DNS policies not working for split DNS

Jimmy 41 Reputation points
2020-10-20T11:29:30.26+00:00

Hi all,

I'm trying to set up DNS policies for the first time for our split DNS but they don't seem to be working. I've followed this article https://www.powershellmagazine.com/2015/05/13/introducing-dns-policies-in-windows-server-2016-technical-preview-2/

The problem I have is that records do not exist even when they're already created. Have I missed something? Is there another guide I could look up for this?

I'm trying to set up policies for split DNS based on client subnets as we only have 1 NIC on the domain controller which runs DNS.

Thanks,
James.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions
0 comments
Accepted answer
  1. Gloria Gu 3,891 Reputation points
    2020-10-23T02:29:17.58+00:00

    @Jimmy Hi,

    Thank you for your reply!

    I want to ask "adding -FQDN "eq,HostA.test.local" in the command" as you mentioned means which command? The command to "Add-DnsServerResourceRecord " or "Add-DnsServerQueryResolutionPolicy" or "Add-DnsServerClientSubnet". I would appreciate it if you share it with me since I want to test in my own environment too!

    >>If I want to add 6 split DNS records in a zone, do I need to create 6 different policies for each record, or can I combine all the rules into 1 policy since they're all for 1 zone?

    About this question, according to the guides to create policies, the PS commands should be create seperately with different scope,policy name and subnet. It is suggested that you should create 6 different policies for each record.

    Hope you have a nice day!
    Gloria

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gloria Gu 3,891 Reputation points
    2020-10-21T08:29:02.657+00:00

    @Jimmy Hi,

    Thank you for posting in Q&A!

    Can you please provide the following information so I can troubleshoot your issue:

    1. Use 'ipconfig /all'to show the DC's IP address.
    2. What exact subnets do you configured with the DNS policy?
    3. Which subnet occurred the problem of DNS resolution?
    4. Can both the clients from different subnets communicate with DC successfully?
    5. If it's convenient for you, please post the screenshoot of clients trying to reslove the records you create.

    Hope you have a nice day!
    Gloria

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Jimmy 41 Reputation points
    2020-10-22T11:08:21.007+00:00

    Thanks for your reply.

    I've managed to get the policy working by adding -FQDN "eq,HostA.test.local" in the command. Not sure why it's needed but it's working.

    However, I do have another question which I'm hoping you might be able to help.

    If I want to add 6 split DNS records in a zone, do I need to create 6 different policies for each record, or can I combine all the rules into 1 policy since they're all for 1 zone?

    Thank you.

    0 comments
  3. Jimmy 41 Reputation points
    2020-10-24T06:58:22.697+00:00

    Sure.

    Add-DnsServerQueryResolutionPolicy -Name "SplitBrainZonePolicy" -Action ALLOW -FQDN "eq,HostA.test.local" -ClientSubnet "eq,SpecialServers" -ZoneScope "SpecialZoneScope,1" -ZoneName "test.local"

    Thanks Gloria.