DNS policies not working for split DNS

Question

Hi all,

I'm trying to set up DNS policies for the first time for our split DNS but they don't seem to be working. I've followed this article https://www.powershellmagazine.com/2015/05/13/introducing-dns-policies-in-windows-server-2016-technical-preview-2/

The problem I have is that records do not exist even when they're already created. Have I missed something? Is there another guide I could look up for this?

I'm trying to set up policies for split DNS based on client subnets as we only have 1 NIC on the domain controller which runs DNS.

Thanks,
James.

Answer 1

@Jimmy Hi,

Thank you for your reply!

I want to ask "adding -FQDN "eq,HostA.test.local" in the command" as you mentioned means which command? The command to "Add-DnsServerResourceRecord " or "Add-DnsServerQueryResolutionPolicy" or "Add-DnsServerClientSubnet". I would appreciate it if you share it with me since I want to test in my own environment too!

>>If I want to add 6 split DNS records in a zone, do I need to create 6 different policies for each record, or can I combine all the rules into 1 policy since they're all for 1 zone?

About this question, according to the guides to create policies, the PS commands should be create seperately with different scope,policy name and subnet. It is suggested that you should create 6 different policies for each record.

Hope you have a nice day!
Gloria

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

@Jimmy Hi,

Thank you for posting in Q&A!

Can you please provide the following information so I can troubleshoot your issue:

1. Use 'ipconfig /all'to show the DC's IP address.
2. What exact subnets do you configured with the DNS policy?
3. Which subnet occurred the problem of DNS resolution?
4. Can both the clients from different subnets communicate with DC successfully?
5. If it's convenient for you, please post the screenshoot of clients trying to reslove the records you create.

Hope you have a nice day!
Gloria

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

Thanks for your reply.

I've managed to get the policy working by adding -FQDN "eq,HostA.test.local" in the command. Not sure why it's needed but it's working.

However, I do have another question which I'm hoping you might be able to help.

If I want to add 6 split DNS records in a zone, do I need to create 6 different policies for each record, or can I combine all the rules into 1 policy since they're all for 1 zone?

Thank you.

Answer 4

Sure.

Add-DnsServerQueryResolutionPolicy -Name "SplitBrainZonePolicy" -Action ALLOW -FQDN "eq,HostA.test.local" -ClientSubnet "eq,SpecialServers" -ZoneScope "SpecialZoneScope,1" -ZoneName "test.local"

Thanks Gloria.