none
Adding NS records to Primary non-AD DNS zones using DNSCMD and PowerShell 3.0 RRS feed

  • Question

  • Hi all,

    I know there is a very similar question posted about this but the fix offered will not work for me so instead of hijacking his thread, i started a new question.

    I'm adding an NS record to some zones via either PowerShell and dnscmd, each with the same result--an asterisk by the IP address, meaning it is an "IP address retrieved as the result of a DNS query and may not represent actual records on this server". The zone absolutely will not transfer when the asterisk is present.

    after using the script, i look at the secondary zones created on the DNS2,3 and 4 servers and it says the "Zone Not loaded by DNS Server"  if i go back and remove the NS from the Primary created by the script and add the NS manually, the asterisk goes away and after a refresh, the secondary zones are fine and loaded by the DNS server.

    If I add the same server via the Name Servers tab in the GUI, there is no asterisk and the zone transfers without issue.


    i am doing this to "blackhole" these zones

    here is the powershell script i created (yes, i know it may not be the best way or the best tool, but no we dont have server 2012 yet, i cant import any modules into my powershell and the DNSCMD tool is all i have to work with and all i am allowed to work with on this network.

    i have a text file of the web addresses i am adding to the "blackhole" using the below script

    (text in italics and underlined is text that was changed to something generic to protect sensitive info)

    $a = Get-Content "D:\filelocation\blackholetest.txt"
    $b = "@"
    foreach ($a in $a)
    {
    dnscmd DNS1 /zoneadd $a /Primary /File $a".dns"
    dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS
    dnscmd DNS1 /recordadd $a $b NS DNS2.fully.qualified.domain.name
    dnscmd DNS1 /recordadd $a $b NS DNS3.fully.qualified.domain.name
    dnscmd DNS1 /recordadd $a $b NS DNS4.fully.qualified.domain.name
    dnscmd DNS2 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
    dnscmd DNS3 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
    dnscmd DNS4  /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
    }

    thanks in advance to any help and suggestions you may have.


    • Edited by Nuckin_Futz Tuesday, September 27, 2016 6:15 PM spelling issue in title
    Tuesday, September 27, 2016 6:14 PM

Answers

  • HI all,

    got this figured out...

    even though I was naming the NS in the script and the Zone transfer was set to transfer to the servers in the NS tab, it wasn't because of the * in the NS tab in the IP of the servers.  By adding a few lines to the script to set the IP of the secondary servers in the Zone Transfer tab and setting the zone transfers to go to the servers in the list, all is right with the world and is working the way it needs to be.  (see final script below)

    thanks to all.

        $a = Get-Content "D:\filelocation\blackholetest.txt"
        $b = "@"
        foreach ($a in $a)
        {
        dnscmd DNS1 /zoneadd $a /Primary /File $a".dns"
        dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS
        dnscmd DNS1 /recordadd $a $b NS DNS2.fully.qualified.domain.name
        dnscmd DNS1 /recordadd $a $b NS DNS3.fully.qualified.domain.name
        dnscmd DNS1 /recordadd $a $b NS DNS4.fully.qualified.domain.name
        dnscmd DNS1 /zoneresetsecondaries $a /securelist DNS2.IP.ADD.RESS DNS3.IP.ADD.RESS DNS4.IP.ADD.RESS /notify
        dnscmd DNS2 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
        dnscmd DNS3 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
        dnscmd DNS4 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
        }

    • Marked as answer by Nuckin_Futz Wednesday, September 28, 2016 4:11 PM
    Wednesday, September 28, 2016 4:11 PM
  • after realizing that I may not be the only one in my organization that would be using this script, I decided to modify it to use user input instead of a get-content and decided to make it loop.  see new code below.

