DNS lookup Powershell 2.0 compliant

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Joakim Svendsen Joakim Svendsen 1 year, 10 months ago.

  • Author
    Posts
  • #22253
    Profile photo of Charles McBeth
    Charles McBeth
    Participant

    My current environment requires that PowerShell 2.0 compliance be adhered to as we still have server 2003. I am seeing interesting behavior when using the 'System.Net.Dns::GetHostEntry("computername")'. When running the command against a remote machine name the proper (single) entry from DNS is returned. If I run the same command as follows on that remote computer while logged in locally to it 'System.Net.Dns::GetHostEntry($env:Computername)' it returns all local IP addresses whether in DNS or not. Is this expected behavior? I have spent hours searching forums for someone else experiencing the same issue but haven't been successful.
    Ultimately my goal is to only return what is actually registered in DNS and not something local.

    Thanks

  • #22255
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You're probably just seeing normal DNS behavior, nothing to do with PowerShell. Keep in mind that a computer will normally cache its own IP addresses indefinitely, locally. So the "name resolution system" will return those, on that computer, without needing to resort to the DNS server. That's kind of how lookup is supposed to work.

    If your goal is to just check the DNS server, then you don't want name resolution – you want to query the DNS server directly. If it's a Microsoft DNS server, there's a WMI namespace you can use for that. You'd connect to the server directly via Get-WmiObject and request whatever specific record(s) you want.

    • #22261
      Profile photo of Charles McBeth
      Charles McBeth
      Participant

      @Don Jones, thank you. That put me on the right track. I was able to use nslookup and parse the string to get the results I needed.

      $FullAddressList = nslookup -type=a $env:COMPUTERNAME | findstr "[0-9].[0-9].[0-9].[0-9]"
      $counter = 0
      foreach ($line in $FullAddressList)
      {
      	$counter += 1
      	if ($counter -ne 1)
      	{
      		write "$line" | %{ $_.Split(" ")[2] }
      	}
      }
      
  • #22282
    Profile photo of Joakim Svendsen
    Joakim Svendsen
    Participant

    Parsing nslookup in an odd and bug-ridden way seems suboptimal. Don was hinting towards using Get-WmiObject. There appears to be some info here – I just skimmed briefly: http://www.computerperformance.co.uk/powershell/powershell_wmi_dns.htm

    I would, however, use this: https://dnsshell.codeplex.com/ — that uses WMI under the hood.

    Your foreach and if could be better written as the following unless I'm missing something:

    $FullAddressList | Select -Skip 1 | ForEach-Object { $_.Split(" ")[2] }
    

    But your nslookup command doesn't work the way you want it to, so that'll be wrong too... :

    PS D:\> nslookup wiki.powershelladmin.com | findstr "[0-9].[0-9].[0-9].[0-9]"
    Non-authoritative answer:
    Address:  192.168.1.1
    Address:  96.126.122.49
    

    It returns that line of text, which is written to STDOUT (file descriptor 2 – see redirection in code below to the file "tmp.tmp") and the router/DNS server IP as well as the actual result (last).

    I guess your version does work since you skip the first STDOUT result, ignore STDERR (dumped to screen and just happily ignored?), and then get the second one, but calling "findstr" from PowerShell? That's bad. Very bad.

    If you do want to parse nslookup, this works:

    PS D:\temp> [regex]::Matches((nslookup wiki.powershelladmin.com 2> tmp.tmp | select -last 2), 'Address:\s+([\d.]+)') | %{ $_.Groups[1].Value }
    96.126.122.49
    

    You could also use the -match operator:

    PS D:\temp> (nslookup wiki.powershelladmin.com 2> tmp.tmp | select -last 2 | select -first 1) -match 'Address:\s+([\d.]+)'
    True
    PS D:\temp> $Matches[1]
    96.126.122.49
    
  • #22285
    Profile photo of Joakim Svendsen
    Joakim Svendsen
    Participant

    If anyone is looking for a _precise_ regex for matching an IPv4 address, this article should help.

You must be logged in to reply to this topic.