-2

I have one forest. In that, we have total of 14 domain controllers. DNS zone contains A record of these 14 domain controller. If I do nslookup <domain.com> from client windows machine, it is displaying all 14 records(resolving to IP addresses). I want some clients to restrict to display only one specific DC A record if do nslook. Remaining records should not be displayed.

I referred Microsoft https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries article. But no where it's given how to achieve this. Can you please help on this?

Jagatheesh
  • 1
  • "I want some clients to restrict to display only one specific DC A record if do nslook" - why? – Mathias R. Jessen Sep 16 '20 at 11:57
  • We exposed only one dc in vpn subnet. We don't want anyone/outsider to see all Dc details from vpn subnet clients. – Jagatheesh Sep 18 '20 at 12:36
  • If it's for performance/load reasons then you need to solve it by reconfiguring the network topology in AD - add the VPN subnet to a site that's only connected to the site with the dedicated DC or review site link costs between existing sites. If it's for confidentiality (ie. no one can know the names of remaining DCs), then you probably want to expose the specific service required with a reverse proxy instead, don't expose the DC directly to the client subnet – Mathias R. Jessen Sep 18 '20 at 13:20

1 Answers1

-1

You can use the equivalent of nslookup called Resolve-DnsName

Resolve-DnsName -Name <domain.com> -Server <domaincontroller>

More information about the cmdlet can be found here https://learn.microsoft.com/en-us/powershell/module/dnsclient/resolve-dnsname?view=win10-ps

Peter the Automator
  • 796
  • 6
  • 16