DNS Policy Scenarios for Windows Server 2016

DNS Query Resolution Policies can be used in different scenarios, including:

  • Application high availability: DNS clients are redirected to the healthiest endpoint for a given application.
  • Traffic Management: DNS clients are redirected to the closest datacenter.
  • Split Brain DNS: DNS records are split into different Zone Scopes, and DNS clients receive a response based on whether they are internal or external clients.
  • Query Filtering: DNS queries from a list of malicious IP addresses or FQDNs are blocked.
  • Forensics: Malicious DNS clients are redirected to a sink hole instead of the computer they are trying to reach.
  • Time of day based redirection: DNS clients can be redirected to datacenters based on the time of the day.

Two other policy types include:

  • Recursion Policies: Controls how the DNS server performs recursion for a queries reaching the recursion path. For example, whether or not recursion is performed and, if so, to which forwarder to send the query.
  • Zone Transfer Policies: Controls whether a zone transfer is allowed from your DNS server.


DNS Policy Scenario Guide:


This guide contains the following sections.

How DNS Policies Work:


Understanding and using DNS Policy Configuration Objects:


More Uses for Windows Server 2016 DNS Policies – Selective Query Filtering:


DNS Recursion Policies:


  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: