Use DNS scopes for granular record results based on client location

Use DNS scopes for granular record results based on client location

Q. What is a DNS zone scope?

A. Windows Server 2016 introduces the concept of a zone scope. A zone scope can contain its own set of resource records that are presented to the corresponding set of DNS clients based on IP subnet.

For example first create a set of client subnets:

Add-DnsServerClientSubnet -Name "DallasSubnet" -IPv4Subnet ""
Add-DnsServerClientSubnet -Name "HoustonSubnet" -IPv4Subnet ""

Next create zone scopes that correspond:

Add-DnsServerZoneScope -ZoneName "" -Name "DallasZoneScope"
Add-DnsServerZoneScope -ZoneName "" -Name "HoustonZoneScope"

Resource records can be added to each zone for the same record enabling it to resolve differently. For example:

Add-DnsServerResourceRecord -ZoneName "" -A -Name "www" -IPv4Address
"" -ZoneScope "DallasZoneScope"
Add-DnsServerResourceRecord -ZoneName "" -A -Name "www" -IPv4Address
"" -ZoneScope "HoustonZoneScope"

Finally create a policy that maps the client subnet to the corresponding zone scope:

Add-DnsServerQueryResolutionPolicy -Name "DallasPolicy" -Action ALLOW -ClientSubnet
"eq,DallasSubnet" -ZoneScope "DallasZoneScope,1" -ZoneName ""
Add-DnsServerQueryResolutionPolicy -Name "HoustonPolicy" -Action ALLOW -ClientSubnet
"eq,HoustonSubnet" -ZoneScope "HoustonZoneScope,1" -ZoneName ""

It's like a DNS split brain without having to create separate DNS servers. It simply enables different records to be returned for the same query based on the client IP address. If a user in queries they will get returned where as a user in will get returned.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.