Hello everybody,
I would like to know if anyone tested the new feature of DNS Server: Policies
I installed the DNS Role but not see nothing about the Policies on the GUI.
Thanks in ad
Technology Tips and News
Hello everybody,
I would like to know if anyone tested the new feature of DNS Server: Policies
I installed the DNS Role but not see nothing about the Policies on the GUI.
Thanks in ad
Hi,
I did the same test and could not find it also.
From my point of view, an announced feature that is nowhere to be found in the current release of the technical preview, DNS Policies will presumably allow you to manage how and when your DNS server responds to client queries.
According to the MS article:
DNS server policies is a new feature in the next version of Windows Server. With DNS policies, you can configure the DNS server to control the responses to DNS queries. DNS responses can be based on the public IP address of the DNS client, the time of the day, or several other parameters. DNS policies enable location-aware DNS, traffic management, load balancing, and other scenarios.
http://technet.microsoft.com/en-us/library/dn765484.aspx
Regards.
Hello Vivian,
Have you found something about this thread ???
Do you think it will be coming in the next update ?
Hugs
+ 1 on getting info regarding if this is an "upcoming" feature, and how to use/activate DNS Policies.
/A
Hi,
There is a little more information about policies here (.ppt and .pdf respectively):
The capability for policies exists in the Technical Preview but the PowerShell cmdlets to configure policies are not there yet. This will be coming soon.
I will spend some time configuring policies in the Technical Preview build and post a little more about it here in this thread, so you can see how it works, but the true testing should wait a little until policies can be configured more easily.
-Greg
Hi,
I've created a simple policy that denies DNS queries from a client subnet for a specific domain.
I created the domain 'denied.com' and another domain 'permitted.com' and then set up a policy to deny queries from client subnet 192.168.0.0/24 for denied.com. No policy is configured for permitted.com so by default the client can query this domain. The results are below, querying from a client that is on the restricted subnet (the client address is 192.168.0.1).
First, I show that I can query the permitted domain:
PS C:\> resolve-dnsname www.permitted.com
Name
Type TTL Section IPAddress
----
---- --- ------- ---------
www.permitted.com A
3600 Answer 192.168.0.2
Next, the restricted domain is queried, and the server replies with a failure:
PS C:\> resolve-dnsname www.denied.com
resolve-dnsname : www.denied.com : DNS server failure
At line:1 char:1
+ resolve-dnsname www.denied.com -server 192.168.0.4
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (www.denied.com:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName
-------------------------------------------------------------------------------------------------------------
This is obviously a very simple demonstration, but it works well. The policy is created with registry settings under:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\ClientSubnets
I would rather not share the details of the registry settings here because it is not advisable to configure policies directly in the registry. The Windows PowerShell cmdlets to configure policies will be available soon. If you'd like to contact me and discuss the settings more, please email me at greg dot Lindsay at Microsoft dot com.
Thanks,
-Greg
Great Greg
I will contact you to know more about that and thank so much for your help and support.
Best regards
You are right
DNS policies and powershell are available in TP2.
Documents will be published by the end of the week.
You can explore the cmdlets at
https://technet.microsoft.com/en-us/library/mt126273.aspx
(watch this space)
Please have a look at this