TechShizz | DNS Time Based Policy

DNS Time Based Policy

We can configure DNS in server 2016 to DENY, IGNORE or ALLOW the response of DNS requests. Here are the commands required to configure this. 

#Get current server time
Get-Date -DisplayHint Time

#Get current DNS Policies
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com

#Add a new Policy called "Time-Policy" to deny dns requests between 4AM and 11PM.
Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action DENY -TimeOfDay "eq,04:00-23:00" -ProcessingOrder 2

#Check result
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com

#Change Processing order (1 takes precedence)
Set-DnsServerQueryResolutionPolicy -ZoneName demo.com -Name "Time-Policy" -ProcessingOrder 1

#Check result
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com

#Remove the time policy
Remove-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Force

#Re-add the time policy but with IGNORE request instead
Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action IGNORE -TimeOfDay "eq,04:00-23:00" -ProcessingOrder 1

#Remove Time policy again
Remove-DnsServerQueryResolutionPolicy -zoneName hmm.com -Name "Time-Policy" -Force

#Add time policy to DENY between 11PM and Midnight, Order 1
Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action DENY -TimeOfDay "eq,23:00-23:59" -ProcessingOrder 1 

#Check Result
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com

#Change Policy order to 3
Set-DnsServerQueryResolutionPolicy -ZoneName demo.com -Name "Time-Policy" -ProcessingOrder 3

#Check result
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com

 

Add comment