Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
J
J
Jordan_H2020-12-09 12:31:31
Domain Name System
Jordan_H, 2020-12-09 12:31:31

How to configure specific root A-nodes for different regions in domain dns?

By default, in DNS, where dns is installed on domain controllers, the ip of all domain controllers on which DNS is installed is registered in the root A-nodes to resolve the domain name (ping domain.ru).

How to configure certain root A-nodes (top-level folders) in dns so that domain resolution is only allowed by certain DCs at regional sites and is not accidentally resolved by dns-s of domain controllers that are not available at the network level?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
Rsa97, 2020-12-09
@Jordan_H

It is possible to configure Split-Brain DNS and issue only records related to it in each zone.

# Только на одном контроллере AD/DNS:
# Создаём зоны видимости (Scope)
Add-DnsServerZoneScope -ZoneName "my.local" -Name "Scope149"
Add-DnsServerZoneScope -ZoneName "my.local" -Name "Scope33"

# Создаём DNS-записи для каждой зоны
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "proxy" -IPv4Address 10.149.0.200 -ZoneScope "Scope149"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "proxy" -IPv4Address 10.33.0.200 -ZoneScope "Scope33"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "wsus" -IPv4Address 10.149.0.209 -ZoneScope "Scope149"
Add-DnsServerResourceRecord -ZoneName "my.local" -A -Name "wsus" -IPv4Address 10.33.0.201 -ZoneScope "Scope33"

# На каждом контроллере:
# Создаём подсети
Add-DnsServerClientSubnet -Name "Subnet149" -IPv4Subnet 10.149.0.0/16
Add-DnsServerClientSubnet -Name "Subnet33" -IPv4Subnet 10.33.0.0/16
Add-DnsServerClientSubnet -Name "SubnetTotal" -IPv4Subnet 10.0.0.0/8

# Создаём политики применения зон видимости для подсетей
Add-DnsServerQueryResolutionPolicy -Name "Policy149" -Action ALLOW -ClientSubnet "eq,Subnet149" -Condition AND -FQDN "eq,proxy.my.local,wsus.my.local" -ZoneScope "Scope149" -ZoneName "my.local"
Add-DnsServerQueryResolutionPolicy -Name "Policy33" -Action ALLOW -ClientSubnet "eq,Subnet33" -Condition AND -FQDN "eq,proxy.my.local,wsus.my.local" -ZoneScope "Scope33" -ZoneName "my.local"
Add-DnsServerQueryResolutionPolicy -Name "PolicyTotal" -Action ALLOW -ClientSubnet "eq,SubnetTotal" -ZoneScope "my.local" -ZoneName "my.local"

# Включаем политики
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "Policy149"
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "Policy33"
Enable-DnsServerPolicy -Level Zone -ZoneName "my.local" -Name "PolicyTotal"

# Разрешаем Split-Brain DNS
dnscmd /config /globalqueryblocklist isatap

Report
A
Alexey Dmitriev, 2020-12-09
@SignFinder

IMHO option one - to include netmask ordering.
The Microsoft DNS server does not have the ability to issue different answers from the zone according to different criteria (for example, depending on the ip of the requester).
I met such possibility only in bind - it is called views.

Similar questions
B
BigD2013-02-25 16:33:25
Public DNS of Russian providers? 4Reply
W
Wiizzy2021-08-31 18:09:45
How to set up DNS for a subdomain? 3Reply
K
Kirill Rybakov2013-03-05 16:28:57
How can I find out the virtual web servers hosted on a given IP? 4Reply
T
terkin2013-03-13 17:58:04
What happened to ypdns.com? 5Reply
A
AndrewTishkin2016-01-21 13:46:00
Is it possible to use NS records in DNS hosting like this? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question