Policy
Primary DNS suffix devolution level
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows2000, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP
Specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process. With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name. The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. Devolution is not enabled if a global suffix search list is configured using Group Policy. If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: The primary DNS suffix, as specified on the Computer Name tab of the System control panel. Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection. For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two. If you enable this policy setting and DNS devolution is also enabled, DNS clients use the DNS devolution level that you specify. If this policy setting is disabled, or if this policy setting is not configured, DNS clients use the default devolution level of two provided that DNS devolution is enabled.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Set the primary DNS suffix devolution level ID DNS_DomainNameDevolutionLevelLabel | decimal | HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel Type REG_DWORD | Range: 2 to 4294967200 |
Other policies in this category
Explore related policies at the same level.
- ComputerAllow DNS suffix appending to unqualified multi-label name queriesAt least Windows Vista
- ComputerAllow NetBT queries for fully qualified domain namesAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerConfigure Discovery of Designated Resolvers (DDR) protocolAt least Windows 11 Version 23H2
- ComputerConfigure encrypted name resolutionAt least Windows Server 20H2, Windows 10 Version 20H2
- ComputerConfigure multicast DNS (mDNS) protocolAt least Windows Server 2016, Windows 10 Version 1703
- ComputerConfigure NetBIOS settingsAt least Windows Vista
- ComputerConnection-specific DNS suffixWindows XP Professional only
- ComputerDNS serversWindows XP Professional only
- ComputerDNS suffix search listAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerDynamic updateAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerIDN mappingAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerPrefer link local responses over DNS when received over a network with higher precedenceAt least Windows Server 2012, Windows 8 or Windows RT