Configuring Split Brain DNS in an Active Directory Environment
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
There are no resources for this lesson.
First, we will take a look at the differences between the Traffic Management Policy scenario and this, Split-Brain policy scenario.
- This policy can be used with Active Directory – A-Records and Zone-Scopes will replicate to all replica servers in the Domain.
- It uses the Default Zone Scope for the internal network.
- Instead of using client subnets to separate the networks, this policy uses a DNS server with two network cards to differentiate between the internal and external networks.
- There are only three steps needed instead of four
The HR department from your company Server Academy would like to post job listings on the internal web site for positions in the company that they would prefer to offer current employees.
While posting regular corporate-related job listings on the external web site so that those positions would be available for those that apply from the internet.
How would you implement this request?
In our diagram, an internal client sends a query to the DNS server for the host www.sa.com.
And if the external client sends a query to the DNS server for the
- The DNS server has two network interface cards installed. One is designated for the External network (internet) IP Address 188.8.131.52
and the other interface is for the internal network, and it has an IP address of 192.168.17.10
- The server’s interfaces will be used to separate the internal from the external clients.
So, what is an Active Directory Integrated Zone?
- It’s a zone that is stores zone data in active directory • Can be replicated to other Domain Controllers in the domain
- DNS policies are not Active Directory Integrated.
That means that they are not replicated to the other DNS server that are in the Domain. • Policies must be manually copied between Domain Controllers
How do you create an ADIZ using DNS Manager?
- Open Server manager, tools, DNS manager
- Click the server, click the forward lookup zone, there’s our primary zone sa.com
- Right-click on sa.com and click properties
- Then click the General tab then click Change
- Check the box that says Store the Zone in Active Directory.
- Click, ok, then ok again. And you’ve just created an ADIZ.
You can use this PowerShell command to create your Active Directory Integrated Zone that will replicate to other domain controllers across the domain.
- Add-DnsServerPrimaryZone -Name “sa.com” -ReplicationScope “Domain” -Passthru
Copying Policies from server to server.
- In Windows, server 2016 Policies are not replicated to other servers.
You can use the following commands to copy these policies from one server to another.
- $policies = Get-DnsServerQueryResolutionPolicy -ZoneName "yourzone.com"
The dollar sign is a variable. So, what this is saying is to get all the server level policies on the Server01. Then store the properties in the $Policies variable
- $policies | Add-DnsServerQueryResolutionPolicy -ZoneName "Yourzone.com"
This command adds the policies stored in the $Policies variable to a different DNS server named Server02
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.