Just another webdesign blog…
Windows Server 2008 RC2 DHCP Server Option 119
If you’ve scoured through Windows Server configurations for the DHCP server looking to set the Search Domains and have come up empty, there’s good reason: Most, if not all, versions of Windows do not support setting Search Domains via DHCP (option 119), thus Microsoft does not include a visible option to set this on their DHCP servers.
99% of the computers used at my company are Windows based, so we use GPO to push down the search domains and it works pretty well. We do, however, have iPads used by upper management, as well as Android users connecting to the corporate wifi and a few of us using Linux based operating systems which won’t accept Microsoft’s GPO. We were essentially out in the cold unless we manually configured our networking options to add all of the search domains used by our company.
Someone in Executive Management requested that the “GPO only” push of search domains be changed to be included in the DHCP server for any non-Windows users. After 3 hours of troubleshooting, searching the web, and scouring RFC’s, we finally implemented it. Here are some notes about our journey: Technet is wrong when it explains how to add this functionality; everyone who says just use GPO simply didn’t get that non-Windows couldn’t use GPO; Stephen was close in his explanation, but that still didn’t work (chankster even pointed him to the RFC that helped me, but he brushed it off).
The size does indeed have to be per domain component (excluding the ‘.’); but the size also comes BEFORE the domain component, not after. The domain in it’s entirety also needs to be null terminated. So here’s an example: apple.com (we’ll use Stephen’s example as a base).
We have two domain components: apple and com
Translated to hex, we get the following:
a - 0x61 p - 0x70 p - 0x70 l - 0x6c e - 0x65 c - 0x63 o - 0x6f m - 0x6d
The size of apple is 5, or 0×05 and the size of com is 3, or 0×03, so our complete string is
0x05 0x61 0x70 0x70 0x6c 0x65 0x03 0x63 0x6f 0x6d 0x00
Each one of these needs to be individually added as a separate byte in the array for the 119 option in the DHCP server configuration (Remember to null terminate the entries with 0×00). Once we made this change and saved it, our non-Windows based clients were then able to get the Search Domains via DHCP (note: it appears Android does not support option 119 as well, at least from my testing with packets from Wireshark).
Hope this helps someone out.
| Print article | This entry was posted by Matt on March 16, 2011 at 3:54 pm, and is filed under Linux. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 10 months ago
Thanks for this article, made my life easier. I noticed a small mistake: You interchanged the hex codes for o and m
about 10 months ago
Thanks Derek, I’ve corrected the hex codes. Glad this helped you.
about 10 months ago
Works perfectly! Thanks so much for this.
about 9 months ago
Great article Matt, it really helped me out! Just one question – I have this working for multiple domains but it doesn’t seem to work for sub domains.
For example, below are the domains and how they show up on the client:
Converted to HEX and entered in DHCP 119:
domain1.local
domain1.net
sub.domain1.net
DNS Search List on Client:
domain1.local
.domain1.net
Any pointers would be greatly appreciated.
Thanks.
about 9 months ago
Don’t worry, simple typo was the issue! Easily done with all those HEX bytes!
Thanks again for the great article.
about 9 months ago
Glad you got it sorted… I was a bit perplexed at first, because all but one of our domains at work are sub-domains, so it should have worked.
about 7 months ago
Thanks! Brilliant lifesaver. We’re slowly moving all our DHCP to Windows across hundreds of schools and we have various intranet sites with different domain endings. This helps the Macs get there where the content has many unqualified links. Don’t approve of unqualified links myself but you can’t stop everyone in such a large disparate organisation.
about 6 months ago
Sorry to ask dummie questions (hope this help other dummies), so let’s say, i.e. I set 119 as a default dhcp option on a DHCP Windows Server, type string. Then configuring a scope options for a search list in foo.com and tenletters.com, according to Microsoft http://technet.microsoft.com/en-us/library/dd572752(office.13).aspx I should write in the ‘String’ field foo.com;tenletters.com, but this shouldn’t work on all OSes.
Instead you suggest to set option 119 type as Byte and flag ‘Array’, then add for each (?) suffix an 119 option like 0×03 0×66 0x6f 0x6f 0×03 0×63 0x6f 0x6d 0×00 (corresponding to foo.com) and 0x0a 0×74 0×65 0x6e 0x6c 0×65 0×74 0×74 0×65 0×72 0x7a 0×03 0×63 0x6f 0x6d 0×00 (corresponding to tenletterz.com)? Does this work on Windows XP to 7?
In any case, readers take care to convert string length, which is a number, following the link Decimal to Hex
about 6 months ago
Sorry, forgot to change all tenletterz.com. No offense and no reference to letters.com (existing)
about 6 months ago
Yes, I’m basically saying don’t listen to Microsoft. This will not work on any Windows machine as Windows does not support option 119. If you want to push down search domains to Windows machines you’ll need to either manually configure it on your machines or use Group Policy.
about 6 months ago
Thanks Matt for the information. However, I have followed your instructions but my mac clients are still not receiving the domain search list. Is there an order in which you enter the bytes into the Data Byte Entry?
In your example: 0×05 0×61 0×70 0×70 0x6c 0×65 0×03 0×63 0x6f 0x6d 0×00, do you enter 0×05 first, or 0×00?
Many thanks in advanced!
about 5 months ago
We typed them in, in the exact order shown. I’d suggest using a tool like Wireshark to capture the packets on the Mac (or over the wire in promiscuous mode) and see if a) the Mac is requesting option 119 from the server, and b) if so, what the response from the server is.
about 1 month ago
Matt,
What the other person was trying to ask was the order in which the DHCP server reads the hex information. If you type it in the order in which you did, it shows up backwards in the scope options. Assuming the first hex address it read was 0×0 instead of 0×05, it would expect no letters after the first hex. If the first hex was 0×05, it would expect 5 letters.
I will assume since the other scope options are in the correct order, you would need to put these in reverse order.
about 2 weeks ago
Is there a maximum length? I can get apple.com to work fine, like your example above… but I can’t get my company domain to work. 12(criticalmass) + 3(com) characters.