Enable configurable recursion in DNS Policy
DNS Policy currently supports split-brain configurations only where the DNS server is authoritative for both zones (eg. respond with IP1 for internal users and IP2 for everyone else).
It would be helpful if DNS Policy also supported split-brain scenarios where the resolver is NOT authoritative for one of the zones. This is useful in cases where the resolvers are separate from the primary DNS servers and the customer wants to specify a different IP address to a subset of clients, or when the primary DNS server is not managed internally but we want to 'overwrite' one or more IP addresses.
There is no security concern because we can already manually create a copy of the authoritative zone, however this approach is undesirable since IP addresses will become stale.
Some methods for implementing this could include:
1) Global and/or zone setting to allow recursion for names that cannot be resolved in local zones
2) Add a "RECURSE" action to Add-DnsServerQueryResolutionPolicy: ALLOW, DENY, IGNORE, RECURSE
3) Change the behaviour of "IGNORE" to recurse when the zone contains no resource records
4) Allow DNS Policy to be created on stub zones or conditional forwarders