An Engineers Notebook

DNS Policy by Client Source Address

If we have various subnets we can create a DNS policy so that our DNS server responds differently to clients on different subnets. Here’s how:

#Add a new Demo DNS Zone
Add-DNSServerPrimaryZone -Name -Replication Domain
#Add two Client Subnets
Add-DNSServerClientSubnet -Name SubnetA -IPv4Subnet ""
Add-DNSServerClientSubnet -Name SubnetB -IPv4Subnet ""
#Add Zone Scopes for Subnets
Add-DNSServerZoneScope -ZoneName -Name "0_Scope"
Add-DNSServerZoneScope -ZoneName -Name "64_Scope"
#Add some A records
Add-DNSServerResourceRecord -ZoneName -A -Name App1 -IPv4Address "" -ZoneScope "0_Scope"
Add-DNSServerResourceRecord -ZoneName -A -Name App1 -IPv4Address "" -ZoneScope "64_Scope"
#Create the DNS Client Based Policy
Add-DNSServerQueryResolutionPolicy -Name "0_Policy" -Action ALLOW -ClientSubnet "eq,SubnetA" -ZoneScope "0_Scope,1" -ZoneName
Add-DNSServerQueryResolutionPolicy -Name "64_Policy" -Action ALLOW -ClientSubnet "eq,SubnetB" -ZoneScope "64_Scope,1" -ZoneName


Leave a Reply

Your email address will not be published.