Windows Server DNS Policy tod-intelligent 2

In the previous article, the author gave a brief introduction to the DNS policy location-based traffic isolation feature under Windows Server, this article will introduce the DNS policy inside another major feature, time-based intelligent DNS location

Assuming Contoso is a multi-national book company, across China and Germany, set up in Dalian, China and Berlin, Germany have branch offices, in order to achieve normal time on both sides of the branch employees have regular access to the sub-company's servers, when the load reached peak time, for example, 9 o'clock to 11 points per day is the peak of user access in Dalian , at this time 80 of the traffic through the Dalian host response, 20 to navigate to the Berlin server response. Berlin from three o'clock in the afternoon to five every day is the peak, when 80 of the traffic through the Berlin host response, 20 traffic through the Dalian host response, the rest of the time to access their respective regional servers

Then Lao Wang will show you how to achieve this effect.

Introduction to the experimental environment

16DNS: Assume DNS server, set up at corporate headquarters IP address: 100.0.0.2 gw:100.0.0.1

Web01: Assume the Web server in Dalian, and also assume the router connecting the headquarters DNS, the Berlin client, the Dalian client

IP address 1:80.0.0.1

IP address 2:90.0.0.1

IP address 3:100.0.0.1 DNS 100.0.0.2

Web02: Assume Berlin's Web server, assuming in Berlin Dc,ip address: 90.0.0.2 gw:90.0.0.1

Dalian: Imitation Dalian client IP address: 80.0.0.100 gw:80.0.0.1 dns:100.0.0.2

Bolin: Imitating Berlin client IP address: 90.0.0.100 gw:90.0.0.1 dns:100.0.0.2

First, create a DNS client subnet that defines the address ranges for Berlin and Dalian

Add-dnsserverclientsubnet-name "Daliansubnet"-ipv4subnet "80.0.0.0/24"

Add-dnsserverclientsubnet-name "Bolinsubnet"-ipv4subnet "90.0.0.0/24"

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/92/D0/wKioL1kDLwmCPJKmAACbafnlI3E436.jpg "title=" 2017-04-28_200055.jpg "alt=" Wkiol1kdlwmcpjkmaacbafnli3e436.jpg "/>

Next create a logical geographic range

Add-dnsserverzonescope-zonename "eip.com"-name "Dalian"

Add-dnsserverzonescope-zonename "eip.com"-name "Bolin"

650) this.width=650; "src=" https://s1.51cto.com/wyfs02/M02/92/D0/wKioL1kDLzbCbpVsAADL8wkXKwc903.jpg "style=" float : none; "title=" 2017-04-28_200140.jpg "alt=" Wkiol1kdlzbcbpvsaadl8wkxkwc903.jpg "/>

Add host record, note with-zonescope parameter

Add-dnsserverresourcerecord-zonename "eip.com"-a-name "www"-ipv4address "80.0.0.1"-zonescope "Dalian"

Add-dnsserverresourcerecord-zonename "eip.com"-a-name "www"-ipv4address "90.0.0.2"-zonescope "Bolin"

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/92/D0/wKioL1kDMZGQxwqnAAEzYszIrQ0645.jpg "title=" 2017-04-28_201143.jpg "alt=" Wkiol1kdmzgqxwqnaaezyszirq0645.jpg "/>

Create DNS Policy

1. Create Dalian 9 o'clock in the morning to 11 points 80 traffic Go local server, 20 go to Berlin server policy

Add-dnsserverqueryresolutionpolicy-name "Dalian9to11policy"-action allow-clientsubnet "Eq,daliansubnet"-ZoneScope "dalian,4;bolin,1"-timeofday "eq,01:00-03:00"-zonename "eip.com"-processingorder 1

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/92/D1/wKioL1kDN2aQpbtQAAEG7aCHLNs896.jpg "title=" 2017-04-28_203323.jpg "alt=" Wkiol1kdn2aqpbtqaaeg7achlns896.jpg "/>

2. Create Berlin 1 O'Clock in the afternoon to 3 80 traffic go local server, 20 go Dalian Server Policy

Add-dnsserverqueryresolutionpolicy-name "Bolin1to3policy"-action allow-clientsubnet "eq,bolinsubnet"-ZoneScope " bolin,4;dalian,1 "-timeofday" eq,19:00-21:00 "-zonename" eip.com "-processingorder 2

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/92/D2/wKiom1kDODnhhqzgAACLww84C6Q131.jpg "title=" 2017-04-28_204009.jpg "alt=" Wkiom1kdodnhhqzgaaclww84c6q131.jpg "/>

In these two commands, you may find a bit different from the previous article.

