Why Does DNS Policy Only Work Every "Other" Time we Test on Linux Machines?

windows_gie

New Member
Joined
Mar 23, 2022
Messages
1
Reaction score
0
Credits
17
I created a DNS policy (using the add-dnsserverqueryresolutionpolicy {Powershell cmdlet).

This policy enforces an "ignore" any time a resource in subdomain/zone scope B tries to resolve the ip address of a resource located in subdomain/zone scope A.

My problem is that the "ignore" only seems to work every other time we run pings from subdomain B over to something in subdomain A.

The first time it's ran, the block works, but on the next try it pings successfully... Then the next time the "ignore" is back to working again.


Mind you, the servers we're testing this on are Linux machines, of which I know little about.

Any idea what's causing this? I was thinking that perhaps the /etc/resolv.conf on the machines may need to be tweaked, but we are using fqdn's when we ping, so I'm not so sure about that being the remedy.

Reply0
Unsubscribe

Collect
 


dos2unix

Well-Known Member
Joined
May 3, 2019
Messages
1,392
Reaction score
1,019
Credits
8,557
Different distro's handle this differently. Which distro are you using?
In particular, do you know if it's a distro that uses NetworkManager.

resolv.conf is not a reliable source if you are using NetworkManager.

Are you using internal DNS servers? External? Both?
If you're using networkd, there are some work-arounds you need to do.

Are you using powershell on the Linux systems? That also can be problematic.
For example... https://github.com/PowerShell/powershell/issues

In my experience powershell on Linux isn't really dependable or ready for primetime.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top