This configuration parameter specifies the list of domain controllers that should be filtered out when resolving the domain controller to contact through DNS. This configuration parameter enables you to prevent the adclient process from attempting to contact domain controllers that are known to be inaccessible, for example, because they reside behind a firewall, or domain controllers that shouldn’t be contacted, for example, because of their physical location or because they are no longer valid domain controllers for the site.

The parameter value can be one or more fully-qualified domain controller server names. If you are specifying more than one domain controller name, the names can be separated by commas or spaces. For example:

dns.block: ginger.ajax.org,salt.ajax.org,nc1.sea.ajax.org

In most cases, you set this configuration parameter using group policy.

If you don’t specify a value for this parameter, access is not blocked for any domain controllers.