Scribd Logo
Upload

Welcome to Scribd!

  • 10 views

    How Dnspolicies Work

    Uploaded by

    NavneetMishra
    How Dns Policies Work

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    How Dnspolicies Work

    Uploaded by

    NavneetMishra
    10 views3 pages
    How Dns Policies Work

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    How Dns Policies Work

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    10 views3 pages

    How Dnspolicies Work

    Uploaded by

    NavneetMishra
    How Dns Policies Work

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    Tip of the Day: How DNS Policies Work Tip of the Day https://blogs.technet.microsoft.com/tip_of_the_day/2017/03/09/tip-of-th...

    | TechNet Search
    (http://technet.microsoft.com/)
    Sign in (https://blogs.technet.microsoft.com/wp-login.php?aadsso_action=login)

    Follow Us

    Tip of the Day: How DNS Policies Work


    Rate this article



    (https://blogs.technet.microsoft.com
    /tip_of_the_day/feed/)
    Shannon Gowen (https://social.technet.microsoft.com/profile/Shannon+Gowen) March 9, 2017

    0 (https://blogs.technet.microsoft.com/tip_of_the_day/2017/03/09/tip-of-the- Popular Tags


    day-how-dns-policies-work/#respond) totd
    Share 1 (https://blogs.technet.microsoft.com
    6 0
    /tip_of_the_day/tag/totd/)

    Robert+Mitchell
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/robertmitchell/

    Windows
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/windows/

    Azure
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/azure/)

    Shannon Gowen
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/shannon-
    gowen/)

    Bill Fiddes
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/bill-fiddes/

    Windows 10
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/windows-10/

    Tim Larson
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/tim-larson/

    Josh Bender
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/josh-bender/

    Brian Caton
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/brian-caton/

    storage
    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/storage/)

    Windows Server 2016


    (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/windows-
    server-2016/)

    1 of 3 4/17/2017 9:20 PM
    Tip of the Day: How DNS Policies Work Tip of the Day https://blogs.technet.microsoft.com/tip_of_the_day/2017/03/09/tip-of-th...

    expression and see how they work together to provide a custom response based on client criteria. Servicing
    (https://blogs.technet.microsoft.com
    DNS Policy Processing Flow
    /tip_of_the_day/tag/servicing/
    DNS policy statements include a set of one or more evaluation criteria, an action (allow, deny, or ignore),
    and (used with the allow action), one or more unique sets of zone records (contained in a Zone Scope). AAD
    (https://blogs.technet.microsoft.com
    More on these objects later, for now lets consider an example of a client querying for the web resource, /tip_of_the_day/tag/aad/)
    www.woodgrove.com (http://www.woodgrove.com), the zone for which has policies configured.
    RDS
    1. An authoritative server receives the name query for www.woodgrove.com (https://blogs.technet.microsoft.com
    (http://www.woodgrove.com). In the event no policies had been configured for the Woodgrove /tip_of_the_day/tag/rds/)
    zone, a query would be answered in the usual manner.
    2. With policies in place, the query is evaluated against the criteria of each policy (based on policy Shannon Gowen
    precedence) until a match is found. (https://blogs.technet.microsoft.com
    3. After a match, further evaluation stops and the name query is handled based on the parameters of /tip_of_the_day/tag/shannon-
    the matching statements, the first of which is the action. gowen/)
    1. In the case of a deny action, the server responds with a failure.
    Surface
    2. In the case of an ignore action, the query is silently dropped.
    (https://blogs.technet.microsoft.com
    3. In the case of an allow, the answer returned is dependent on the policies settings.
    /tip_of_the_day/tag/surface/)
    4. If the action is allow, a query response is provided according to parameters specified by the
    -zonescope argument. Parameters can include one or more zone scopes and the ratio for which O365
    they are utilized. (https://blogs.technet.microsoft.com
    /tip_of_the_day/tag/o365/)
    Consider the following statement:

    Add-DnsServerQueryResolutionPolicy -Name AmericaPolicy -Action ALLOW Networking


    (https://blogs.technet.microsoft.com
    -ClientSubnet eq,AmericaSubnet -ZoneScope
    /tip_of_the_day/tag/networking/
    AmericaZoneScope,4;EuropeZoneScope,1 -ZoneName woodgrove.com
    Shell
    In the example,
    (https://blogs.technet.microsoft.com
    1. A match occurs if a query is received and the source IP matches the address range specified by the /tip_of_the_day/tag/shell/)
    AmericaSubnet object.
    2. Since the action is allow, a response will be returned to the client per the parameters defined in the
    -ZoneScope argument. In this example, responses are returned using records from both the
    Archives
    AmericaZoneScope and the EuropeZoneScope. April 2017
    3. Take note of the numerical value immediately following the scope names; 4, and 1. These values (https://blogs.technet.microsoft.com
    determine the ratio for which each scope is used when responding to queries. In this example one /tip_of_the_day
    answer will be returned from the EuropeZoneScope for every for queries answered using the /2017/04/)(7)
    AmericaZoneScope. In this way, load-balancing can be provided between two datacenters using a March 2017
    4:1 ratio. (https://blogs.technet.microsoft.com
    /tip_of_the_day
    Sill confused? Hang in there until tomorrows tip when we will deep dive into the various criteria types,
    /2017/03/)(23)
    policy actions, and unravel the mystery of partitioning a namespace into partitions known as Zone Scopes.
    February 2017
    Tags Brian Caton (https://blogs.technet.microsoft.com/tip_of_the_day/tag/brian-caton/) DNS (https://blogs.technet.microsoft.com
    (https://blogs.technet.microsoft.com/tip_of_the_day/tag/dns/) Windows Server 2016 /tip_of_the_day
    (https://blogs.technet.microsoft.com/tip_of_the_day/tag/windows-server-2016/) /2017/02/)(20)
    January 2017
    (https://blogs.technet.microsoft.com
    Comments (0) /tip_of_the_day
    /2017/01/)(27)
    All of 2017
    (https://blogs.technet.microsoft.com
    /tip_of_the_day
    /2017/)(77)
    All of 2016
    (https://blogs.technet.microsoft.com
    /tip_of_the_day
    Name *
    /2016/)(201)
    All of 2015
    Email *
    (https://blogs.technet.microsoft.com
    Website /tip_of_the_day
    /2015/)(265)
    All of 2014
    Post Comment
    (https://blogs.technet.microsoft.com

    2 of 3 4/17/2017 9:20 PM
    Tip of the Day: How DNS Policies Work Tip of the Day https://blogs.technet.microsoft.com/tip_of_the_day/2017/03/09/tip-of-th...

    /tip_of_the_day
    /2014/)(255)
    All of 2013
    (https://blogs.technet.microsoft.com
    /tip_of_the_day
    /2013/)(69)

    Privacy & Cookies (https://msdn.microsoft.com/dn529288)


    (https://www.microsoft.com
    Terms of Use (https://msdn.microsoft.com/cc300389) 2017 Microsoft
    Trademarks (https://www.microsoft.com/en-us/legal/intellectualproperty/Trademarks/EN-U

    3 of 3 4/17/2017 9:20 PM

    You might also like