Default scope resolution stops when DnsServerQueryResolutionPolicy is defined

Question

I created below DNS policy as per documentation --> https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/primary-secondary-geo-location

Create the DNS Client Subnets Add-DnsServerClientSubnet -Name "USSubnet" -IPv4Subnet "192.0.0.0/24"

Add Zone Scopes Add-DnsServerZoneScope -ZoneName "woodgrove.com" -Name "USZoneScope"

Add Records to the Zone Scopes Add-DnsServerResourceRecord -ZoneName "woodgrove.com" -A -Name "www" -IPv4Address "192.0.0.1" -ZoneScope "USZoneScope"

Create the Policies Add-DnsServerQueryResolutionPolicy -Name "USPolicy" -Action ALLOW -ClientSubnet "eq,USSubnet" -ZoneScope "USZoneScope,1" -ZoneName "woodgrove.com"

With above policy DNS resolution for www.woodgrove.com works fine from client IP -192.0.0.5 and resolves to 192.0.0.1 However my earlier DNS records like sftp.woodgrove.com [192.0.0.2] stops resolving for 192.0.0.0/24 series client IPs

Answer 1

Hi @Sitaram Dhuri

Your policy command configure all clients from the USSubnet to use the USZoneScope zone for all entries in the Woodgrove.com domain. However if you only want to control the www record, then you need to configure the policy to monitor for a specific record, you do this with the -FQDN parameter. This is the commands to monitor and return different results for the www record:

Add-DnsServerClientSubnet -Name "USSubnet" -IPv4Subnet "192.0.0.0/24"  
Add-DnsServerZoneScope -ZoneName "woodgrove.com" -Name "USZoneScope"  
Add-DnsServerResourceRecord -ZoneName "woodgrove.com" -A -Name "www" -IPv4Address "192.0.0.1" -ZoneScope "USZoneScope"  
Add-DnsServerQueryResolutionPolicy -Name "USPolicy" -Action ALLOW -ClientSubnet "eq,USSubnet" -ZoneScope "USZoneScope,1" -fqdn "eq,www.woodgrove.com" -zonename "woodgrove.com"  

Gary.