My goal is to have DNS queries for a certain host record return a different value for one of our offices. They will be the only area that should have a different result. All other offices and external requests should remain unchanged.
I performed the following, following the guidance of https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/primary-geo-location :
- Created DNS server client subnets on all DC's (our DC's are DNS servers, using AD integrated DNS) individually: Add-DnsServerClientSubnet -Name "Test_Client" -IPv4Subnet "10.1.2.0/24" -confirm -passthru -computername DC01
- Created zone scopes on all DC's individually: Add-DnsServerZoneScope -ZoneName "abc.com" -Name "abc_Test" -Verbose -PassThru -ComputerName DC01
- Created record for zone scope abc_test: Add-DnsServerResourceRecord -ZoneName "abc.com" -A -Name "mailtest" -IPv4Address "10.1.2.25" -ZoneScope "abc.test" -computername DC01
- Checked contents of the zone scopes on all DC's. All match: get-DnsServerResourceRecord -ZoneName abc.com -zonescope "abc_test" -computername DC01
HostName RecordType Type Timestamp TimeToLive RecordData
-------- ---------- ---- --------- ---------- ----------
@ NS 2 0 01:00:00 DC01.abc.com.
@ NS 2 0 01:00:00 DC04.abc.com.
@ NS 2 0 01:00:00 DC03.abc.com.
@ NS 2 0 01:00:00 DC02.abc.com.
@ SOA 6 0 01:00:00 [3][DC03.abc.com.][hostmaster.abc.com.]
testrecord A 1 0 01:00:00 10.1.2.25
6 . Then I created policy: Add-DnsServerQueryResolutionPolicy -Name "Test" -Action ALLOW -ClientSubnet "eq,Test_Client" -ZoneScope "abc_test,1" -ZoneName "abc.com" -computername DC01
I tested resolution with NSLookup. From a client in the desired client subnet it resolved the record for testrecord properly, as did all other clients. The issue was that for clients in that subnet, they were unable to resolve any other records. Other clients on that site, outside of the client subnet specified, had no resolution issues.
Should there be any other records in the ZoneScope other than the NS, SOA , and records to resolve differently?
Thank you for any help.
Dan