Validate DNS Zone Names and Master Servers

This topic contains 6 replies, has 2 voices, and was last updated by Profile photo of Ed O'Connor Ed O’Connor 8 months, 4 weeks ago.

  • Author
    Posts
  • #36175
    Profile photo of Ed O'Connor
    Ed O’Connor
    Participant

    I am trying to come up with a script that will validate ($True or $False) if a specified list of DNS Zone Names and their associated Master Servers list exists on a DNS Server.

    Example List:

    Zone Names				Master Servers
    
    testCorp.com				"158.192.20.251","155.108.26.130","156.107.74.100","157.191.169.71","156.109.176.244"
    190.157.in-addr.arpa			"157.191.169.71","156.109.176.244"
    testCorpacademy.com			"157.191.169.71","156.109.176.244","156.107.74.71"
    solutions.testCorp.com			"209.244.0.3"
    amazon.cz				"8.8.8.8"
    

    I can run

    gwmi -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone -Filter "ZoneType = 4" | Select Name,{$_.MasterServers}
    

    This gets me the zones and master servers from the server.

    What I need is to do is:
    1)Confirm if the DNS Zone in the list exists on the server
    2)If the DNS Zone exists verify that all the Master Servers are specified (the Zone can contain other master servers but must have the ones specified)
    3)Repeat this for each DNS Zone
    4)Validate $True if all DNS Zones exist and have the specified Master Servers
    5)Validate $False if any of the Zones or associated Master Servers are not present on the server.

    I started trying to flush this out and have come up with this so far:

    
    
    		$ZonesExist = $False
    
            ### Index in to DNSZones array for the region.
            $ZoneName         = $NewDNSZone[0]
            $MasterServer1    = $NewDNSZone[1]
            $MasterServer2    = $NewDNSZone[2]
            $MasterServer3    = $NewDNSZone[3]
            $MasterServer4    = $NewDNSZone[4]
    		$MasterServer5    = $NewDNSZone[5]
    
     ### This section checks for  Conditional Forwarders for the core Zones.  These entries are required!
      
            # Create an array of regional DNS Zones
    		
    		$NewDNSZones   = @()
    		$NewDNSZones   = ,("testCorp.com","158.192.20.251","155.108.26.130","156.107.74.100","157.191.169.71","156.109.176.244")
    		$NewDNSZones  += ,("190.157.in-addr.arpa","157.191.169.71","156.109.176.244")
    		$NewDNSZones  += ,("testCorpacademy.com","157.191.169.71","156.109.176.244","156.107.74.71")
    		$NewDNSZones  += ,("solutions.testCorp.com","209.245.0.3")
    		$NewDNSZones  += ,("amazon.cn","8.8.8.8")
    
    	
    	$ExistingZones = gwmi -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone -Filter "ZoneType = 4" | Select Name,{$_.MasterServers}
    	
    	ForEach ($Zone in $ZoneName) {
    		if ($Zone -like $ExistingZones.Name} {
    			if ($MasterServer1 -eq $ExistingZones.MasterServers)
    			}
    	}
    

    I am having some trouble figuring out how to first validate the DNS Zone name, then if that is there validate that that DNS Zone has the proper Master Servers and cycling through all the DNS Zone names.

    Any help and guidance is appreciated.

    ~Ed

  • #36201
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Are these Windows DNS servers?

  • #36250
    Profile photo of Ed O'Connor
    Ed O’Connor
    Participant

    yes

  • #36258
    Profile photo of Don Jones
    Don Jones
    Keymaster

    So, not knowing what tools you're able to use, have you dug into either the DNS Server commands in the RSAT, or into the WMI classes exposed by DNS Server?

  • #36264
    Profile photo of Ed O'Connor
    Ed O’Connor
    Participant

    I have looked at the WMI classes and the following command gets me the info I need (sort of):

    gwmi -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone -Filter "ZoneType = 4" | Select Name,{$_.MasterServers}
    

    This gives me the name of any ConditionalForwarderZones and the associated MasterServers like so:

    Name MasterServers
    —- ————-
    107.156.in-addr.arpa {156.107.74.71, 157.191.169.71}
    109.156.in-addr.arpa {156.109.176.244, 157.191.169.71}
    191.157.in-addr.arpa {157.191.169.71, 156.109.176.244}
    amazon.cn {8.8.8.8, 4.4.4.4}
    dev-int.mso.local {156.109.215.197, 156.109.215.198}
    epsm.net {156.107.74.81, 156.107.74.71, 157.191.125.136}
    esurveydesigns.com {156.109.176.244, 157.191.169.71}
    mckinsey.com {157.191.19.250, 156.109.27.131, 156.107.74.100, 157.191.169.71...}
    mckinseyacademy.com {157.191.169.71, 156.109.176.244, 156.107.74.71}
    news.qq.com {8.8.8.8}
    ohi-survey.com {156.109.215.197, 156.109.215.198}
    sina.com.cn {8.8.8.8}
    solutions.mckinsey.com {209.244.0.3}
    weibo.com {8.8.8.8, 4.4.4.4}

    My problem here is even though I think I am calling to have the string values expanded with the {$_.MasterServers} they are not fully expanded. I think it is recognizing {$_.MasterServers} as I get the same results whether I use that or simply 'MasterServers'.

    Once I get that worked out I then need to figure out the programming logic so that I can ensure that all the zones and their associated Master Servers match the list.

  • #36270
    Profile photo of Don Jones
    Don Jones
    Keymaster

    No, that syntax isn't expanding them. You can't really get two properties and expand one; you have to create our own objects. For example:

    gwmi -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone -Filter "ZoneType = 4" |
    foreach {
      foreach ($server in $_.masterservers) {
        new-object -type psobject -prop @{Name=$_.Name;MasterServer=$server}
      }
    } 
    

    That'll give you one output object per master server IP address. Or roughly should – you may need to tweak and adjust to get exactly what you need.

  • #36282
    Profile photo of Ed O'Connor
    Ed O’Connor
    Participant

    Thanks Don, this helps a lot.

You must be logged in to reply to this topic.