none
Windows Server 2012 R2 with multiple NIC. Block unwanted DNS qureies on one specific nic RRS feed

  • Question

  • Hello,

    I have an Application server running on windows 2012 r2 with multiple NICs. Each NIC has its primary & secondary DNS servers assigned to the interface. But from one nic sending out standard DNS queries out to its corresponding DNS servers, which are not required. How could I block/stop these queries?

    I have tried changing the NIC priority to lowest on the server which still did not help in resolving the issue.

    My question:
    Can I block these DNS queries through windows firewall?

    Much appreciate your assistance

    Thursday, August 16, 2018 10:58 AM

All replies

  • Hi,

    Thanks for your question.

    Yes, you can block DNS queries by setting outbound rules on firewall.

    Open Windows Firewall with Advanced Security by running wf.msc. On the left, select Outbound Rules, then under the Action menu, choose New Rule.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, August 17, 2018 3:17 AM
    Moderator
  • Thanks for the reply.

    I have looked at the firewall configuration I couldn't find DNS Service under Predefined dropdown list.
    But I select under Predefined- Core networking - DNS out(UDP)- I have the option to Allow the conn., Allow the conn. if it Block. 

    But I want something where I can block DNS queries (FQDN) going out from specific NIC only and allow all.

    Can I this be achieved through windows firewall.

    https://social.technet.microsoft.com/Forums/getfile/1306122


    • Edited by Rahul9099 Friday, August 17, 2018 12:29 PM
    Friday, August 17, 2018 12:28 PM
  • Hi,

    You can block specific queries by configuring DNS filters.

    Query filters in DNS policy allow you to configure the DNS server to respond in a custom manner based on the DNS query and DNS client that sends the DNS query.

    Please refer to the link below:

    https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, August 20, 2018 5:32 AM
    Moderator
  • Hi Travis,

    Thank you again for your reply.

    As I said I have an Application server with 4 NIC's out of this only one is connected AD, all other are connected to the different internal networks. From one of the NIC, it is generating the unwanted Qtypes request (i.e., google.com, few other FQDN's) to an internal DNS server, which is not required and will not resolve on this network. The internal DNS server will simply refuse these requests.

    So I'm looking for a solution wherein I can block/ignore these queries specific queries to be sent out from that specific nic without impacting traffic on other NICs.

    I have gone through the link provided. But I can run these commands on a standalone server (which is not running (DNS Server)?

    Add-DnsServerQueryResolutionPolicy -Name "BlockListPolicyQType" -Action IGNORE -QType "EQ,ANY" -PassThru

    Also, If I use the above command will it work for DNS (out) connections request as well?

    Can we block all outbound quires generated by a specific interface and allow certain queries only?

    Much appreciate your inputs.


    • Edited by Rahul9099 Tuesday, August 21, 2018 1:14 AM
    Tuesday, August 21, 2018 1:14 AM
  • Hi,

    Thanks for your reply.

    No,the policy is set on DNS server side. The purpose of this policy is to ignore requests from specific addresses.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, August 23, 2018 7:02 AM
    Moderator