Why Does DNS Policy Only Work Every "Other" Time we Test on Linux Machines?

[windows_gie]

I created a DNS policy (using the add-dnsserverqueryresolutionpolicy {Powershell cmdlet).

This policy enforces an "ignore" any time a resource in subdomain/zone scope B tries to resolve the ip address of a resource located in subdomain/zone scope A.

My problem is that the "ignore" only seems to work every other time we run pings from subdomain B over to something in subdomain A.

The first time it's ran, the block works, but on the next try it pings successfully... Then the next time the "ignore" is back to working again.

Mind you, the servers we're testing this on are Linux machines, of which I know little about.

Any idea what's causing this? I was thinking that perhaps the /etc/resolv.conf on the machines may need to be tweaked, but we are using fqdn's when we ping, so I'm not so sure about that being the remedy.

Reply0
Unsubscribe

Collect

 

[dos2unix]

Different distro's handle this differently. Which distro are you using?
In particular, do you know if it's a distro that uses NetworkManager.

resolv.conf is not a reliable source if you are using NetworkManager.

Are you using internal DNS servers? External? Both?
If you're using networkd, there are some work-arounds you need to do.

Are you using powershell on the Linux systems? That also can be problematic.
For example... https://github.com/PowerShell/powershell/issues

Known Issues — PowerCLI Core latest documentation

powercli-core.readthedocs.io

In my experience powershell on Linux isn't really dependable or ready for primetime.