DNS Policies are a new feature in Windows Server 2016 DNS which allow for DNS requests to behave differently based on various criteria. This allows for scenarios such as Split Brain DNS, Application Load Balancing, Geo-Location Based Traffic Management, Filtering, Forensics, and Time of day based redirection.
DNS Policies can support the following scenarios (From DNS Policies Overview):
- Application Load Balancing - When you have deployed multiple instances of an application at different locations, you can use DNS policy to balance the traffic load between the different application instances, dynamically allocating the traffic load for the application.
- Geo-Location Based Traffic Management - You can use DNS Policy to allow primary and secondary DNS servers to respond to DNS client queries based on the geographical location of both the client and the resource to which the client is attempting to connect, providing the client with the IP address of the closest resource.
- Split Brain DNS - With split-brain DNS, DNS records are split into different Zone Scopes on the same DNS server, and DNS clients receive a response based on whether the clients are internal or external clients. You can configure split-brain DNS for Active Directory integrated zones or for zones on standalone DNS servers.
- Filtering - You can configure DNS policy to create query filters that are based on criteria that you supply. Query filters in DNS policy allow you to configure the DNS server to respond in a custom manner based on the DNS query and DNS client that sends the DNS query. Forensics. You can use DNS policy to redirect malicious DNS clients to a non-existent IP address instead of directing them to the computer they are trying to reach.
- Time of day based redirection - You can use DNS policy to distribute application traffic across different geographically distributed instances of an application by using DNS policies that are based on the time of day.
