locked
PowerShell - Set Zone Transfers on Secondary DNS Zones RRS feed

  • Question

  • I've a few hundred zones that I need to update the zone transfers on, a mix of primary and secondary zones.

    I can find a way to update the primary zones with the below:

    [CmdletBinding()]
    Param(
        
      [string]$ZoneName
    )
    
    if(-not($ZoneName)) {$ZoneName = Read-Host -Prompt "You must provide a Zone Name - e.g. whatever.com"}
    
    
    Set-DNSServerPrimaryZone -ComputerName "DNSSERVERNAME" -Name $ZoneName -SecondaryServers "1.2.3.4","5.6.7.8" -SecureSecondaries TransferToSecureServers 

    Logically I thought I could use "Set-DNSServerSecondaryZone" to do something similar with my secondary zones - but alas there's nothing in there to define the SecondaryServers or seemingly anything on the zone transfers at all...

    Does anyone have any tips or tricks I can use to amend these?   Currently I'd like to try and encompass it all in PS scripts for easy, but outside PowerShell my only thought is to drop back to dnscmd - e.g.

    dnscmd DNSSERVERNAME/zoneresetsecondaries SECONDARYZONENAME /securelist 1.2.3.4 5.6.7.8

    Thanks in advance



    • Edited by Mark-Bailey Wednesday, September 6, 2017 2:33 PM fix DNSCMD command
    Wednesday, September 6, 2017 12:21 PM

All replies

  • Set-DnsServerPrimaryZone -NotifyServers $secondar1,$secondary2, ...

    help Set-DnsServerPrimaryZone -full


    \_(ツ)_/

    Wednesday, September 6, 2017 2:15 PM
  • That's fine for Primary zones, but errors for Secondary zones (presuming because its expecting a Primary) - need something to combat the Secondary zones as well - without doing it in the GUI and preferably without resorting to dnscmd

    Set-DnsServerPrimaryZone : This operation is not allowed for the zone
    whatever.com on server DNSSERVER1.
    At line:1 char:1+ 
    Set-DnsServerPrimaryZone -NotifyServers 1.2.3.4,5.6.7.8+ 
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (whatever.com:root/Microsoft/...rv    erPrimaryZone) [Set-DnsServerPrimaryZone], CimException
        + FullyQualifiedErrorId : WIN32 9611,Set-DnsServerPrimaryZone

    • Edited by Mark-Bailey Wednesday, September 6, 2017 2:28 PM Cleaned up
    Wednesday, September 6, 2017 2:26 PM
  • Hi,

    Based on my research, there might have no built-in parameters to set zone transfers in a secondary zone.

    In this case, to work around this requirement, you could set the DNS secondary zone as a primary zone first, set the zone transfers, then set the DNS zone back to secondary zone. The following scripts for your reference, hope it is helpful to you:
    $second = Get-DnsServerZone | ?{$_.ZoneType -eq 'secondary'}
    
    foreach ($sec in $second)
    {
    	ConvertTo-DnsServerPrimaryZone -Name $sec.ZoneName -ZoneFile $sec.ZoneName -Force
    	Set-DnsServerPrimaryZone -Name $sec.ZoneName -SecondaryServers 1.2.3.4 -SecureSecondaries TransferToSecureServers
    	ConvertTo-DnsServerSecondaryZone -Name $sec.ZoneName -MasterServers $sec.MasterServers.IpAddressToString -ZoneFile $sec.ZoneName -Force
    }

    If you need further help, please feel free to let us know.

    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 12, 2017 11:48 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Have you tried my scripts? Please let us know if you would like further assistance.

    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 15, 2017 5:05 AM
  • Sorry - I missed this - will check tomorrow and let you know! 

    Monday, September 18, 2017 3:43 PM
  • Hi,

    Just want to confirm the current situations. Have you tried the scripts which provided before?

    If you already tried them or the issue remains after trying them, please don’t hesitate to tell me. I will do more research and try my best to give you helpful suggestions.

    Best Regards,
    Albert Ling


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 20, 2017 9:52 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
    If no, please reply and tell us the current situation in order to provide further help.

    Appreciate for your feedback.

    Best Regards,
    Albert Ling

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 25, 2017 5:21 AM
  • I only just realized I never came back to this - sorry!

    In the end I dropped down to dnscmd to add zone transfers:

    dnscmd $DNSServer /zoneresetsecondaries $SecondaryZone /securelist $ZoneTransferIPs

    I incorporated these into arguments into the script... but in a simple form / one off this works:

    $DNSServer = "servername"
    $SecondaryZone = "zone.name"
    [string[]]$ZoneTransferIPs = "11.11.11.11","10.10.10.10"
    
    
    
    dnscmd $DNSServer /zoneresetsecondaries $SecondaryZone /securelist $ZoneTransferIPs

    as a note it does reset rather than append the zone transfer list.

    It just seemed a bit safer rather than changing the zone type to primary and back again
    • Edited by Mark-Bailey Thursday, August 9, 2018 1:07 PM
    Thursday, August 9, 2018 1:06 PM