Lead Image © mikiel, 123RF.com
Policy-based DNS in Windows Server 2016
High Resolution
GeoDNS providers help manage external access to an application as a function of the requesting client's location. Using these services, you can define which IP address is returned in response to a DNS request or whether the request is answered at all, making it easy to roll out and manage access to your application: You only need to publish a name, and the client automatically connects to the best available data center site. However, the internal publication of applications in distributed Windows infrastructures forces administrators to resort to workarounds when assigning IP addresses to a DNS request.
This lack of flexibility is compensated for either by the application itself controlling client access as a function of the Active Directory (AD) location (e.g., Exchange) or by administrators publishing the application on various locations under different names and passing these names to the right clients. For clients that permanently remain in one location, this workaround usually works quite well, but with frequent relocations, things often go wrong. Additionally, web services make it difficult to manage multiple names, for example, because SSL certificates must be issued in different names and if wildcard certificates are not available.
Policy-Based DNS
Windows Server 2016 gives you a tool – policy-based DNS – that lets you provide DNS resolution with the utmost flexibility. The possible applications of policy-based name resolution go far beyond geographically based load balancing and also help you increase the security of your entire IT landscape.
Consider a practical example: A company (call it "Contoso," in the typical Microsoft way) with offices in Germany, Japan, and Canada has decided to introduce an internal web-based collaboration platform. The client farm is made up of corporate and private devices, including smartphones and tablets, because employees love
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Resolving problems with DNS, Active Directory, and Group Policy
Upgrading domain controllers or installing new servers can cause problems with name resolution, Active Directory replication, and Group Policy. A coordinated approach can isolate these errors in Windows Server 2008 or newer. -
Setting up and managing IPv6 on Windows Server 2016
Windows Server 2016 automatically prefers IPv6 addresses, if available, but the manual configuration steps differ from IPv4 and necessitate new tools. Here's how to approach IPv6 in your daily admin work. -
11 Tricks for Windows servers
A number of techniques applied in PowerShell or other management tools can run Windows servers more effectively, harden them, and improve their performance. -
Manage guest accounts in Azure Active Directory
Cross-tenant access settings and user-friendly Access Reviews simplify the management of guest accounts in Azure Active Directory. -
Optimizing domain controller security
Configure your domain controller security settings correctly with Policy Analyzer and current Microsoft baselines for a leak-tight Active Directory.