If this query fails, for the next query the primary DNS suffix will devolve to ddd.microsoft.com.)

Example.ddd.microsoft.com (If this query fails, no further queries can be made because the devolution level is set to 3 and the primary DNS suffix contains 3 labels.)

If you enable this policy setting, DNS clients on the computers to which this setting is applied attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix. The DNS clients will devolve the primary DNS suffix on each query attempt until the name is successfully resolved, the devolution level specified in this setting has been reached, or the primary DNS suffix name has two labels.

If you disable or do not configure this policy setting, DNS clients on the computers to which this setting is applied do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS suffix. If a Forest Root Domain (FRD) is present, no search list is configured, and the query is for a single-label name, then the DNS client will devolve up to the FRD until the name is successfully resolved.


Supported on: At least Windows 2000
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows NT\DNSClient
Value NameEnableDevolutionLevelControl
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Set the primary DNS suffix devolution level

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\Windows NT\DNSClient
Value NameDomainNameDevolutionLevel
Value TypeREG_DWORD
Default Value2
Min Value2
Max Value4294967200

dnsclient.admx

Administrative Templates (Computers)

Administrative Templates (Users)