locked
Resolve-DnsName and TXT records RRS feed

  • Question

  • Hello guys, Can anyone help me to create a ps script to check DNS TXT records? I spent a long time trying to find a way to cut the results, but I could not find it.

    How can I bring just a piece of this string? removing un necessary data and leaving just what I want.

    PS C:\Windows\system32> Resolve-DnsName globo.com -Type TXT | ft Strings -HideTableHeaders -Wrap

    {facebook-domain-verification=az0i8tu9502l8fbi1usht04qdsjn4m}
    {v=spf1 include:_gl1.globo.com include:_lw1.globo.com include:_lw2.globo.com include:_spf.directtalk.com.br
    include:_spf.salesforce.com -all}

    I need to create a list with all "include:" results like this:

    gl1.globo.com
    lw1.globo.com
    lw2.globo.com
    spf.directtalk.com.br
    spf.salesforce.com

     

    Thanks in advanced


    Thiago Zanardo

    Sunday, June 21, 2020 11:16 PM

Answers

  • I hate to do this t you guys but ....

    Resolve-DnsName globo.com -Type TXT |
        Select-Object -expand strings |
        ForEach-Object{$_ -split '\s'} |
        Where-Object{$_ -match 'Include'} |
        ForEach-Object{$_ -replace 'include:_'}

    I think that matches the example quite closely.

    PS C:\scripts> Resolve-DnsName globo.com -Type TXT |
    >>     Select-Object -expand strings |
    >>     ForEach-Object{$_ -split '\s'} |
    >>     Where-Object{$_ -match 'Include'} |
    >>     ForEach-Object{$_ -replace 'include:_'}
    gl1.globo.com
    lw1.globo.com
    lw2.globo.com
    spf.directtalk.com.br
    spf.salesforce.com

    Did I miss anything?


    \_(ツ)_/


    • Edited by jrv Monday, June 22, 2020 2:58 AM
    • Marked as answer by Thiago Zanardo Monday, June 22, 2020 11:15 AM
    Monday, June 22, 2020 2:57 AM
  • ((Resolve-DnsName globo.com -Type TXT).Strings | Select-String -Pattern 'include:_?(?''include''\S+)' -AllMatches).matches.groups | where {$_.name -eq 'include'} | select -ExpandProperty value

    hi colleagues :) 

    have one more solution which doing the same as yours but in a little bit different way


    The opinion expressed by me is not an official position of Microsoft

    • Proposed as answer by Vector BCO Monday, June 22, 2020 12:17 PM
    • Marked as answer by jrv Monday, June 22, 2020 5:34 PM
    Monday, June 22, 2020 11:11 AM

All replies

  • First read the following carefully and fix your original post.


    \_(ツ)_/

    Monday, June 22, 2020 12:16 AM
  • Thiago,

    When you post code, error messages, sample data or console output format it as code, please. How to Use the Code Feature in a TechNet Forum Post

    $ResolveOutput = Resolve-DnsName globo.com -Type TXT | Select-Object -ExpandProperty Text
    $IncludeList = $ResolveOutput -split ' ' | Where-Object { $_ -match ':'}
    foreach ($IncludeString in $IncludeList) {
        ($IncludeString -split ':')[1].trim('_')
    }


    Live long and prosper!

    (79,108,97,102|%{[char]$_})-join''

    • Proposed as answer by Vector BCO Monday, June 22, 2020 11:18 AM
    Monday, June 22, 2020 12:27 AM
  • What about any includes found in included TXT records?

    For example, in the TXT record for "globo.com" is an include for "_gl1.globo.com", and in that TXT record is an include for "_lwcad.globo.com"


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Monday, June 22, 2020 1:54 AM
  • I think I'd modify your code a bit, BOfh-666.

    $ResolveOutput = Resolve-DnsName globo.com -Type TXT | Select-Object -ExpandProperty Text
    $ResolveOutput -split ' ' | 
        Where-Object { $_ -match 'include:'} |
            ForEach-Object  {
                ($_ -split ':')[1]
        }
    Your code will list things like "ip4" and "ip6" addresses, and it also removes the "_" character from the DNS name in the include parameter. He only wanted the include names, and for those to be valid then have to remain unmodified.


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)


    Monday, June 22, 2020 1:59 AM
  • I hate to do this t you guys but ....

    Resolve-DnsName globo.com -Type TXT |
        Select-Object -expand strings |
        ForEach-Object{$_ -split '\s'} |
        Where-Object{$_ -match 'Include'} |
        ForEach-Object{$_ -replace 'include:_'}

    I think that matches the example quite closely.

    PS C:\scripts> Resolve-DnsName globo.com -Type TXT |
    >>     Select-Object -expand strings |
    >>     ForEach-Object{$_ -split '\s'} |
    >>     Where-Object{$_ -match 'Include'} |
    >>     ForEach-Object{$_ -replace 'include:_'}
    gl1.globo.com
    lw1.globo.com
    lw2.globo.com
    spf.directtalk.com.br
    spf.salesforce.com

    Did I miss anything?


