Suffixes in DNS remain inactive after reconnecting.
Suffixes in DNS remain inactive after reconnecting.
We’re looking for a solution that keeps the DNS suffix consistent during VPN connections and disconnections without needing frequent manual changes.
Hi there! Could you tell me which VPN software you're currently using?
We are implementing Cisco Secure Client (supplied by the University).
The Cisco Secure Client automatically receives the necessary information from the VPN headend, eliminating the need for manual suffix additions. This highlights a significant issue with IT execution.
To ensure persistence, apply the suffix at the adapter or system level rather than per session. Option 1 involves configuring the VPN adapter via PowerShell with the appropriate alias and connection-specific suffix. Option 2 requires adjusting settings in the Control Panel under advanced system options to set a default DNS suffix. Option 3 works when a GPO exists, allowing IT to push the setting automatically. TL;DR: Use Set-DnsClient or configure through the Control Panel once for lasting effect.
The Anyconnect/Secure Client adapter gets removed and cleared during reconnect or disconnect actions. This behavior is normal since the VPN adapter follows its own process.
The challenge lies in maintaining persistent settings. AnyConnect/Secure Client adapters are temporary; each reconnect resets the virtual NIC, erasing any changes made at the adapter level. Two practical solutions I’ve encountered: 1. A persistent wrapper script that re-applies necessary configurations after connecting—this avoids manual setup and survives reconnections. 2. Applying a system-wide suffix through settings like Computer Properties, ensuring the domain appends correctly even during VPN changes. The trade-off is broader application, affecting all users unless GPO support is available. For self-managed setups, the scheduled task approach tends to be the simplest.
I adjusted the settings in Task Scheduler but wasn’t sure about the exact outcome. Should a task like this function properly? The trigger would activate an event that sets the DNS client to use the specified interface alias and connection-specific suffix. Regarding DNS suffixes, I was unsure if both needed to be included. If required, adding them to the list rather than replacing one is the correct approach. Updated September 11, 2025 by Cheeseman330.
You don’t have to use both suffixes unless your school’s domain splits hosts across different namespaces, like server1.university.edu and server1.ad.university.edu. If everything stays under ad.university.edu, just the single suffix works. For occasional root domain needs such as something.university.edu, keeping both makes sense. Windows will attempt them in sequence, starting from top to bottom. You can add more suffixes using the Append these DNS suffixes in order option, similar to what you saw in the screenshot. This way it adds without replacing and lets Windows try each until it finds a match. In short: retain both only if you resolve hosts in both environments. The order matters—place the most frequent one at the top. Your Task Scheduler or PowerShell approach will still function if you want automatic application, since DNS suffix lists already support multiple entries.