Test DNS Policies Windows Server Technical Preview

Hello everybody,

I would like to know if anyone tested the new feature of DNS Server: Policies

I installed the DNS Role but not see nothing about the Policies on the GUI.

Thanks in ad

October 13th, 2014 1:46pm

Hi,

I did the same test and could not find it also.

From my point of view, an announced feature that is nowhere to be found in the current release of the technical preview, DNS Policies will presumably allow you to manage how and when your DNS server responds to client queries.

According to the MS article:

DNS server policies is a new feature in the next version of Windows Server. With DNS policies, you can configure the DNS server to control the responses to DNS queries. DNS responses can be based on the public IP address of the DNS client, the time of the day, or several other parameters. DNS policies enable location-aware DNS, traffic management, load balancing, and other scenarios.

http://technet.microsoft.com/en-us/library/dn765484.aspx

Regards.

Free Windows Admin Tool Kit Click here and download it now
October 17th, 2014 2:27am

Hello Vivian,

Have you found something about this thread ???

Do you think it will be coming in the next update ?

Hugs

October 22nd, 2014 10:22pm

+ 1 on getting info regarding if this is an "upcoming" feature, and how to use/activate DNS Policies.

/A

Free Windows Admin Tool Kit Click here and download it now
October 24th, 2014 7:56am

Hi,

There is a little more information about policies here (.ppt and .pdf respectively):

https://indico.dns-oarc.net//getFile.py/access?contribId=39&sessionId=3&resId=1&materialId=slides&confId=20

https://indico.dns-oarc.net//getFile.py/access?contribId=39&sessionId=3&resId=0&materialId=slides&confId=20

The capability for policies exists in the Technical Preview but the PowerShell cmdlets to configure policies are not there yet.  This will be coming soon. 

I will spend some time configuring policies in the Technical Preview build and post a little more about it here in this thread, so you can see how it works, but the true testing should wait a little until policies can be configured more easily.

-Greg

October 27th, 2014 8:25pm

Hi,

I've created a simple policy that denies DNS queries from a client subnet for a specific domain.

I created the domain 'denied.com' and another domain 'permitted.com' and then set up a policy to deny queries from client subnet 192.168.0.0/24 for denied.com. No policy is configured for permitted.com so by default the client can query this domain. The results are below, querying from a client that is on the restricted subnet (the client address is 192.168.0.1).

First, I show that I can query the permitted domain:

PS C:\> resolve-dnsname www.permitted.com

Name                                           Type   TTL   Section    IPAddress
----                                           ----   ---   -------    ---------
www.permitted.com                              A      3600  Answer     192.168.0.2

Next, the restricted domain is queried, and the server replies with a failure:

PS C:\> resolve-dnsname www.denied.com
resolve-dnsname : www.denied.com : DNS server failure
At line:1 char:1
+ resolve-dnsname www.denied.com -server 192.168.0.4
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (www.denied.com:String) [Resolve-DnsName], Win32Exception
    + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName

-------------------------------------------------------------------------------------------------------------

This is obviously a very simple demonstration, but it works well. The policy is created with registry settings under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\ClientSubnets

I would rather not share the details of the registry settings here because it is not advisable to configure policies directly in the registry. The Windows PowerShell cmdlets to configure policies will be available soon. If you'd like to contact me and discuss the settings more, please email me at greg dot Lindsay at Microsoft dot com.

Thanks,

-Greg


Free Windows Admin Tool Kit Click here and download it now
October 31st, 2014 7:01pm

Great Greg

I will contact you to know more about that and thank so much for your help and support.

Best regards

November 4th, 2014 3:43am

The PowerShell cmdlets seem to be workin
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2015 4:53pm

You are right

DNS policies and powershell are available in TP2.

Documents will be published by the end of the week.

You can explore the cmdlets at

https://technet.microsoft.com/en-us/library/mt126273.aspx

(watch this space)

May 7th, 2015 4:07pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics