This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Test DNS Policies Windows Server Technical Preview

Question
0

Sign in to vote

Hello everybody,

I would like to know if anyone tested the new feature of DNS Server: Policies

I installed the DNS Role but not see nothing about the Policies on the GUI.

Thanks in advance.

Robson Hasselhoff - Follow me @Robk9e

Monday, October 13, 2014 1:46 PM

All replies

0

Sign in to vote
Hi,

I did the same test and could not find it also.

From my point of view, an announced feature that is nowhere to be found in the current release of the technical preview, DNS Policies will presumably allow you to manage how and when your DNS server responds to client queries.

According to the MS article:

DNS server policies is a new feature in the next version of Windows Server. With DNS policies, you can configure the DNS server to control the responses to DNS queries. DNS responses can be based on the public IP address of the DNS client, the time of the day, or several other parameters. DNS policies enable location-aware DNS, traffic management, load balancing, and other scenarios.

http://technet.microsoft.com/en-us/library/dn765484.aspx

Regards.

Vivian Wang
- Proposed as answer by Vivian_WangMicrosoft community contributor, Moderator Wednesday, October 22, 2014 6:55 AM
- Unproposed as answer by Robson de Carvalho Wednesday, October 22, 2014 10:22 PM
Friday, October 17, 2014 2:27 AM

Moderator
0

Sign in to vote

Hello Vivian,

Have you found something about this thread ???

Do you think it will be coming in the next update ?

Hugs
Robson Hasselhoff - Follow me @Robk9e

Wednesday, October 22, 2014 10:22 PM
0

Sign in to vote

+ 1 on getting info regarding if this is an "upcoming" feature, and how to use/activate DNS Policies.

/A

Friday, October 24, 2014 7:56 AM
1

Sign in to vote

Hi,

There is a little more information about policies here (.ppt and .pdf respectively):

https://indico.dns-oarc.net//getFile.py/access?contribId=39&sessionId=3&resId=1&materialId=slides&confId=20

https://indico.dns-oarc.net//getFile.py/access?contribId=39&sessionId=3&resId=0&materialId=slides&confId=20

The capability for policies exists in the Technical Preview but the PowerShell cmdlets to configure policies are not there yet. This will be coming soon.

I will spend some time configuring policies in the Technical Preview build and post a little more about it here in this thread, so you can see how it works, but the true testing should wait a little until policies can be configured more easily.

-Greg

Monday, October 27, 2014 8:25 PM
0

Sign in to vote
Hi,

I've created a simple policy that denies DNS queries from a client subnet for a specific domain.

I created the domain 'denied.com' and another domain 'permitted.com' and then set up a policy to deny queries from client subnet 192.168.0.0/24 for denied.com. No policy is configured for permitted.com so by default the client can query this domain. The results are below, querying from a client that is on the restricted subnet (the client address is 192.168.0.1).

First, I show that I can query the permitted domain:

PS C:\> resolve-dnsname www.permitted.com

Name                                           Type   TTL   Section    IPAddress
----                                           ----   ---   -------    ---------
www.permitted.com                              A      3600 Answer     192.168.0.2

Next, the restricted domain is queried, and the server replies with a failure:

PS C:\> resolve-dnsname www.denied.com
resolve-dnsname : www.denied.com : DNS server failure
At line:1 char:1
+ resolve-dnsname www.denied.com -server 192.168.0.4
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (www.denied.com:String) [Resolve-DnsName], Win32Exception
    + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName

-------------------------------------------------------------------------------------------------------------

This is obviously a very simple demonstration, but it works well. The policy is created with registry settings under:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\ClientSubnets

I would rather not share the details of the registry settings here because it is not advisable to configure policies directly in the registry. The Windows PowerShell cmdlets to configure policies will be available soon. If you'd like to contact me and discuss the settings more, please email me at greg dot Lindsay at Microsoft dot com.

Thanks,

-Greg
- Edited by Greg LindsayMicrosoft employee Friday, October 31, 2014 7:02 PM
Friday, October 31, 2014 7:01 PM
0

Sign in to vote

Great Greg

I will contact you to know more about that and thank so much for your help and support.

Best regards
Robson Hasselhoff - Follow me @Robk9e

Tuesday, November 4, 2014 3:43 AM