
Microsoft continues to improve on the functionality of the DNS Server capabilities in Windows Server 2016. One new capability is called DNS Policies. DNS Policies allow the control of how the DNS server handles and responds to queries based on parameters configured within the policy such as the time of day, client IP, or subnet.
I see a unique use of this feature in cases where you have multiple WAN sites and an application that can have localized servers. Configuring DNS policies would allow you to configure a policy based on subnet to respond and direct the client to the local server instead of having to traverse a WAN connection.
Another example of how this feature could benefit you is when using DNS Policies based on the time of day. This can be of benefit to give responses across time zones and even provide Geo-Location Awareness. A full detailed article on this example can be found here.
I came across a helpful article from Technet that had a list of some additional notes and details shown below.
Some clarifying details/notes:
- As mentioned, this information applies to Technical Preview #2 – and is subject to change
- Currently, DNS Policies can only be configured via PowerShell
- DNS Policies will work only on Windows Server vNext/2016 DNS servers
- Also, all DNS servers hosting a policy-controlled zone must be WS 2016 to take advantage of this functionality.
- Clients can be any version
- At present, DNS Policies are configured and stored locally on each DNS server, but they can be easily deployed across DNS servers using PowerShell
- Zones and their scopes (note: not referring to DHCP scopes here) must be in file-backed zones. We’re working on AD-integrated zone support
- You cannot add scopes on Conditional forwarders
This feature will not be used in every deployment of DNS but sure provides some great capabilities to address some unique situations that arise for some IT departments.
Windows Server 2016 Blog Series
Innovative Integration is creating a whole series about Windows Server 2016 leading up to the September launch. To read other articles from this series, click here.
Hi Larry
Thanks for covering this. I have one minor update. Now, the Policies and scopes are supported on AD integrated zones as well.
Here is the update blog
https://blogs.technet.microsoft.com/teamdhcp/2015/08/31/split-brain-dns-in-active-directory-environment-using-dns-policies/
A scenario guide is also available on Technet.
https://technet.microsoft.com/en-us/windows-server-docs/networking/dns/deploy/dns-policies-overview
Reach out to me @krash0x35 if u need further details
Thanks
Ashu
Thanks for sharing the updated information Ashu.