First, we will take a look at the differences between the Traffic Management Policy scenario and this, Split-Brain policy scenario. 

• This policy can be used with Active Directory – A-Records and Zone-Scopes will replicate to all replica servers in the Domain. 
• It uses the Default Zone Scope for the internal network. 
• Instead of using client subnets to separate the networks, this policy uses a DNS server with two network cards to differentiate between the internal and external networks. 
• There are only three steps needed instead of four 

Network Diagram 

Scenario: 

The HR department from your company Server Academy would like to post job listings on the internal web site for positions in the company that they would prefer to offer current employees.  

While posting regular corporate-related job listings on the external web site so that those positions would be available for those that apply from the internet.  

How would you implement this request?

In our diagram, an internal client sends a query to the DNS server for the host www.sa.com.  

Because the request came in on the internal network, the response would point the client to the internal host for www.sa.com. 

And if the external client sends a query to the DNS server for the 

host www.sa.com . And because the request came in on the external network, the response would point the client to the external host for www.sa.com. 

• The DNS server has two network interface cards installed. One is designated for the External network (internet) IP Address 195.138.5.10  

and the other interface is for the internal network, and it has an IP address of 192.168.17.10 

• The server’s interfaces will be used to separate the internal from the external clients. 

So, what is an Active Directory Integrated Zone?  

• It’s a zone that is stores zone data in active directory • Can be replicated to other Domain Controllers in the domain 
• DNS policies are not Active Directory Integrated.

That means that they are not replicated to the other DNS server that are in the Domain. • Policies must be manually copied between Domain Controllers 

How do you create an ADIZ using DNS Manager? 

• Open Server manager, tools, DNS manager 
• Click the server, click the forward lookup zone, there’s our primary zone sa.com 
• Right-click on sa.com and click properties 
• Then click the General tab then click Change 
• Check the box that says Store the Zone in Active Directory. 
• Click, ok, then ok again. And you’ve just created an ADIZ.   

You can use this PowerShell command to create your Active Directory Integrated Zone that will replicate to other domain controllers across the domain. 

• Add-DnsServerPrimaryZone -Name “sa.com” -ReplicationScope “Domain” -Passthru 

Copying Policies from server to server. 

• In Windows, server 2016 Policies are not replicated to other servers.  

You can use the following commands to copy these policies from one server to another. 

• $policies = Get-DnsServerQueryResolutionPolicy -ZoneName "yourzone.com"                   

-ComputerName Server01 

The dollar sign is a variable. So, what this is saying is to get all the server level policies on the Server01. Then store the properties in the $Policies variable 

• $policies | Add-DnsServerQueryResolutionPolicy -ZoneName "Yourzone.com"                  

-ComputerName Server02 

This command adds the policies stored in the $Policies variable to a different DNS server named Server02  

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

Sign In Get Instant Access