Professional Documents
Culture Documents
How Dnspolicies Work
How Dnspolicies Work
How Dnspolicies Work
| TechNet Search
(http://technet.microsoft.com/)
Sign in (https://blogs.technet.microsoft.com/wp-login.php?aadsso_action=login)
Follow Us
Robert+Mitchell
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/robertmitchell/
Windows
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/windows/
Azure
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/azure/)
Shannon Gowen
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/shannon-
gowen/)
Bill Fiddes
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/bill-fiddes/
Windows 10
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/windows-10/
Tim Larson
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/tim-larson/
Josh Bender
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/josh-bender/
Brian Caton
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/brian-caton/
storage
(https://blogs.technet.microsoft.com
/tip_of_the_day/tag/storage/)
1 of 3 4/17/2017 9:20 PM
Tip of the Day: How DNS Policies Work Tip of the Day https://blogs.technet.microsoft.com/tip_of_the_day/2017/03/09/tip-of-th...
expression and see how they work together to provide a custom response based on client criteria. Servicing
(https://blogs.technet.microsoft.com
DNS Policy Processing Flow
/tip_of_the_day/tag/servicing/
DNS policy statements include a set of one or more evaluation criteria, an action (allow, deny, or ignore),
and (used with the allow action), one or more unique sets of zone records (contained in a Zone Scope). AAD
(https://blogs.technet.microsoft.com
More on these objects later, for now lets consider an example of a client querying for the web resource, /tip_of_the_day/tag/aad/)
www.woodgrove.com (http://www.woodgrove.com), the zone for which has policies configured.
RDS
1. An authoritative server receives the name query for www.woodgrove.com (https://blogs.technet.microsoft.com
(http://www.woodgrove.com). In the event no policies had been configured for the Woodgrove /tip_of_the_day/tag/rds/)
zone, a query would be answered in the usual manner.
2. With policies in place, the query is evaluated against the criteria of each policy (based on policy Shannon Gowen
precedence) until a match is found. (https://blogs.technet.microsoft.com
3. After a match, further evaluation stops and the name query is handled based on the parameters of /tip_of_the_day/tag/shannon-
the matching statements, the first of which is the action. gowen/)
1. In the case of a deny action, the server responds with a failure.
Surface
2. In the case of an ignore action, the query is silently dropped.
(https://blogs.technet.microsoft.com
3. In the case of an allow, the answer returned is dependent on the policies settings.
/tip_of_the_day/tag/surface/)
4. If the action is allow, a query response is provided according to parameters specified by the
-zonescope argument. Parameters can include one or more zone scopes and the ratio for which O365
they are utilized. (https://blogs.technet.microsoft.com
/tip_of_the_day/tag/o365/)
Consider the following statement:
2 of 3 4/17/2017 9:20 PM
Tip of the Day: How DNS Policies Work Tip of the Day https://blogs.technet.microsoft.com/tip_of_the_day/2017/03/09/tip-of-th...
/tip_of_the_day
/2014/)(255)
All of 2013
(https://blogs.technet.microsoft.com
/tip_of_the_day
/2013/)(69)
3 of 3 4/17/2017 9:20 PM