Q. What is a DNS zone scope?
A. Windows Server 2016 introduces the concept of a zone scope. A zone scope can contain its own set of resource records that are presented to the corresponding set of DNS clients based on IP subnet.
For example first create a set of client subnets:
Add-DnsServerClientSubnet -Name "DallasSubnet" -IPv4Subnet "10.7.173.0/24"
Add-DnsServerClientSubnet -Name "HoustonSubnet" -IPv4Subnet "10.7.174.0/24"
Next create zone scopes that correspond:
Add-DnsServerZoneScope -ZoneName "savilltech.net" -Name "DallasZoneScope"
Add-DnsServerZoneScope -ZoneName "savilltech.net" -Name "HoustonZoneScope"
Resource records can be added to each zone for the same record enabling it to resolve differently. For example:
Add-DnsServerResourceRecord -ZoneName "savilltech.net" -A -Name "www" -IPv4Address
"10.7.173.50" -ZoneScope "DallasZoneScope"
Add-DnsServerResourceRecord -ZoneName "savilltech.net" -A -Name "www" -IPv4Address
"10.7.174.50" -ZoneScope "HoustonZoneScope"
Finally create a policy that maps the client subnet to the corresponding zone scope:
Add-DnsServerQueryResolutionPolicy -Name "DallasPolicy" -Action ALLOW -ClientSubnet
"eq,DallasSubnet" -ZoneScope "DallasZoneScope,1" -ZoneName "savilltech.net"
Add-DnsServerQueryResolutionPolicy -Name "HoustonPolicy" -Action ALLOW -ClientSubnet
"eq,HoustonSubnet" -ZoneScope "HoustonZoneScope,1" -ZoneName "savilltech.net"
It's like a DNS split brain without having to create separate DNS servers. It simply enables different records to be returned for the same query based on the client IP address. If a user in 10.7.173.0 queries www.savilltech.net they will get 10.7.173.50 returned where as a user in 10.7.174.0 will get 10.7.174.50 returned.
