We can configure DNS in server 2016 to DENY, IGNORE or ALLOW the response of DNS requests. Here are the commands required to configure this.
#Get current server time Get-Date -DisplayHint Time #Get current DNS Policies Get-DnsServerQueryResolutionPolicy -ZoneName demo.com #Add a new Policy called "Time-Policy" to deny dns requests between 4AM and 11PM. Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action DENY -TimeOfDay "eq,04:00-23:00" -ProcessingOrder 2 #Check result Get-DnsServerQueryResolutionPolicy -ZoneName demo.com #Change Processing order (1 takes precedence) Set-DnsServerQueryResolutionPolicy -ZoneName demo.com -Name "Time-Policy" -ProcessingOrder 1 #Check result Get-DnsServerQueryResolutionPolicy -ZoneName demo.com #Remove the time policy Remove-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Force #Re-add the time policy but with IGNORE request instead Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action IGNORE -TimeOfDay "eq,04:00-23:00" -ProcessingOrder 1 #Remove Time policy again Remove-DnsServerQueryResolutionPolicy -zoneName hmm.com -Name "Time-Policy" -Force #Add time policy to DENY between 11PM and Midnight, Order 1 Add-DnsServerQueryResolutionPolicy -zoneName demo.com -Name "Time-Policy" -Action DENY -TimeOfDay "eq,23:00-23:59" -ProcessingOrder 1 #Check Result Get-DnsServerQueryResolutionPolicy -ZoneName demo.com #Change Policy order to 3 Set-DnsServerQueryResolutionPolicy -ZoneName demo.com -Name "Time-Policy" -ProcessingOrder 3 #Check result Get-DnsServerQueryResolutionPolicy -ZoneName demo.com