TechShizz | Tech Guides

DNS Policy by Client Source Address

If we have various subnets we can create a DNS policy so that our DNS server responds differently to clients on different subnets. Here's how:

#Add a new Demo DNS Zone
Add-DNSServerPrimaryZone -Name demo.com -Replication Domain

#Add two Client Subnets
Add-DNSServerClientSubnet -Name SubnetA -IPv4Subnet "192.168.1.0/26"
Add-DNSServerClientSubnet -Name SubnetB -IPv4Subnet "192.168.1.64/26"

#Add Zone Scopes for Subnets
Add-DNSServerZoneScope -ZoneName demo.com -Name "0_Scope"
Add-DNSServerZoneScope -ZoneName demo.com -Name "64_Scope"

#Add some A records
Add-DNSServerResourceRecord -ZoneName demo.com -A -Name App1 -IPv4Address "192.168.0.100" -ZoneScope "0_Scope"
Add-DNSServerResourceRecord -ZoneName demo.com -A -Name App1 -IPv4Address "192.168.0.101" -ZoneScope "64_Scope"

#Create the DNS Client Based Policy
Add-DNSServerQueryResolutionPolicy -Name "0_Policy" -Action ALLOW -ClientSubnet "eq,SubnetA" -ZoneScope "0_Scope,1" -ZoneName demo.com
Add-DNSServerQueryResolutionPolicy -Name "64_Policy" -Action ALLOW -ClientSubnet "eq,SubnetB" -ZoneScope "64_Scope,1" -ZoneName demo.com

 

DNS Policy Load Balancing | Server 2016

By default if we have multiple A records with the same name, the DNS server will round robin i.e alternate through each record returning the value of each DNS record. This is great but if we want more control over balancing the responses to different records we can use DNS Load Balancing Policy to distribute responses in the desired way.

#Add a DNS Zone
Add-DNSServerPrimaryZone -Name "loadbalance.com" -ReplicationScope Domain

#Add a Zone Scope called "Scope-Heavy"
Add-DNSServerZoneScope -ZoneName "loadbalance.com" -Name "Scope-Heavy"

#Add a  Zone Scope called "Scope-Light"
Add-DNSServerZoneScope -ZoneName "loadbalance.com" -Name "Scope-Light"

#Add some A records to each zone, with different IP addresses to which the load will be balanced accordingly
Add-DNSServerResourceRecord -ZoneName "loadbalance.com" -A -Name "www" -IPv4Address "192.168.1.11"
Add-DNSServerResourceRecord -ZoneName "loadbalance.com" -A -Name "www" -IPv4Address "192.168.1.12" -ZoneScope "Scope-Light"
Add-DNSServerResourceRecord -ZoneName "loadbalance.com" -A -Name "www" -IPv4Address "192.168.1.13" -ZoneScope "Scope-Heavy"

#Set a Policy, so that server 192.168.1.13 gets around 9 out of every 11 requests.
Add-DNSServerQueryResolutionPolicy -Name "LB-Policy" -Action ALLOW -Fqdn "EQ,*" -ZoneScope "loadbalance.com,1;Scope-Light,1;Scope-Heavy,9" -ZoneName "loadbalance.com"

#Check it applied
Get-DNSServerQueryResolutionPolicy -ZoneName "loadbalance.com"

Configure DNS Response Rate Limiting

We configure DNS reponse rate limiting from powershell.

##GetDNS Reponse Rate Limiting Settings
Get-DNSServerResponseRateLimiting

##Enable DNS Reponse Rate Limiting Logging only
Set-DNSServerResponseRateLimiting -ResponsePerSec 2 -ErrorsPerSec 2 -IPv4PrefixLength 26 -Leakrate 3 -Mode LogOnly -Force

##Enable DNS Reponse Rate Limiting
Set-DNSServerResponseRateLimiting -ResponsePerSec 2 -ErrorsPerSec 2 -IPv4PrefixLength 26 -Leakrate 3 -Mode Enable -Force

#Disable DNS Reponse Rate Limiting
Set-DNSServerResponseRateLimiting -Mode Enable -Force

Error: "Cannot find the Windows PowerShell data file 'ImportExportIscsiTargetConfiguration.psd1'"

Problem

While installing an iSCSI target server manager displays the error: "Cannot find the Windows PowerShell data file 'ImportExportIscsiTargetConfiguration.psd1'"

Solution

On the computer where server manager is running, go to:

'C:\Windows\System32\WindowsPowerShell\v1.0\Modules\IscsiTarget\en-US\'

COPY the en-US folder and then rename it to "en-GB".

