This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 2%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENT%3C/text%3E%3C/svg%3E)
Hi, community.
I made a DNS policy for subnet, zone scope and added record type A.
My A record, made above, resolving on client from subnet, it's OK. But while policy enabled, that client can't resolving other records in domain. Appears error: *** UnKnown can't find name.my_domain.com: Non-existent domain
Did like these:
Add-DnsServerClientSubnet -Name "Subnet_name" -IPv4Subnet "10.10.10.200/30"
Add-DnsServerZoneScope -ZoneName “my_domain.com” -Name “ZoneScope_name”
Add-DnsServerResourceRecord -ZoneName “my_domain.com” -A -Name “A_record_name” -IPv4Address "10.10.10.201" -ZoneScope “ZoneScope_name”
Add-DnsServerQueryResolutionPolicy -Name “Policy_name” -Action ALLOW -ClientSubnet “eq,Subnet_name” -ZoneScope “ZoneScope_name,1” -ZoneName “my_domain.com” –PassThru
What i did wrong?
Answer accepted by question author
If you have other records in the same domain zone and you only want a single record to use the policy, you will need to create a record based policy not a zone policy. Try using the -fqdn option rather than the -zonescope option on Add-DnsServerQueryResolutionPolicy.
Hi Gary. Thank you for advice, it help me to solve problem.
But only one thing, PowerShell return error if using the -fqdn option rather than the -zonescope. Need use both options.
And one more question, about NS record type. Is it possible to make policy, which will do same, as in first question, only for NS record. I want separate subnets clients resolve one name server to different ip addresses.
Have a look at this response which I think is the same. https://learn.microsoft.com/en-us/answers/questions/782295/my-dnsserverqueryresolutionpolicy-problem. I haven't tried setting a policy on NS records but the ns record type is supported - https://learn.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverresourcerecord?view=windowsserver2022-ps.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 51%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
Hello,
I think I have a similar problem
I have 2 internal subnet, and on those I want some of my records to have a differents IP Addresses resolved.
But my default ZoneScope contains all other Records and I also want them to be resolved in this subnet.
How can I prioritize response for a record on a certain subnet?
When I create my InternalZoneScope with my specifics Records for my Internal clients, all other records of my defaut ZoneScope are not resolved (RESPONSE "Non-Existent domain")
I tried to write different ZoneScopes on my QueryResolutionPolicy
Like
Add-DnsServerQueryResolutionPolicy -Name "Internal1_ResolutionPolicy" -ZoneName "primary.zone" -ClientSubnet "eq,Internal1_Subnet" -ZoneScope "Internal1_ZoneScope,1;primary.zone,1" -ProcessingOrder 1 -PassThru
And I also Tried with changing weights value but It's just switching between the 2 ZoneScopes.
The only thing that I have now to make this work is copying an HOSTS file on all my internal client but I would prefer managing this in my DNS Server Directly
