Mastodon

Thursday 28 May 2015

Updating the MasterServer property on all secondary DNS zones using PowerShell

I recently found myself with an interesting issue. Along with the DNS primary zones we host on our DNS servers, we also have a few customers with their own DNS servers for whom we host secondaries of their domains to provide some resiliency. One customer who has a lot of domains setup on our servers recently moved his server to a different site, and with that a different IP address, and as such the Master Servers property on every one of his secondary domains needing updating to the new IP Address.

Unfortunately while you can do many things with PowerShell, or even dnscmd for that matter, it does seem there are some limitations. Try as I might I've been unable to find a way using either system to query DNS for all secondary domains that have a specific Master Server IP address (they have 100+ domains, and that's a fraction of those we maintain, so manually checking wasn't an option!).

Fortunately I found a work around using the registry!

Windows DNS Server stores all non-AD Integrated zone data in the registry by default, and that includes settings relating to Secondary zones. By querying the registry using PowerShell you can do what I was looking for. So for instance, to simply list all domains who have a MasterServer of 1.1.1.1 you can run :

$AllTargetDomains=Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones' |
    ForEach-Object {Get-ItemProperty $_.pspath | Where-Object {$_.MasterServers -eq "1.1.1.1"}}
$AllTargetDomains.PSChildName


Note, you can also change the last line to :

$AllTargetDomains.PSChildName.Count

If you just want to know how many domains were found.

Now, to change the MasterServer property for all zones, in this case to 2.2.2.2, you run the following version. Note, the entire thing can be run as a single line of code.

Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones' |
    ForEach-Object {Get-ItemProperty $_.pspath | Where-Object {$_.MasterServers -eq "1.1.1.1"}} |
    ForEach-Object {Set-DnsServerSecondaryZone -name $_.PSChildName -MasterServers "2.2.2.2"}

   
If you re-run the earlier list version of the code you'll see no entries remaining, and if you check the domain within DNS Management you'll find that the Master Servers list has been changed.