Run the wizard again and this time there should be no error.

Setting up Failover Clustering | Server 2016 via PowerShell

Servers in this example:

DC1 - Domain Controller

FS1 - File Server for Shared Storage

Cluster-Host1 - Cluster Node

Cluster-Host2 - Cluster Node

Here is the required networking for this lab:

Production Network - 10.0.0.0/24 | DC, FS1, Cluster-Host1, Cluster-Host2

Cluster Network -    10.0.1.0/24 | Cluster-Host1, Cluster-Host2

Storage Network  -    10.0.2.0/24 | FS1

First we set up the required storage, iSCSI on the file server. This will consist of the shared storage for whatever App and a Quorum disk. Both disks should be formatted as NTFS (this will be done in the powershell below. The PowerShell commands are making use of the Invoke-Command cmdlet, to enable us to run these commands from a domain joined computer with the right admin credentials. Only one of the last two commands are required, depending on if your setting up a domain based cluster or not.

NOTE: During this process in Server 2016 from a Windows 10 Machine running RSAT, I had issues using the GUI to set this up. See https://www.techshizz.com/post/error-cannot-find-the-windows-powershell-data-file-importexportiscsitargetconfiguration-psd1 for details. 

 

## iSCSI Initiators (pre-target) ##

# start iscsi initiator service on both nodes
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-Service *iscsi* | Set-Service -StartupType Automatic -PassThru | Start-Service }

# view iscsi initiator addresses
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-InitiatorPort }

# create iscsi target portal for discovery
Invoke-Command Cluster-Host1,Cluster-Host2 { New-IscsiTargetPortal -TargetPortalAddress 10.0.0.20 }


## iSCSI Target ##

# create iscsi lun
Invoke-Command FS1 { New-IscsiVirtualDisk -Path C:\DataDisk.vhdx -SizeBytes 100GB }
Invoke-Command FS1 { New-IscsiVirtualDisk -Path C:\QuorumDisk.vhdx -SizeBytes 1GB }

# create iscsi target
Invoke-Command FS1 { New-IscsiServerTarget -TargetName CL-Target -InitiatorIds "IQN:iqn.1991-05.com.microsoft:cluster-host1.lab.local","IQN:iqn.1991-05.com.microsoft:cluster-host2.lab.local" }

# assign luns to target
Invoke-Command FS1 { Add-IscsiVirtualDiskTargetMapping -TargetName CL-Target -Path C:\DataDisk.vhdx }
Invoke-Command FS1 { Add-IscsiVirtualDiskTargetMapping -TargetName CL-Target -Path C:\QuorumDisk.vhdx }


## iSCSI Initiators (post-target) ##

# update discovery portal with new target information
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-IscsiTargetPortal | Update-IscsiTargetPortal }

# view iscsi targetGet
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-IscsiTarget }

# connect initiators to target
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-IscsiTarget | Connect-IscsiTarget }

# force the connection to persist (across reboots)
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-IscsiSession | Register-IscsiSession }

--------------
##Connect to ONE of the cluster hosts to format the disks. Repeat for each disk. Label Witnes as W and data D.

# view disks
Get-Disk

# initialize disks as GPT
Initialize-Disk -Number 2 -PartitionStyle GPT

# view partitions
Get-Partition

# partition an entire disk
New-Partition -DiskNumber 2 -UseMaximumSize -Driveletter D

# view volumes
Get-Volume

# format with a file system
Format-Volume -DriveLetter I -FileSystem NTFS -AllocationUnitSize 4096 -NewFileSystemLabel "IT Data"
-----

## Failover Clustering ##
# install failover clustering feature on both nodes
Invoke-Command Cluster-Host1,Cluster-Host2 { Install-WindowsFeature Failover-Clustering,RSAT-Clustering-PowerShell }

# run cluster validation
Test-Cluster -Node Cluster-Host1,Cluster-Host2

# create a new cluster (single domain)
New-Cluster -Name Cluster1 -Node Cluster-Host1,Cluster-Host2 -StaticAddress 10.0.0.150 -IgnoreNetwork 10.0.1.0/24,10.0.2.0/24

# create a new cluster (multi-domain/workgroup - no network name)
New-Cluster -Name Cluster1 -Node Cluster-Host1,Cluster-Host2 -StaticAddress 10.0.0.150 -AdministrativeAccessPoint Dns