Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog

DNS Time Based Policy

Posted on February 23, 2021 By rich No Comments on DNS Time Based Policy

We can configure DNS in server 2016 to DENY, IGNORE or ALLOW the response of DNS requests. Here are the commands required to configure this. 

#Get current server time
Get-Date -DisplayHint Time
#Get current DNS Policies
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com
#Add a new Policy called "Time-Policy" to deny dns requests between 4AM and 11PM.
Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action DENY -TimeOfDay "eq,04:00-23:00" -ProcessingOrder 2
#Check result
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com
#Change Processing order (1 takes precedence)
Set-DnsServerQueryResolutionPolicy -ZoneName demo.com -Name "Time-Policy" -ProcessingOrder 1
#Check result
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com
#Remove the time policy
Remove-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Force
#Re-add the time policy but with IGNORE request instead
Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action IGNORE -TimeOfDay "eq,04:00-23:00" -ProcessingOrder 1
#Remove Time policy again
Remove-DnsServerQueryResolutionPolicy -zoneName hmm.com -Name "Time-Policy" -Force
#Add time policy to DENY between 11PM and Midnight, Order 1
Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action DENY -TimeOfDay "eq,23:00-23:59" -ProcessingOrder 1 
#Check Result
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com
#Change Policy order to 3
Set-DnsServerQueryResolutionPolicy -ZoneName demo.com -Name "Time-Policy" -ProcessingOrder 3
#Check result
Get-DnsServerQueryResolutionPolicy -ZoneName demo.com

 

Post navigation

❮ Previous Post: HTTP Error 503 when Single Sin On redirecting to ADFS Server After Re-Enabling Single Sign On
Next Post: Connecting to and Configuring Nano Servers ❯

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown