Tag Archives: DNS

How to change TXT record value on Micorosft DNS server using Powershell

As Let’s Encrypt anounced wildcard certificates I just wanted to make my life easier with automating the process of renewal and inserting values in TXT records to prove domain identity.

I am running all my DNS zones on Microsoft Windows server 2016 with DNS role installed where I will need to modify TXT record value every (little less) than three months to renew my *.domain.xyz cerificate. So how can we do it in Powershell just by modifing the existing value.

First time you will probably need to create the record by using:

Add-DnsServerResourceRecord -Txt -Name _acme-challenge -DescriptiveText “SomeTextThatYouReceiveFromLet’sEncryptACME2Process” -ZoneName mydomain.xyz -TimeToLive 00:00:10

*I am keeping TTL very low here just in case you will need to repeat the process to expire soon (in 10 seconds).

Later on you will need just to modify the value of TXT record _acme-challenge
We have here a new cmdlet to the rescue: Set-DnsServerResourceRecord but it can not be simply used just to modify the value – you need to use two fill two parameter values called -OldInputObject (old record values) and -NewInputObject (new modified values).

Let’s take a look at the example:

$oldvalue = Get-DnsServerResourceRecord -ZoneName mydomain.xyz -RRType Txt -Name _acme-challenge
$newvalue = Get-DnsServerResourceRecord -ZoneName mydomain.xyz -RRType Txt -Name _acme-challenge
$newvalue.RecordData.DescriptiveText = “SomeNEWTextThatYouReceiveFromLet’sEncryptACME2Process”
Set-DnsServerResourceRecord -ZoneName mydomain.xyz -OldInputObject $oldvalue -NewInputObject $newvalue

What we did here is to declare two values where current values of the record are stored – $oldvalue and $newvalue.
Then I modified the $newvalue element called “DescriptiveText” that represents the text string of TXT record to some new data that I receive from ACME2 process when requesting Let’s Encrypt wildcard certificate.
At least I applied this new value to the record by using Set-DnsServerResourceRecord cmdlet and parameters.


Konfiguracija DNS strežnika (forward cona) / Configuration of DNS server (forward zone)

Osnovna pravilna konfiguracija DNS zapisa in njegovo testiranje. / Correct basic configuration of DNS records and testing.

Pri konfiguraciji DNS strežnika moramo upoštevati nekaj osnovnih navodil. There are some basic rules that should be folowed when configuring DNS servers.

Vzemimo primer, da imamo domeno company.com za katero bi radi naredili DNS zapis: Let say that we have domain company.com and we would like to create DNS record for it:

1. naredimo primarno forward cono company.com / create forward zone for company.com
2. popravimo SOA zapis: / correct SOA record:
2.1 oštevilčimo po principu LETOMESECDAN01 – primer: 2007020701 / enumerate it with YYYYMMDDnn
2.2 vpišemo ime primarnega DNS streznika ter e-mail skrbnika domene – pozor v obliki ime.domena.končnica – brez afne – @ / enter the name of primary DNS server for domain company.com and its hostmaster without “at” sign – @ example. hosmaster.company.com
2.3 po potrebi popravimo časovne vrednosti zapisa / if it is needed fix the time values of the record
2.4 vpišemo DNS strežnike / enter your DNS servers
3. naredimo zapis gostitelja – A zapis strežnika, ki bo gostil storitve / create a HOST or A record for a computer that will host services
4. naredimo psevdonim – CNAME zapis, ki bo “kazal” na gostitelja. / create alias – CNAME record for aliases that will point to HOST.
5. naredimo MX zapis za domeno company.com / create MX record for domain company.com
6. testiramo delovanje z uporabo / testing:

http://www.dnsreport.com – preverite nastavitve svoje domen / check your domain name configuration
http://www.dnsstuff.com – dodatna orodja za pregled DNS zapisov / additional tools for checking DNS records

  Izdelava forward cone z nekaj zapisi / Creating forward zone with some records
(wink source)