    \_(ツ)_/


    • Edited by jrv Monday, June 22, 2020 2:58 AM
    • Marked as answer by Thiago Zanardo Monday, June 22, 2020 11:15 AM
    Monday, June 22, 2020 2:57 AM
  • Did I miss anything?

    I think you did not. The ouput looks the same like with my code suggestion. ;-)


    Live long and prosper!

    (79,108,97,102|%{[char]$_})-join''

    Monday, June 22, 2020 9:06 AM
  • ((Resolve-DnsName globo.com -Type TXT).Strings | Select-String -Pattern 'include:_?(?''include''\S+)' -AllMatches).matches.groups | where {$_.name -eq 'include'} | select -ExpandProperty value

    hi colleagues :) 

    have one more solution which doing the same as yours but in a little bit different way


    The opinion expressed by me is not an official position of Microsoft

    • Proposed as answer by Vector BCO Monday, June 22, 2020 12:17 PM
    • Marked as answer by jrv Monday, June 22, 2020 5:34 PM
    Monday, June 22, 2020 11:11 AM
  • First, I would like thank for all reponses!!

    This is everything I was looking for... You are awesome!!!

    What is the best way to add an -or on the last part???

    Because some domains have just include: instead include:_

    I added another ForEach and it worked, but I dont think it is the correct way to do so. I was thinking to add something like -or between two clauses but did not work... 

    Resolve-DnsName ipfa.org -Type TXT |Select-Object -expand strings | ForEach-Object{$_ -split '\s'} |Where-Object{$_ -match 'Include'} | ForEach-Object{$_ -replace 'include:_' } | ForEach-Object{$_ -replace 'include:'}

    Any recommendation??

    Thanks

    THiago


    Thiago Zanardo

    Monday, June 22, 2020 11:15 AM
  • take a look last sample

    there you can find "include:_?" which doing the work :)


    The opinion expressed by me is not an official position of Microsoft

    Monday, June 22, 2020 11:18 AM
  • Any recommendation??

    It shouldn't make any difference for the code snippet I posted actually. It should work anyway.  ;-)  Did you check it?


    Live long and prosper!

    (79,108,97,102|%{[char]$_})-join''

    Monday, June 22, 2020 11:53 AM
  • Yup. You did!

    Why are you removing the "_" from the results??????? Those are part of the included SPF record's name!


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Monday, June 22, 2020 2:48 PM
  • The example I provided does not remove the underscores from the names.

    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Monday, June 22, 2020 2:51 PM
  • The example I provided does not remove the underscores from the names.

    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    for some reason author asked for doing that :)

    The opinion expressed by me is not an official position of Microsoft


    • Edited by Vector BCO Monday, June 22, 2020 3:30 PM
    Monday, June 22, 2020 3:29 PM
  • The example I provided does not remove the underscores from the names.


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    for some reason author asked for doing that :)

    The opinion expressed by me is not an official position of Microsoft


    This is an example of untrained people who do not know how to read trying to manage sophisticated adult level devices.  Yes - SPF records almost always reference a domain with an "_" but is seams the OP thinks the domain name without the "_" is useful.  Maybe it is.

    The original question could be asked better.


    \_(ツ)_/

    Monday, June 22, 2020 5:32 PM
  • Even worse, I don't think the OP understands that "include:" is not limited to just the "top-level" SPF record.

    The only limitation is that in processing the SPF record no more than 10 DNS lookups are allowed.

    Even in the SPF data for the example domain he used there are "include" statements in the TXT records that were included.


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Monday, June 22, 2020 6:33 PM
  • Even worse, I don't think the OP understands that "include:" is not limited to just the "top-level" SPF record.

    The only limitation is that in processing the SPF record no more than 10 DNS lookups are allowed.

    Even in the SPF data for the example domain he used there are "include" statements in the TXT records that were included.


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    A common side effect of a question based on incomplete or incorrect information or understanding.  We have to wait for the OP to apply the results to the implied tasking to find out if it is really what is required.

    The OP will likely learn many new things.

    I am curious as to why this is needed.  The answer to that would likely clarify this requirement.


    \_(ツ)_/

    Monday, June 22, 2020 10:06 PM
  • Go fuck yourself JRV, you condescending piece of wank
    Tuesday, June 23, 2020 11:46 AM
  • Because I has some free time this morning . . .

    function UnwindSPF {
        param (
            [string]$DNSName,
            [int]$Level=0
        )
        Resolve-DnsName $DNSName -Type TXT |
            ForEach-Object {
                if ($_.Text -match 'v=spf1\s'){
                    [PSCustomObject]@{
                        Depth = $Level
                        'DNS Name' =$_.Name
                    }
                    $_.Text -Split '\s' |
                        Where-Object {$_ -match 'include:(.+$)'}|
                            ForEach-Object  {
                                UnwindSPF $Matches[1] ($Level + 1)
                            }
                }
            }
    }
    
    UnwindSPF globo.com 0 | ft
    Depth DNS Name
    ----- --------
        0 globo.com
        1 _gl1.globo.com
        2 _lwcad.globo.com
        1 _lw1.globo.com
        1 _lw2.globo.com
        1 _spf.directtalk.com.br
        1 _spf.salesforce.com
    



    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)


    Tuesday, June 23, 2020 2:57 PM