Default scope resolution stops when DnsServerQueryResolutionPolicy is defined

Question

##Create the DNS Client Subnets Add-DnsServerClientSubnet -Name "USSubnet" -IPv4Subnet "192.0.0.0/24"

##Add Zone Scopes Add-DnsServerZoneScope -ZoneName "woodgrove.com" -Name "USZoneScope"

##Add Records to the Zone Scopes Add-DnsServerResourceRecord -ZoneName "woodgrove.com" -A -Name "www" -IPv4Address "192.0.0.1" -ZoneScope "USZoneScope"

##Create the Policies Add-DnsServerQueryResolutionPolicy -Name "USPolicy" -Action ALLOW -ClientSubnet "eq,USSubnet" -ZoneScope "USZoneScope,1" -ZoneName "woodgrove.com"

With above policy DNS resolution for www.woodgrove.com works fine from 192.0.0.5 IP and resolves to 192.0.0.1 However my earlier DNS records like sftp.woodgrove.com stops resolving for 192.0.0.0/24 series client IPs

score 0 · Accepted Answer · answered Oct 26 '22 at 03:06

I'm just working through this too. I think in your policy creation statement you'd want to include another parameter to specify that you only want the policy to apply when queried for the www hostname: -FQDN "eq,www.woodgrove.com". Any other hostname wouldn't match the policy, so should get resolved by the regular DNS scope/zone.

Default scope resolution stops when DnsServerQueryResolutionPolicy is defined

1 Answers1