Posted: May 4, 2015

By June 30th, all agencies should have agency names removed from DNS workstation names.

Background Information

Currently, on the state network, some agencies are using a workstation primary DNS suffix that includes the agency name as part of the FQDN (fully qualified domain name).

An example of this would be a workstation with the FQDN "workstation123.itd.nd.gov" where the agency is "ITD". This can be problematic for agencies as the state network is configured as a flat domain/DNS with no sub categories for specific agencies. All state agencies belong to the nd.gov domain only. Therefore, all workstations should be configured as "workstationname.nd.gov" rather than "workstationname.agency.nd.gov".

Having the agency name as part of the domain name can create many “mismatched host name” issues for state agencies, such as: VPN connection issues, authentication errors, encryption software problems, domain trust issues, slower login times, unnecessary system event log messages, etc.

Additionally, agencies utilizing ITD’s Desktop Support Service launching in July will not be able to receive remote desktop support or proper software updates unless the FQDN is set properly.

Making the Change Using Group Policy Management

IT Coordinators can make the required DNS changes using group policy management. Each DNS policy will need to be altered to remove the agency specific name from the Primary Connection Suffix.

This is found in Group Policy in: Computer Configuration > Administrative Templates > Network > DNS Client > Primary DNS Suffix.

Currently, agencies may have “agency.nd.gov” and if so, it will have to be changed to “nd.gov”

Optional Supplemental Search

If an agency is concerned they have services running that need to look in the “agency.nd.gov” domain, a DNS Suffix Search List can be manually added. A DNS Suffix Search List is a list of domains the computer will search when trying to contact other computers.

This can be found in: Computer Configuration > Administrative Templates > Network > DNS Client > DNS Suffix Search List. From there, add “agency.nd.gov” if this is a concern.

Coordinating the Change with ITD

A coordinated effort will need to be scheduled between agencies and the ITD Network Operations Center (NOC) so the DNS changes can be simultaneously implemented at the network level and individual workstation levels. Once an agency has verified they need to make DNS changes, they should use WMS to submit a Network service request, under the "Network Services" heading, with the date and time the agency wants to implement the change. Please try to have this changeover implemented by June 30th, 2015.

If you have questions, please contact the ITD Service Desk (701-328-4470)