        do
        {
        $a = Read-Host "Enter Domain name you want to add to the black hole.  If you ae done type Exit"
        if ($a -eq "Exit")
        {break}
        else
        {
        $b = "@"
        dnscmd DNS1 /zoneadd $a /Primary /File $a".dns"
         dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS
         dnscmd DNS1 /recordadd $a $b NS DNS2.fully.qualified.domain.name
         dnscmd DNS1 /recordadd $a $b NS DNS3.fully.qualified.domain.name
         dnscmd DNS1 /recordadd $a $b NS DNS4.fully.qualified.domain.name
         dnscmd DNS1 /zoneresetsecondaries $a /securelist DNS2.IP.ADD.RESS DNS3.IP.ADD.RESS DNS4.IP.ADD.RESS /notify
         dnscmd DNS2 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
         dnscmd DNS3 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
         dnscmd DNS4 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
        }
        }
        until ($a -eq "Exit")

    • Marked as answer by Nuckin_Futz Thursday, September 29, 2016 5:27 PM
    Thursday, September 29, 2016 5:27 PM

All replies

  • Hi,

    DO you mean  this thread:

    Adding NS records to Primary non-AD DNS zones

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/26f3e751-c41c-4af3-9cfc-4c89af3ecf5f/adding-ns-records-to-primary-nonad-dns-zones?forum=winserveripamdhcpdns

    I have tested in my lab,this fix could work,could you please tell us how do you add A record for each zone,in case of some misunderstanding.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 28, 2016 8:37 AM
  • hi Cartman,

    Yes, that is the thread.  unfortunately, I am doing this to "blackhole" these zones and I create the A record with the following part of the script...

    dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS.  I only create 1 A record per primary zone.  when I do it with the GUI all is right with the world, but when I do the exact same thing using the dnscmd is when I have a problem.

    thanks

    Nuckin

    Wednesday, September 28, 2016 2:14 PM
  • HI all,

    got this figured out...

    even though I was naming the NS in the script and the Zone transfer was set to transfer to the servers in the NS tab, it wasn't because of the * in the NS tab in the IP of the servers.  By adding a few lines to the script to set the IP of the secondary servers in the Zone Transfer tab and setting the zone transfers to go to the servers in the list, all is right with the world and is working the way it needs to be.  (see final script below)

    thanks to all.

        $a = Get-Content "D:\filelocation\blackholetest.txt"
        $b = "@"
        foreach ($a in $a)
        {
        dnscmd DNS1 /zoneadd $a /Primary /File $a".dns"
        dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS
        dnscmd DNS1 /recordadd $a $b NS DNS2.fully.qualified.domain.name
        dnscmd DNS1 /recordadd $a $b NS DNS3.fully.qualified.domain.name
        dnscmd DNS1 /recordadd $a $b NS DNS4.fully.qualified.domain.name
        dnscmd DNS1 /zoneresetsecondaries $a /securelist DNS2.IP.ADD.RESS DNS3.IP.ADD.RESS DNS4.IP.ADD.RESS /notify
        dnscmd DNS2 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
        dnscmd DNS3 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
        dnscmd DNS4 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
        }

    • Marked as answer by Nuckin_Futz Wednesday, September 28, 2016 4:11 PM
    Wednesday, September 28, 2016 4:11 PM
  • Hi,

    Thank you for sharing to us.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 29, 2016 1:24 AM
  • after realizing that I may not be the only one in my organization that would be using this script, I decided to modify it to use user input instead of a get-content and decided to make it loop.  see new code below.

        do
        {
        $a = Read-Host "Enter Domain name you want to add to the black hole.  If you ae done type Exit"
        if ($a -eq "Exit")
        {break}
        else
        {
        $b = "@"
        dnscmd DNS1 /zoneadd $a /Primary /File $a".dns"
         dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS
         dnscmd DNS1 /recordadd $a $b NS DNS2.fully.qualified.domain.name
         dnscmd DNS1 /recordadd $a $b NS DNS3.fully.qualified.domain.name
         dnscmd DNS1 /recordadd $a $b NS DNS4.fully.qualified.domain.name
         dnscmd DNS1 /zoneresetsecondaries $a /securelist DNS2.IP.ADD.RESS DNS3.IP.ADD.RESS DNS4.IP.ADD.RESS /notify
         dnscmd DNS2 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
         dnscmd DNS3 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
         dnscmd DNS4 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
        }
        }
        until ($a -eq "Exit")

    • Marked as answer by Nuckin_Futz Thursday, September 29, 2016 5:27 PM
    Thursday, September 29, 2016 5:27 PM