Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Public DNS question - Trailing period

5 views
Skip to first unread message

Tony Su

unread,
Apr 15, 2005, 4:51:12 PM4/15/05
to
Hello,
Hoping someone can describe the wherefors and whys regarding the MS DNS
practice of inserting a trailing period after every hostname record.

I first became aware of this issue when I set up using Windows as a Public
DNS server but didn't think much of it after that, considering it only a
peculiarilty.

Tom Shinder (esteemed ISA authority) posted today on a mail list list that
it's required, saying "... it's related to qualifying unqualifed names which
is related to how the client resolver works."

In the software world, I have sometimes seen how a trailing character can be
important because appended strings don't always lead with an appropriate
character, breaking the string's delimitation.

Example
Querying for "Hostname" in "MyDomain.com"
If a query for "Hostname" does not automatically insert a trailing period,
the query is for "HostnameMyDomain.com" instead of "Hostname.MyDomain.com"

So, first question:
Is the reasoning behind a DNS hostname trailing period the same and if so
what situations would this be important?

Second question:
Tom's comment was actually a response in a thread where it was asked why
NSLOOKUP querying a remote, non-cached domain/hostname times out. Others
including myself tested and found that the trailing period did not make a
difference although the query might have to be repeated after a few seconds.
Should a trailing period make a difference here? Obviously if the trailing
period is <only> for the delimiter reason I mentioned above, then I don't see
how it should be important for a simple query, but am looking for a more
detailed explanation.

Thx,
--
Tony Su
www.su-networking.com
ISA
SBS
Enterprise Mobile Solutions Architect

Kevin D. Goodknecht Sr. [MVP]

unread,
Apr 15, 2005, 6:29:30 PM4/15/05
to

It is not only an MS practice, it is what make a name fully qualified domain
name, if the is no period, the name is not fully qulified and the DNS client
will append the DNS suffix search list to the queries. If you put in the
period, the name is fully qualified and is sent to DNS as is.
To see what happens run nslookup -d2 domain.com <--no trailing dot, then
run nslookup -d2 domain.com. <-trailing dot

If you do a lookup on a host name with the dot, the DNS suffix search list
is not appended and the host name lookup will fail because there is no
domain name for it to look in for the host name. Without the dot, the DNS
suffix search list is appended and nslookup will send queries to the DNS
server appending all suffixes until the host name is found or if the host is
not found in any of the suffixes appended the query fails.

By default, if your primary DNS suffix is a third level name like
sub.domain.com it will first append sub.domain.com then it will append the
parent suffix domain.com. If you DNS does not have a zone for domain.com DNS
will try to find domain.com and look there for the name. You can stop this
behavior bu de-selecting "Append parent suffixes of the primary DNS suffix"
on the DNS tab of TCP/IP properties.

You can apply this in a Group Policy to XP and Win2k3 clients (It won't work
on Win2k clients)
Computer Configuration
-Administrative Templates
-Network
-DNS Client
-Primary DNS Suffix Devolution (Disabled)


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


Tony Su

unread,
Apr 18, 2005, 2:31:02 PM4/18/05
to
Hello Kevin,
Thank you for the detailed and excellent explanation. I have been able to
verify everything you describe.

Follow up... What about the situation where there is a trailing dot at the
end of a TLD (Top Level Domain)?

By default, Windows appends a trailing dot to <every> namespace whether it's
a host or any level domain. The existence of a trailing dot does not seem to
make any difference to Windows clients, but in the past I've found that
non-MS boxes cannot resolve a FQDN with a trailing dot properly.

IIRC the exact situation I ran into years ago...

Configured a Win2K DNS as authoritative for my public Domain.
Configured an MX record pointing to the proper A record.
Discovered that mail failed because non-MS DNS could not resolve the MX
record because it pointed to a record with a trailing dot (eg.
mail.mydomain.com.).
Resolved by removing the trailing dot from the TLD records.

It would seem to me that the trailing dot should not make a difference to
clients because the name is fully qualified and no suffix would normally be
appended in any situation on the Public Internet.

Tony

0 new messages