An Engineers Notebook

DNS Policy by Client Source Address

If we have various subnets we can create a DNS policy so that our DNS server responds differently to clients on different subnets. Here’s how:

#Add a new Demo DNS Zone
Add-DNSServerPrimaryZone -Name demo.com -Replication Domain
#Add two Client Subnets
Add-DNSServerClientSubnet -Name SubnetA -IPv4Subnet "192.168.1.0/26"
Add-DNSServerClientSubnet -Name SubnetB -IPv4Subnet "192.168.1.64/26"
#Add Zone Scopes for Subnets
Add-DNSServerZoneScope -ZoneName demo.com -Name "0_Scope"
Add-DNSServerZoneScope -ZoneName demo.com -Name "64_Scope"
#Add some A records
Add-DNSServerResourceRecord -ZoneName demo.com -A -Name App1 -IPv4Address "192.168.0.100" -ZoneScope "0_Scope"
Add-DNSServerResourceRecord -ZoneName demo.com -A -Name App1 -IPv4Address "192.168.0.101" -ZoneScope "64_Scope"
#Create the DNS Client Based Policy
Add-DNSServerQueryResolutionPolicy -Name "0_Policy" -Action ALLOW -ClientSubnet "eq,SubnetA" -ZoneScope "0_Scope,1" -ZoneName demo.com
Add-DNSServerQueryResolutionPolicy -Name "64_Policy" -Action ALLOW -ClientSubnet "eq,SubnetB" -ZoneScope "64_Scope,1" -ZoneName demo.com

 

Leave a Reply

Your email address will not be published.