Windows Server 2016 智能DNS(二) 我们上一篇介绍了Windows Server 2016 智能DNS(一),详细的介绍了一下Windows Server 2016下配置DNS Policy实现地域隔离访问,但是对于上一篇中我遇到一个问题,就是增加后,发现web.ixmsoft.com的访问是没有问题,但是默认的Zone中下的所有内部解析均解析失败,经过查询资料需要增加一条默认的策略,而且优先级高于任何一条策略; 比如我们查看policy; `get-DnsServerQueryResolutionPolicy -ZoneName "ixmsoft.com" ` ![智能DNS](https://s4.51cto.com/images/blog/201801/22/6ea926574bef303e088f29eec451dd12.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 我们通过测试内部解析 ![智能DNS](https://s4.51cto.com/images/blog/201801/22/522aced7ba598ba5d04ef9caf986e5ee.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 通过以上截图我们就可以看见,实现DNS中的记录是正常的,但是就是访问不了默认区域的其他解析记录,但是在DC上是正常的,所以确认还是DNS Policy配置的问题; ![智能DNS](https://s4.51cto.com/images/blog/201801/22/0cf522f5344b0c68e7ccf093caa9e59f.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 所以我们需要增加一条优先级比较高的policy,在增加前,需要将前面默认两条删除,再添加;我们先删除已增加的Policy `remove-DnsServerQueryResolutionPolicy -ZoneName "ixmsoft.com" -Name "beijingPolicy"` ![智能DNS](https://s4.51cto.com/images/blog/201801/22/4d2c47f2a211a776908e76ee8fccb1d1.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) `remove-DnsServerQueryResolutionPolicy -ZoneName "ixmsoft.com" -Name "usPolicy"` ![智能DNS](https://s4.51cto.com/images/blog/201801/22/5d9803e565234f583120dd69537cf986.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 删除完成所有Policy ![智能DNS](https://s4.51cto.com/images/blog/201801/22/0b3c7f5185986becd131a9b12b5f7abd.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 我们增加策略,首先要增加默认策略,然后其他两条子网策略 ``` Add-DnsServerQueryResolutionPolicy -Name "DefaultPolicy" -Action ALLOW -ZoneScope "ixmsoft.com,1" -FQDN “ne,web.ixmsoft.com” -ZoneName "ixmsoft.com" Add-DnsServerQueryResolutionPolicy -Name "beijingPolicy" -Action ALLOW -ClientSubnet "eq,beijingsubnet" -ZoneScope "beijing,1" -ZoneName "ixmsoft.com" Add-DnsServerQueryResolutionPolicy -Name "usPolicy" -Action ALLOW -ClientSubnet "eq,ussubnet" -ZoneScope "us,1" -ZoneName "ixmsoft.com" ``` ![智能DNS](https://s4.51cto.com/images/blog/201801/22/ed7d0f1e304caec69a9089d7e03ca25a.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 增加后我们查看 `get-DnsServerQueryResolutionPolicy -ZoneName "ixmsoft.com" ` ![智能DNS](https://s4.51cto.com/images/blog/201801/22/47b2d0aef8d94cafa38c99da8acc49a5.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 然后我们测试 ![智能DNS](https://s4.51cto.com/images/blog/201801/22/df72247aab96d670b29c2ca56a5398bd.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)