Windows Server 2016 智能DNS(六) 我们前面几篇文章介绍了如何Windows Server 2016 智能DNS的相关配置介绍,今天继续介绍Windows Server 2016 智能DNS的配置管理,前面一篇我们介绍了根据自己的需求来配置相关功能,那今天继续介绍相关记录的编辑操作。 前面介绍的是子网、子网区域、及子网区域的记录进行的日常管理介绍,这些都是基本,最主要的还是策略,所以我们今天介绍策略的介绍: Policy: `查看:get-DnsServerQueryResolutionPolicy -ZoneName "byssoft.com"` ![DNS](https://s4.51cto.com/images/blog/201803/11/d7004d6ea327c344f677acd4c9b4b485.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 我们发现只能查看策略的大概,增加fl及tb后都是不行 那我们如何查看策略的具体内容: ne是不等于的意思 eq是等于的意思 通过这条命令我们就可以看出,匹配FQDN不等于www.byssoft.com、e-colgoy.byssoft.com、g.byssoft.com就会匹配下一条策略 ``` $policy = Get-DnsServerQueryResolutionPolicy -ZoneName "byssoft.com" -name "DefaultPolicy" $policy.criteria ``` ![DNS](https://s4.51cto.com/images/blog/201803/11/2df8adb0beefeed5c4c3b758a4daac9d.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 策略的优先级: 查看:`get-DnsServerQueryResolutionPolicy -ZoneName "byssoft.com"` 策略通过ProcessingOrder来命名优先级, ![DNS](https://s4.51cto.com/images/blog/201803/11/3d780f57af7a39deab18d6ac9a32009e.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 更改优先级: 比如我们要讲策略名为:CNPolicy的优先级调成最低 `Set-DnsServerQueryResolutionPolicy -name "CNPolicy" -ZoneName "byssoft.com" -processingOrder 4` ![DNS](https://s4.51cto.com/images/blog/201803/11/5fce02aed56000a8870b2c01bdd51b7d.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 接下来就是禁用策略 策略的级别有基于Zone级别的,也有基于域级别的 `Disable-DnsServerPolicy -name "CNPolicy" -ZoneName "byssoft.com" -level zone` ![DNS](https://s4.51cto.com/images/blog/201803/11/b9bfccb4c2cf1eab450d89b23c7e0fa2.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ![DNS](https://s4.51cto.com/images/blog/201803/11/173c97a86b8e256eea8a1069d85dfc50.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 接下来就是启用策略 `enable-DnsServerPolicy -name "CNPolicy" -ZoneName "byssoft.com" -level zone` ![DNS](https://s4.51cto.com/images/blog/201803/11/ee35b91dcbd1c75322593a1d12543481.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) ![DNS](https://s4.51cto.com/images/blog/201803/11/93aefce3456fa2a7ca5b193e8b837c68.jpg?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) 最后我们在说说策略增加: `Add-DnsServerQueryResolutionPolicy -Name "PolicyName" -Action ALLOW -ClientSubnet "eq,CNSubnet" -ZoneScope "CNSubnetScope,1" -ZoneName "byssoft.com"` 策略的删除: `remove-DnsServerQueryResolutionPolicy -Name "PolicyName" -Action ALLOW -ClientSubnet "eq,CNSubnet" -ZoneScope "CNSubnetScope,1" -ZoneName "byssoft.com"` 删除所有策略: `Get-DnsServerQueryResolutionPolicy -ZoneName "byssoft.com" | Remove-DnsServerQueryResolutionPolicy -ZoneName "byssoft.com" -Force -PassThru` 策略的修改: `set-DnsServerQueryResolutionPolicy -Name "DefaultPolicy" -ZoneScope "byssoft.com,1" -FQDN “ne,www.byssoft.com,e-cology.byssoft.com” -ZoneName "byssoft.com"`