Remove From My Forums

PowerShell - Set Zone Transfers on Secondary DNS Zones

Question
0

Sign in to vote
I've a few hundred zones that I need to update the zone transfers on, a mix of primary and secondary zones.

I can find a way to update the primary zones with the below:

[CmdletBinding()] Param( [string]$ZoneName ) if(-not($ZoneName)) {$ZoneName = Read-Host -Prompt "You must provide a Zone Name - e.g. whatever.com"} Set-DNSServerPrimaryZone -ComputerName "DNSSERVERNAME" -Name $ZoneName -SecondaryServers "1.2.3.4","5.6.7.8" -SecureSecondaries TransferToSecureServers

Logically I thought I could use "Set-DNSServerSecondaryZone" to do something similar with my secondary zones - but alas there's nothing in there to define the SecondaryServers or seemingly anything on the zone transfers at all...

Does anyone have any tips or tricks I can use to amend these? Currently I'd like to try and encompass it all in PS scripts for easy, but outside PowerShell my only thought is to drop back to dnscmd - e.g.

dnscmd DNSSERVERNAME/zoneresetsecondaries SECONDARYZONENAME /securelist 1.2.3.4 5.6.7.8

Thanks in advance
- Edited by Mark-Bailey Wednesday, September 6, 2017 2:33 PM fix DNSCMD command
Wednesday, September 6, 2017 12:21 PM

All replies

0

Sign in to vote

Set-DnsServerPrimaryZone -NotifyServers $secondar1,$secondary2, ...

help Set-DnsServerPrimaryZone -full

\_(ツ)_/

Wednesday, September 6, 2017 2:15 PM

That's fine for Primary zones, but errors for Secondary zones (presuming because its expecting a Primary) - need something to combat the Secondary zones as well - without doing it in the GUI and preferably without resorting to dnscmd

Set-DnsServerPrimaryZone : This operation is not allowed for the zone
whatever.com on server DNSSERVER1.
At line:1 char:1+ 
Set-DnsServerPrimaryZone -NotifyServers 1.2.3.4,5.6.7.8+ 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (whatever.com:root/Microsoft/...rv    erPrimaryZone) [Set-DnsServerPrimaryZone], CimException
    + FullyQualifiedErrorId : WIN32 9611,Set-DnsServerPrimaryZone

Edited by Mark-Bailey Wednesday, September 6, 2017 2:28 PM Cleaned up

Wednesday, September 6, 2017 2:26 PM

1

Sign in to vote
Hi,

Based on my research, there might have no built-in parameters to set zone transfers in a secondary zone.

In this case, to work around this requirement, you could set the DNS secondary zone as a primary zone first, set the zone transfers, then set the DNS zone back to secondary zone. The following scripts for your reference, hope it is helpful to you:

$second = Get-DnsServerZone | ?{$_.ZoneType -eq 'secondary'} foreach ($sec in $second) { ConvertTo-DnsServerPrimaryZone -Name $sec.ZoneName -ZoneFile $sec.ZoneName -Force Set-DnsServerPrimaryZone -Name $sec.ZoneName -SecondaryServers 1.2.3.4 -SecureSecondaries TransferToSecureServers ConvertTo-DnsServerSecondaryZone -Name $sec.ZoneName -MasterServers $sec.MasterServers.IpAddressToString -ZoneFile $sec.ZoneName -Force }

If you need further help, please feel free to let us know.

Best Regards,
Albert Ling
Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Proposed as answer by Albert LingMicrosoft contingent staff Monday, September 25, 2017 5:21 AM
Tuesday, September 12, 2017 11:48 AM
0

Sign in to vote

Hi,

Just checking in to see if the information provided was helpful. Have you tried my scripts? Please let us know if you would like further assistance.

Best Regards,
Albert Ling
Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Friday, September 15, 2017 5:05 AM
0

Sign in to vote

Sorry - I missed this - will check tomorrow and let you know!

Monday, September 18, 2017 3:43 PM
0

Sign in to vote

Hi,

Just want to confirm the current situations. Have you tried the scripts which provided before?

If you already tried them or the issue remains after trying them, please don’t hesitate to tell me. I will do more research and try my best to give you helpful suggestions.

Best Regards,
Albert Ling
Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Wednesday, September 20, 2017 9:52 AM
0

Sign in to vote

Hi,

I am checking how the issue is going, if you still have any questions, please feel free to contact us.

If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If no, please reply and tell us the current situation in order to provide further help.

Appreciate for your feedback.

Best Regards,
Albert Ling
Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, September 25, 2017 5:21 AM
0

Sign in to vote
I only just realized I never came back to this - sorry!

In the end I dropped down to dnscmd to add zone transfers:

dnscmd $DNSServer /zoneresetsecondaries $SecondaryZone /securelist $ZoneTransferIPs

I incorporated these into arguments into the script... but in a simple form / one off this works:

$DNSServer = "servername" $SecondaryZone = "zone.name" [string[]]$ZoneTransferIPs = "11.11.11.11","10.10.10.10" dnscmd $DNSServer /zoneresetsecondaries $SecondaryZone /securelist $ZoneTransferIPs

as a note it does reset rather than append the zone transfer list.
It just seemed a bit safer rather than changing the zone type to primary and back again
- Edited by Mark-Bailey Thursday, August 9, 2018 1:07 PM
Thursday, August 9, 2018 1:06 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

PowerShell - Set Zone Transfers on Secondary DNS Zones

Question

All replies