Test DNS Policies Windows Server Technical Preview RRS feed

  • Question

  • Hello everybody,

    I would like to know if anyone tested the new feature of DNS Server: Policies

    I installed the DNS Role but not see nothing about the Policies on the GUI.

    Thanks in advance.

    Robson Hasselhoff - Follow me @Robk9e

    Monday, October 13, 2014 1:46 PM

All replies

  • Hi,

    I did the same test and could not find it also.

    From my point of view, an announced feature that is nowhere to be found in the current release of the technical preview, DNS Policies will presumably allow you to manage how and when your DNS server responds to client queries.

    According to the MS article:

    DNS server policies is a new feature in the next version of Windows Server. With DNS policies, you can configure the DNS server to control the responses to DNS queries. DNS responses can be based on the public IP address of the DNS client, the time of the day, or several other parameters. DNS policies enable location-aware DNS, traffic management, load balancing, and other scenarios.



    Vivian Wang

    Friday, October 17, 2014 2:27 AM
  • Hello Vivian,

    Have you found something about this thread ???

    Do you think it will be coming in the next update ?


    Robson Hasselhoff - Follow me @Robk9e

    Wednesday, October 22, 2014 10:22 PM
  • + 1 on getting info regarding if this is an "upcoming" feature, and how to use/activate DNS Policies.


    Friday, October 24, 2014 7:56 AM
  • Hi,

    There is a little more information about policies here (.ppt and .pdf respectively):



    The capability for policies exists in the Technical Preview but the PowerShell cmdlets to configure policies are not there yet.  This will be coming soon. 

    I will spend some time configuring policies in the Technical Preview build and post a little more about it here in this thread, so you can see how it works, but the true testing should wait a little until policies can be configured more easily.


    Monday, October 27, 2014 8:25 PM
  • Hi,

    I've created a simple policy that denies DNS queries from a client subnet for a specific domain.

    I created the domain 'denied.com' and another domain 'permitted.com' and then set up a policy to deny queries from client subnet for denied.com. No policy is configured for permitted.com so by default the client can query this domain. The results are below, querying from a client that is on the restricted subnet (the client address is

    First, I show that I can query the permitted domain:

    PS C:\> resolve-dnsname www.permitted.com

    Name                                           Type   TTL   Section    IPAddress
    ----                                           ----   ---   -------    ---------
    www.permitted.com                              A      3600  Answer

    Next, the restricted domain is queried, and the server replies with a failure:

    PS C:\> resolve-dnsname www.denied.com
    resolve-dnsname : www.denied.com : DNS server failure
    At line:1 char:1
    + resolve-dnsname www.denied.com -server
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ResourceUnavailable: (www.denied.com:String) [Resolve-DnsName], Win32Exception
        + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName


    This is obviously a very simple demonstration, but it works well. The policy is created with registry settings under:

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\ClientSubnets

    I would rather not share the details of the registry settings here because it is not advisable to configure policies directly in the registry. The Windows PowerShell cmdlets to configure policies will be available soon. If you'd like to contact me and discuss the settings more, please email me at greg dot Lindsay at Microsoft dot com.



    Friday, October 31, 2014 7:01 PM
  • Great Greg

    I will contact you to know more about that and thank so much for your help and support.

    Best regards

    Robson Hasselhoff - Follow me @Robk9e

    Tuesday, November 4, 2014 3:43 AM