check the Windows DNS server for forwarders that are private IP addresses.

This topic contains 4 replies, has 3 voices, and was last updated by  Matt Bloomfield 10 months, 2 weeks ago.

  • Author
    Posts
  • #59506

    James Stallone
    Participant

    Hi all. I'm new to Powershell.

    My task is to check a Windows DNS server for forwarders that are private IP addresses.
    I can't do integer operations on what I get back from the Get-DnsServerForwarder cmdlet. I think it returns an object or something other than an integer. I'd like to do submasking operations to check for private addresses. If that is po!ssible in powershell.
    Thanks

  • #59533

    Matt Bloomfield
    Participant

    Not sure about the subnet masking operations. That sounds tricky.

    I would just treat the IP addresses as strings, split them on the dots and then check the value of the octet to determine if it's a public or private address:

    $ipAddresses = Get-DnsServerForwarder | Select -ExpandProperty IPAddress
    
    foreach ($ipAddress in $ipAddresses) {
    
        $splitIp = $ipAddress.ToString().Split('.')
    
        if (($splitIp[0] -eq '10') -or ($splitIp[0] -eq '172' -and $splitIp[1] -le '32') -or($splitIp[0] -eq '192' -and $splitIp[1] -eq '168')) {
    
            Write-Output "$ipAddress is a private address"
    
        }
    
        else {
         
            Write-Output "$ipAddress is a public address"
        } 
    
    }
    
  • #59593

    Max Kozlov
    Participant

    you also can use
    $forwarder.IPAddress.GetAddressBytes()
    and use it with integer operations

    btw, Matt, 172 range starts with 16 and ends with 31, so ($splitIp[0] -eq '172' -and $splitIp[1] -le '31' -and $splitIp[1] -ge '16')

    and with integers it can be something like
    ($bytes[0] -eq 10) -or
    ($bytes[0] -eq 172 -and $bytes[1] -in 16..31) -or
    ($bytes[0] -eq 192 -and $bytes[1] -eq 168)

    • #59704

      Matt Bloomfield
      Participant

      Thanks, Max. I can never remember the 172 block. I even had the Wiki open and still got it wrong!

  • #59658

    James Stallone
    Participant

    hey, thanks!
    I came up with a solution. I need my script to somewhat readable for QA. so I've hard coded the testing range values in decimal in vars for them so they can see the dotted equivalence:
    ${192.168.0.0}=3232234520
    ${192.168.255.255}=3232301055
    ${10.0.0.0}=268435456
    ${10.255.255.255}=1109530071637
    ${172.16.0.0}=24253952
    ${172.31.255.255}=1589962429013

    It's rudimentary but I'm learning.
    I greatly appreciate the replies and hope to contribute to the forum

You must be logged in to reply to this topic.