Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog

DNS Policy by Client Source Address

Posted on February 23, 2021 By rich No Comments on DNS Policy by Client Source Address

If we have various subnets we can create a DNS policy so that our DNS server responds differently to clients on different subnets. Here’s how:

#Add a new Demo DNS Zone
Add-DNSServerPrimaryZone -Name demo.com -Replication Domain
#Add two Client Subnets
Add-DNSServerClientSubnet -Name SubnetA -IPv4Subnet "192.168.1.0/26"
Add-DNSServerClientSubnet -Name SubnetB -IPv4Subnet "192.168.1.64/26"
#Add Zone Scopes for Subnets
Add-DNSServerZoneScope -ZoneName demo.com -Name "0_Scope"
Add-DNSServerZoneScope -ZoneName demo.com -Name "64_Scope"
#Add some A records
Add-DNSServerResourceRecord -ZoneName demo.com -A -Name App1 -IPv4Address "192.168.0.100" -ZoneScope "0_Scope"
Add-DNSServerResourceRecord -ZoneName demo.com -A -Name App1 -IPv4Address "192.168.0.101" -ZoneScope "64_Scope"
#Create the DNS Client Based Policy
Add-DNSServerQueryResolutionPolicy -Name "0_Policy" -Action ALLOW -ClientSubnet "eq,SubnetA" -ZoneScope "0_Scope,1" -ZoneName demo.com
Add-DNSServerQueryResolutionPolicy -Name "64_Policy" -Action ALLOW -ClientSubnet "eq,SubnetB" -ZoneScope "64_Scope,1" -ZoneName demo.com

 

Post navigation

❮ Previous Post: HTTP Error 503 when Single Sin On redirecting to ADFS Server After Re-Enabling Single Sign On
Next Post: Connecting to and Configuring Nano Servers ❯

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown