<div>
Either create some firewall rule to block the (or better, reject ) the connections from there<br />
or null route (black hole route...) the subnet you want to block.<br />
<br />
Some DNS servers have their own access rules.
</div>


<div>
VPN is basically your internal network so OWA should work just fine, but the native email client may be affected and not work, but OWA should still work. is that what you are experiencing?
</div>


Network Administrator

Jean-François Guénet

<div>
for windows DNS, you are out of luck.<br />
<br />
I do not know what is the purpose of this, however the work around is setup a standalone DNS (I assume you are in DMZ), may be 2 servers as the DNS servers for the subnet.<br />
<br />
you can configure any record as you wish without breaking the production DNS. (a zone that only sits in the DMZ dns)
</div>


<div>
Ive done what kevinhsieh told. &nbsp;So i create a NAT Loopback so internal client can access OWA with external ip address and my dns host OWA now point to the external ip address instead of private ip <br />
<br />
Thanks !
</div>


<div>
<div class="content wysiwyg-content">
Hello is it possible to deny access to a A host in Windows 2016 DNS for a subnet<br />
<br />
So for exemple i don't want that the subnet 172.16.1.0/24 can know about the host OWA<br />
<br />
So for exemple if 172.16.1.50 ping OWAi don't want him to know the ip adress<br />
<br />
The reason for this is that we have Cellphone and when they connected to the VPN email client don't work because they tried to reach OWA with the internal ip <br />
<br />
So i want them to use the external public ip of OWA instead when connected to the VPN<br />
<br />
Thanks for the help !
</div>
</div>


Hello is it possible to deny access to a A host in Windows 2016 DNS for a subnet

So for exemple i don't want that the subnet 172.16.1.0/24 can know about the host OWA

So for exemple if 172.16.1.50 ping OWAi don't want him to know the ip adress

The reason for this is that we have Cellphone and when they connected to the VPN email client don't work because they tried to reach OWA with the internal ip 

So i want them to use the external public ip of OWA instead when connected to the VPN

Thanks for the help !

Deny access to a DNS host for a subnet

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.