Category Archives: DNS

Mass/bulk TimeToLive update Windows server DNS (primary zones)

Leave a reply

TJust in case someone needs to bulk/mass update (for example) TimeToLive parameter on all A (CNAME, MX, TXT…) records in all primary zones on Windows Server 2016/2019 DNS server …

$allzones = Get-DnsServerZone | Where-Object -Property ZoneType -EQ -Value “Primary”
foreach ($allzone in $allzones) {
$olds = Get-DnsServerResourceRecord -ZoneName $allzone.ZoneName -Name “@” -RRType A
foreach ($old in $olds) {
#$old = “”
#$new = “”
$new = $old.Clone()
$new.TimeToLive = [System.TimeSpan]::FromMinutes(1)
Set-DnsServerResourceRecord -OldInputObject $old -NewInputObject $new -ZoneName $allzone.ZoneName -PassThru
}
}

(Mass) Modifying SOA record values by using Set-DnsServerResourceRecord

Leave a reply

Today I wanted to update all serial numbers (to make sure that are written in YYYYMMDD00 way) on my primary DNS zones on my Windows server 2019 DNS server.

This is the script to do this massive change – by using this script anyone can modify any parameters in DNS.

$allzones = Get-DnsServerZone | Where-Object -Property ZoneType -EQ -Value “Primary”
foreach ($allzone in $allzones) {
$old = “”
$new = “”
$old = Get-DnsServerResourceRecord -ZoneName $allzone.ZoneName -Name “@” -RRType Soa
$new = $old.Clone()
$new.RecordData.SerialNumber = 2019080400
Set-DnsServerResourceRecord -OldInputObject $old -NewInputObject $new -ZoneName $allzone.ZoneName -PassThru
}

How to monitor “unmonitorable” stuff on Windows server with PRTG Network Monitor

Leave a reply

I really love PRTG Network Monitor, simple and efficient monitoring solution I have been using for many years… It has a lot of sensors that you can use to monitor various stuff – from network devices to storage devices, to some predefined WMI sensors for disk monitoring on Windows …
But there are some things that are not that simple to monitor… For example DNS server cache entries… Or, DHCP server leases in use? There is no predefined sensor in PRTG to do that – but there is something very nice and useful – it is called: HTTP content sensor

http-content

This sensor can “read” the numeric value from HTTP page (even more than one (so you can have multiple channels = multiple lines in single graph for similar stuff))…

So… The challenge to get from this list:
show-dnsservercache
to:
graph

Let’s do it:
1. Let’s somehow get from that list (Show-DnsServerCache) to numeric value in PowerShell
2. Publish result on some web server (could be IIS on the same server)
3. Schedule PowerShell script to run (every 1 minute) to get the value
4. Collect result with PRTG HTTP Content sensor

1 (and 2). Create PS1 script (by using PowerShell ISE or maybe Visual Studio Code or just by using Notepad :)):

$dnsservercache = Show-DnsServerCache
$dnsservercache = $dnsservercache.Count
$dnsservercache = “[” + $dnsservercache + “]”
$dnsservercache = $dnsservercache.Replace(” “,””)
$dnsservercache | out-file -Encoding utf8 C:\inetpub\wwwroot\dnsservercache.txt

In that (dnsservercache.txt) TXT file you should find something like (number may be different): [13863]

In this case I am “publishing” TXT file on IIS server on the same server – you should write file somewhere else if web server is not running locally.

3. Schedule Powershell script to run every 1 minute to get value
Just create basic task in Task Scheduler, choose Start a program and fill the form:
Program/script: PowerShell.exe
Add arguments: -ExecutionPolicy Bypass C:\ps\Stats.ps1
Start in: C:\ps

When you finish creating task you should modify it to run every one minute here:

schedule

4. Collect value from website / txt file

In PRTG you can now create new sensor by choosing HTTP Content and just fill the form like this:
http content2

In a couple of minutes you should get this beautiful graph:

graph2

graf day 2

How to change TXT record value on Micorosft DNS server using Powershell

1 Reply

As Let’s Encrypt anounced wildcard certificates I just wanted to make my life easier with automating the process of renewal and inserting values in TXT records to prove domain identity.

I am running all my DNS zones on Microsoft Windows server 2016 with DNS role installed where I will need to modify TXT record value every (little less) than three months to renew my *.domain.xyz cerificate. So how can we do it in Powershell just by modifing the existing value.

First time you will probably need to create the record by using:
Add-DnsServerResourceRecord

Add-DnsServerResourceRecord -Txt -Name _acme-challenge -DescriptiveText “SomeTextThatYouReceiveFromLet’sEncryptACME2Process” -ZoneName mydomain.xyz -TimeToLive 00:00:10

*I am keeping TTL very low here just in case you will need to repeat the process to expire soon (in 10 seconds).

Later on you will need just to modify the value of TXT record _acme-challenge
We have here a new cmdlet to the rescue: Set-DnsServerResourceRecord but it can not be simply used just to modify the value – you need to use two fill two parameter values called -OldInputObject (old record values) and -NewInputObject (new modified values).

Let’s take a look at the example:

$oldvalue = Get-DnsServerResourceRecord -ZoneName mydomain.xyz -RRType Txt -Name _acme-challenge
$newvalue = Get-DnsServerResourceRecord -ZoneName mydomain.xyz -RRType Txt -Name _acme-challenge
$newvalue.RecordData.DescriptiveText = “SomeNEWTextThatYouReceiveFromLet’sEncryptACME2Process”
Set-DnsServerResourceRecord -ZoneName mydomain.xyz -OldInputObject $oldvalue -NewInputObject $newvalue

What we did here is to declare two values where current values of the record are stored – $oldvalue and $newvalue.
Then I modified the $newvalue element called “DescriptiveText” that represents the text string of TXT record to some new data that I receive from ACME2 process when requesting Let’s Encrypt wildcard certificate.
At least I applied this new value to the record by using Set-DnsServerResourceRecord cmdlet and parameters.