Hello Everyone -
I am testing out using Server 2016's DNS policy for Split-Brain DNS in Active Directory and I am running into a problem with functionality. What I am attempting to do is setup a specific client subnet that will return an IP for a host that is different than that default Resource Record for that zone. I have three DNS servers. On Server1, I ran this similar configuration:
- Created DNS Zone:
Add-DnsServerPrimaryZone -Name "dnscheck.local" -ReplicationScope "Forest" -PassThru
- Created the client subnet:
Add-DnsServerClientSubnet -Name "POC_1-CS" -IPv4Subnet "10.219.193.0/26"
- Created the Zone Scope for the newly created zone:
Add-DnsServerZoneScope -ZoneName "dnscheck.local" -Name "POC_1-ZS"
- Add a Resource Record to the new Zone Scope:
Add-DnsServerResourceRecordA -Name "test" -ZoneName "dnscheck.local" -ZoneScope "POC_1-ZS" -IPv4Address "172.0.0.2"
- Created a default Resource Record:
Add-DnsServerResourceRecordA -Name "test" -ZoneName "dnscheck.local" -IPv4Address "172.0.0.1"
- Created Query Policy:
Add-DnsServerQueryResolutionPolicy -Name "Client Subnet POC test 1" -ClientSubnet "EQ,POC_1-CS" -FQDN "test.dnscheck.local" -ZoneName "dnscheck.local" -ZoneScope "POC_1-ZS,1" -Action ALLOW
I copied the DNS client subnet config to Server2 and Server 3.
I copied the DNS Query Policies to Server2 and Server3
During a test from a client in that subnet, it works when the client queries Server1, but does not return the correct Resource Record from Server2 and Server3 (it returns the "default" record.) I have verified that the client subnet and DNS Query policies are on Server2 and Server3. I also verified that the Zone Scope has replicated to Server2 and Server3.
What am I missing?
if I create a similar Query Policy for the DNS Zone "mydomain.com", the DNS query policies work from all three servers. Thinking this is how I created the new zone, I compared the new zone with "mydomain.com" and they match - AD Integrated Forest; replication to all DNS servers in the forest.
I feel it has to do with the test zone that I created, but I am missing what it could be.
Thanks for any responses.