• Multiple logical geographic regions were used when defining zonescope, as I explained in the previous section, you can set the scale to achieve load exchange, and the definitions 4 and 1 represent 80|20

• Added the TimeOfDay parameter, which is used to define the DNS server can only be located based on time, but the time here needs to be converted to GMT time, it is important to note

• Added the Processingorder parameter, which is used primarily to define the priority of the current policy, and the lower the priority, the higher the priority when there are multiple policies to match.

  
  

3. Create normal time Dalian Client Access Dalian Server policy

Add-dnsserverqueryresolutionpolicy-name "Dalianpolicy"-action allow-clientsubnet "eq,daliansubnet"-ZoneScope " dalian,1 "-zonename" eip.com "-processingorder 3

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M00/92/D1/wKioL1kDOhLw6gSTAABc7nUIR9U322.jpg "title=" 2017-04-28_204802.jpg "alt=" Wkiol1kdohlw6gstaabc7nuir9u322.jpg "/>

4. Create a normal time Berlin client Access Berlin server policy

Add-dnsserverqueryresolutionpolicy-name "Bolinpolicy"-action allow-clientsubnet "eq,bolinsubnet"-ZoneScope "Bolin, 1 "-zonename" eip.com "-processingorder 4

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/92/D2/wKiom1kDOnWRrjqJAABZhe8sLhU375.jpg "title=" 2017-04-28_204937.jpg "alt=" Wkiom1kdonwrrjqjaabzhe8slhu375.jpg "/>

5. Add normal host records, allow other clients in the world to access, and poll between Berlin and Dalian

Add-dnsserverresourcerecord-zonename "eip.com"-a-name "www"-ipv4address "80.0.0.1"

Add-dnsserverresourcerecord-zonename "eip.com"-a-name "www"-ipv4address "90.0.0.2"

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/92/D1/wKioL1kDPtLgvUP6AABr0GtsUls052.jpg "title=" 2017-04-28_210817.jpg "alt=" Wkiol1kdptlgvup6aabr0gtsuls052.jpg "/>

When Berlin arrives at the appointed time of one o'clock in the afternoon, it can be seen through Nslookup, respectively, between Berlin and Dalian, and not always on Berlin.

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/92/D1/wKioL1kDP2yA5xSHAAHoKy8bHnk600.jpg "title=" 2017-04-28_211054.jpg "alt=" Wkiol1kdp2ya5xshaahoky8bhnk600.jpg "/>

I believe that through a simple introduction, we have probably understood what this function means, is nothing more than the time parameters, can be based on time, intelligent adjustment load DNS, can dynamically adjust the DNS server load according to the business scenario, more intelligent, It's just that different countries need to convert different GMT times a little bit of trouble

In addition to the intelligent DNS time positioning between local cross-border regions, 2016DNS also supports and azure linkage, such as daily from 3 o'clock in the afternoon to 5 points in Dalian visit more, at this point in time, can be configured 80 of the response from the local commitment, 20 of the response by Cloud Azure Bear

To configure hybrid cloud linkage with azure, you need to have a server address on Azure that can be accessed by local DNS, or a post-VPN address

If you want to use Azure as a cloud site when creating a host record, you need to be aware of adding the TimeToLive parameter, assuming that if you move the Dalian server to Azure, you should run the following command

Create an Azure logical geographic region

Add-dnsserverzonescope-zonename "eip.com"-name "Azuresitezonescope"

Create an azure geo-location host record

Add-dnsserverresourcerecord-zonename "eip.com"-a-name "www"-ipv4address "80.0.0.1"-zonescope "Azuresitezonescope" – TimeToLive 600

Create DNS Policy

Add-dnsserverqueryresolutionpolicy-name "Dalian3to5policy"-action allow-clientsubnet "eq,daliansubnet"-ZoneScope " dalian,7; azuresitezonescope,3 "–timeofday" eq,15:00-17:00 "-zonename" eip.com "–processingorder 1

You can see that there is nothing special about Windows Server. DNS Policy can achieve a perfect mix with azure and only need to be aware of the TTL time for Azure host DNS records, which is maintained for 600 seconds by default

This article is from "a Stubborn island" blog, please be sure to keep this source http://wzde2012.blog.51cto.com/6474289/1920624

Windows Server DNS Policy tod-intelligent 2