When configuring DHCP servers, two frequently confused options are domain-name (option 15) and domain-search (option 119). While both relate to DNS resolution, they serve distinct purposes in network configuration.
The domain-name option specifies the default domain name that will be appended to unqualified hostnames. For example, with this DHCP configuration:
option domain-name "example.com";
A client attempting to resolve "server" would try "server.example.com". However, this doesn't join the client to a Windows domain or change its FQDN - it purely affects DNS search behavior.
The domain-search option (introduced in RFC 3397) provides an ordered list of search domains for DNS resolution. Example configuration:
option domain-search "corp.example.com", "example.com", "test.example.com";
This creates a search path where unqualified names are tried with each domain in sequence.
- Scope:
domain-namesets a single default domain, whiledomain-searchprovides multiple search domains - Precedence: Modern clients typically prioritize
domain-searchwhen both options exist - Implementation:
domain-searchuses a more efficient encoding format (RFC 3397)
If you need to actually set the client's domain (for AD joining or similar), this requires either:
- Group Policy (Windows)
- Local configuration (/etc/hostname on Linux)
- Specialized DHCP options like Microsoft option 015 (MSFT Domain)
For ISC DHCP Server:
subnet 192.168.1.0 netmask 255.255.255.0 {
option domain-name "example.com";
option domain-search "corp.example.com", "example.com";
...
}
For dnsmasq:
dhcp-option=option:domain-name,example.com
dhcp-option=option:domain-search,corp.example.com,example.com
On Linux:
cat /etc/resolv.conf
# Should show search domains from DHCP
On Windows:
ipconfig /all
# Look for "Connection-specific DNS Suffix" and "DNS Suffix Search List"
In DHCP configurations, both domain-name (Option 15) and domain-search (Option 119) relate to domain name resolution, but serve distinct purposes:
- Option 15 (Domain-Name): Provides a default domain name that gets appended to unqualified hostnames
- Option 119 (Domain-Search): Specifies a search list of domains for DNS resolution
Contrary to common misconception, Option 15 doesn't "join" a client to a domain. Instead, it:
# Example ISC DHCP server configuration
option domain-name "internal.example.com";
This makes your system automatically append internal.example.com when resolving single-label names (e.g., ping server becomes ping server.internal.example.com).
Option 119 provides multiple search domains for resolution attempts:
# Configuring search domains in dhcpd.conf
option domain-search "dev.example.com", "prod.example.com", "example.com";
The system will try each domain in order when resolving unqualified names.
To truly set a client's domain membership (for Active Directory or similar), you need:
- Windows: Use Option 015 plus Group Policy or manual domain joining
- Linux: Requires manual configuration or tools like
realmd/sssd
Example Linux domain join command:
sudo realm join --user=admin example.com
ISC DHCP Server Configuration:
subnet 192.168.1.0 netmask 255.255.255.0 {
option domain-name "primary.example";
option domain-search "primary.example", "secondary.example";
option domain-name-servers 192.168.1.1;
range 192.168.1.100 192.168.1.200;
}
Verifying on Linux Clients:
# Check applied settings
cat /etc/resolv.conf
# Sample output:
# search primary.example secondary.example
# domain primary.example
# nameserver 192.168.1.1