DNS Policies in Windows Server 2016 Tech Preview 2

Hello – Gary Green and Mike Kline here to bring you Ask PFE Plat’s very first post regarding Windows Server 2016 (well, Technical Preview #2, to be specific)!

Over the years, Microsoft Windows Server DNS has provided excellent functionality and a frequently-expanding feature-set for our customers.  Our friends in the DNS Product Group are hard at work on some GREAT new features for the next version of Windows Server.

One such feature is DNS Policies.

DNS Policies allow you to control how a DNS Server handles queries/responses based on various parameters such as client IP subnet, the IP address of the network interface which received the DNS request, or even the time of day.

One use-case for a DNS Policy is the ability to provide clients geographically-appropriate resources for a given name, based on the client’s IP address.

Another common configuration for many customers is some sort of “split-brain” DNS where the same DNS domain name (i.e. CONTOSO.COM) is used both on the Internet and on the internal corporate network but the name may resolve to different internal/external IP addresses. With DNS Policies, this configuration can be more easily set up.

One of the advantages of an elastic infrastructure is the ability to scale resources up or down as needed. One way DNS Policies can help with this is via the “time of day” parameter – it can shift load to certain IP addresses during certain times, such as off-hours.

Some clarifying details/notes:

  • As mentioned, this information applies to Technical Preview #2 – and is subject to change
  • Currently, DNS Policies can only be configured via PowerShell
  • DNS Policies will work only on Windows Server vNext/2016 DNS servers
    • Also, all DNS servers hosting a policy-controlled zone must be WS 2016 to take advantage of this functionality.
    • Clients can be any version
  • At present, DNS Policies are configured and stored locally on each DNS server, but they can be easily deployed across DNS servers using PowerShell
  • Zones and their scopes (note: not referring to DHCP scopes here) must be in file-backed zones. We’re working on AD-integrated zone support
  • You cannot add scopes on Conditional forwarders

 

The DNS Product Group published several great blog posts for DNS Policy implementation:

 

Also, take a look at Microsoft PowerShell MVP Jan Egil Ring‘s post about DNS Policies:

 

We’ll certainly be blogging more about Windows Server 2016 (and Windows 10, of course) but while we’ve got your ear about DNS, we’re planning a DNS Q & A with one of the PMs for the DNS Product Group at Microsoft.

Use the comments below to post your burning DNS questions (about these new Policies or anything else Windows DNS related) and look for a future post where we’ll discuss some of those questions.

Gary Green and Mike Kline signing off for now…