Controlling Home Lab DNS Resolution with Windows Server 2016

0

Let’s face it, DNS is critical everywhere.  Even in our home labs, DNS plays a major role in many services we may want or need to run as it does in production.  At first, many in home labs may tend to simply forward DNS traffic out to their ISP and not worry too much about name resolution aside from a few host entries here and there.  I wanted to share some new functionality with controlling home lab DNS with Windows Server 2016.

Controlling Home Lab DNS with Windows Server 2016

You might ask, why do you want to control DNS in a home lab?  Well, many reasons, but a few are – control of name resolution, requirement for Windows Server Active Directory domains, DNS policies, speed, and learning.

Control

In my home lab, I run a Windows Server 2016 DC along with Active Directory integrated DNS zone.  This allows for easily creating zones, and other records – A, CNAME, and PTR records at will.  When you have this control in your home lab it makes testing, labbing, development, and many other scenarios much easier.

When you have DNS located on a server you control and have recursion happening from this point forward, you can dictate and change quickly the resource’s addresses.  If you rely on a public resolver, you don’t really have this control in a central location.  What most resort to doing is simply creating host files on the workstations themselves.  However, this is inefficient and certainly labor intensive if you want to change that same resource resolution across multiple workstations, VMs, servers, etc.

homelabDNS01 Controlling Home Lab DNS Resolution with Windows Server 2016

So, the control aspect is fairly obvious as you can create records at will as you need and for any resource record type you need.

Active Directory

Next for me is that Windows Server Active Directory domains require DNS.  DNS is an integral part of Active Directory so it is pretty much a given when you want to run a domain controller in a home lab.  Why not utilize it for more than just the Windows domain?  This was my thought as I started using my Windows Server 2016 DNS server for all lab and all Internet connected devices at home allowing for easy control over name resolution across the board.

Policies

New to Windows Server 2016 DNS is DNS policies.  This opens up some pretty interesting use cases as you can now create policies based on client subnets.  You can do some really neat things such as the following from this Technet article:

  • Application high availability. DNS clients are redirected to the healthiest endpoint for a given application.
  • Traffic Management. DNS clients are redirected to the closest datacenter.
  • Split Brain DNS. DNS records are split into different Zone Scopes, and DNS clients receive a response based on whether they are internal or external clients.
  • Filtering. DNS queries from a list of malicious IP addresses or FQDNs are blocked.
  • Forensics. Malicious DNS clients are redirected to a sink hole instead of the computer they are trying to reach.
  • Time of day based redirection. DNS clients can be redirected to datacenters based on the time of the day.

I am still experimenting with ideas on this one, but by leveraging this you can have granular control over different types of queries coming and going to different hosts/IPs, etc – pretty interesting!

Speed

Windows Server 2016 DNS caches lookups locally, so there can be a discernible improvement with name resolution by keeping these queries local to your network.  I also like the fact that you can control the cache.  If you have a stale cached lookup especially for resource records that have changed, you can purge the cache locally instead of waiting for TTL’s and cache to be purged elsewhere.

Learning

DNS is an essential skill for anyone learning or wanting to learn how to troubleshoot in today’s networks.  Name resolution is the building block of the Internet after all and learning the concepts and how it works can open your eyes to a lot of different types of technologies and troubleshooting skills.  Running your own DNS server is a great way to see the nuts and bolts of how DNS works and how to troubleshoot it when things aren’t working.

Thoughts

Controlling Home Lab DNS with Windows Server 2016 is a great way to use the newest DNS technology from Microsoft’s server operating systems, and to have control over name resolution in your home lab network.  So what are you waiting for?  Spin up a Windows Server 2016 DNS server already and start playing.