question

SimonGadsby-2442 avatar image
0 Votes"
SimonGadsby-2442 asked CandyLuo-MSFT answered

DNS Policy for partial recursion?

Hi,

Is it possible to configure a Windows DNS Server to:

  1. Respond to queries for xyz.com from a given subnet

  2. Recurse everything else to the real xyz.com nameservers on the Internet?

This is a slightly a different case of split-brain DNS from that envisioned in the doco. It seems to me that DNS Policy does not quite seem to provide me this capability. I can do the first part, but the only options for Action on Add-DnsServerQueryResolutionPolicy are ALLOW, DENY and IGNORE. I would like to have a value there for RECURSE or similar. Is there some other way to configure this?

Situation is that we have a service that is internally routable from one subnet only and we need to use a public DNS name. I therefore want to identify queries from that subnet and specify the A record to use in the answer. All other queries however should be referred to the Internet since we do not hold the authoritative zone for this domain name.

It doesn't appear that I can use a recursion policy for this, so it does not seem possible. I also tried to create a DNS Policy for a stub zone or a conditional forwarder but it didn't like that either. My fallback is of course to create a primary zone and specify the current IP address from the real authoritative zone, however this will become stale and I would really prefer to recurse if possible.

Any thoughts appreciated!

Cheers,
Simon.


windows-server-2019windows-dhcp-dns
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

As far as I know, DNS Policy cannot achieve your goal.

0 Votes 0 ·

Thanks Candy, it seems so. Where would be the best place to log a feature request for this?

0 Votes 0 ·

1 Answer

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi,

UserVoice is where you can provide feedback to the Microsoft Product Groups who are now monitoring these forums.

You could post the feedback in our UserVoice directly, here is the link:

https://windowsserver.uservoice.com/forums/295047-general-feedback

After posting your idea, it will have one vote by default. If you want it to have more votes, then you could share this blog posting with your IT professionals, have them sign up and vote for your idea.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.