none
DNS Policy for Geo-Location Based traffic for single address resolution RRS feed

  • Question

  • Hi,

    Ok, so basically we need to deploy a proxy in another country to proxy a dev environment on-prem here. to make them all use the same name (for reasons) we want to name resolve based on where you are coming from.

    Followed this Document: 

    https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/primary-geo-location

    It boils down to having to do these 4 PS commands to make it work for one address:

    Add-DnsServerClientSubnet -Name "BGSubnet" -IPv4Subnet "x.x.x.x/15"

    Add-DnsServerZoneScope -ZoneName "domain.dk" -Name "BGSubnet"

    Add-DnsServerResourceRecord -ZoneName "domain.dk" -A -Name "teamcity" -IPv4Address "x.x.x.82" -ZoneScope "BGSubnet"

    Add-DnsServerQueryResolutionPolicy -Name "BGPolicy" -Action ALLOW -ClientSubnet "eq,BGSubnet" -ZoneScope "BGSubnet" -ZoneName "domain.dk"

    After this is done, it works for that one address Teamcity, but it soon stops working for all the other dns records in that zone which we arent doing a dns policy on.

    I have combed through the documentation, but cant seem to figure out how this policy should only be in effect for that one name?

    What am i missing and or doing wrong?

    Any help is greatly appreciated

    Best regards

    Peter

    Wednesday, October 10, 2018 9:45 AM

All replies

  • Hi,

    Thanks for your question.

    Have you added other dns records into the ZoneScope "BGSubnet" ?

    If the client meets the policy criteria, it will look up records in the corresponding zonescope. 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, October 11, 2018 6:22 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, October 23, 2018 1:19 AM
    Moderator
  • That was not the problem.

    THe problem was that there wasnt a default policy pointing to the default zone, so that undefined requests to the geo location zone were passed back.

    Add-DnsServerQueryResolutionPolicy -Name "DefaultPolicy" -Action ALLOW -ZoneScope "domain.dk" -FQDN “ne,teamcity” -ZoneName "domain.dk" -ProcessingOrder 2

    So technically your answer isnt entirely correct.

    Monday, November 5, 2018 7:47 AM
  • Hi,

    Sorry, I misunderstood what you mean.

    The Microsoft documentation does not mention the issue,so you added another policy to solve it.

    Is it working properly?

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, November 6, 2018 7:38 AM
    Moderator
  • This part of the project is on pause, so we wont know for awhile - you can close the question, im unsubscribing
    Tuesday, November 6, 2018 7:42 AM