ABC CLI DNS

It is a well-known truism that a happy and healthy DNS means a happy and healthy Active Directory. However, managing DNS can sometimes be cumbersome, especially if you have a number of DNS servers to juggle, or wish to take advantage of automation techniques. There are now PowerShell cmdlets from Microsoft for managing DNS, but there is a very powerful command line tool called DNSCMD. I believe at one point it was a resource kit tool, but you'll find it on most Windows platforms. I'm going to walk through a few basic DNS commands on a Windows 7 desktop to manage DNS on a Windows Server 2008 R2 DNS server.

To see everything you can do with DNSCMD, open a command prompt and type

DNSCMD /?

You''ll get a long list of options. To get more detailed help for an option type the option followed by /?.

DNSCMD /zoneinfo /?

Let's begin by viewing some information about the DNS server. All we need to do is specify the server name. In my case, it is COREDC01.

C:\>dnscmd coredc01 /info

Query result:

Server info
        server name              = COREDC01.jdhlab.local
        version                  = 1DB00106 (6.1 build 7600)
        DS container             = cn=MicrosoftDNS,cn=System,DC=jdhlab,DC=local
        forest name              = jdhlab.local
        domain name              = jdhlab.local
        builtin forest partition = ForestDnsZones.jdhlab.local
        builtin domain partition = DomainDnsZones.jdhlab.local
        read only DC             = 0
        last scavenge cycle      = not since restart (0)
  Configuration:
        dwLogLevel               = 00000000
        dwDebugLevel             = 00000000
        dwRpcProtocol            = 00000005
        dwNameCheckFlag          = 00000002
        cAddressAnswerLimit      = 0
        dwRecursionRetry         = 3
        dwRecursionTimeout       = 8
        dwDsPollingInterval      = 180
  Configuration Flags:
        fBootMethod                  = 3
        fAdminConfigured             = 1
        fAllowUpdate                 = 1
        fDsAvailable                 = 1
        fAutoReverseZones            = 1
        fAutoCacheUpdate             = 0
        fSlave                       = 0
        fNoRecursion                 = 0
        fRoundRobin                  = 1
        fStrictFileParsing           = 0
        fLooseWildcarding            = 0
        fBindSecondaries             = 0
        fWriteAuthorityNs            = 0
        fLocalNetPriority            = 1
  Aging Configuration:
        ScavengingInterval           = 168
        DefaultAgingState            = 0
        DefaultRefreshInterval       = 168
        DefaultNoRefreshInterval     = 168
  ServerAddresses:

        Ptr          = 00000000002FE9B0
        MaxCount     = 2
        AddrCount    = 2
                Addr[0] => af=23, salen=28, [sub=0, flag=00000000] p=13568, addr
=fe80::c980:5246:45f9:d48a
                Addr[1] => af=2, salen=16, [sub=0, flag=00000000] p=13568, addr=
172.16.10.190

  ListenAddresses:
        NULL IP Array.
  Forwarders:
        NULL IP Array.
        forward timeout  = 3
        slave            = 0
Command completed successfully.

Or perhaps we want to enumerate the zones:

C:\>dnscmd coredc01 /enumzones

Enumerated zone list:
        Zone count = 5

 Zone name                      Type       Storage         Properties

 .                              Cache      AD-Domain
 _msdcs.jdhlab.local            Primary    AD-Forest       Secure
 10.16.172.in-addr.arpa         Primary    AD-Domain       Secure Rev
 jdhlab.local                   Primary    AD-Domain       Secure
 TrustAnchors                   Primary    AD-Forest

We can use /ZoneInfo to display some useful information:

C:\>dnscmd coredc01 /zoneinfo jdhlab.local

Zone query result:

Zone info:
        ptr                   = 00000000001FFA00
        zone name             = jdhlab.local
        zone type             = 1
        shutdown              = 0
        paused                = 0
        update                = 2
        DS integrated         = 1
        read only zone        = 0
        in DS loading queue   = 0
        currently DS loading  = 0
        data file             = (null)
        using WINS            = 0
        using Nbstat          = 0
        aging                 = 0
          refresh interval    = 168
          no refresh          = 168
          scavenge available  = 0
        Zone Masters    NULL IP Array.
        Zone Secondaries        NULL IP Array.
        secure secs           = 3
        directory partition   = AD-Domain     flags 00000015
        zone DN               = DC=jdhlab.local,cn=MicrosoftDNS,DC=DomainDnsZones,DC=jdhlab,DC=local

Once we know the zone name we can enumerate its records. After the zone name we need to specify the node name.

C:\>dnscmd coredc01 /enumrecords jdhlab.local .
Returned records:
@ [Aging:3586651] 600 A 172.16.10.190
                 3600 NS        coredc01.jdhlab.local.
                 3600 SOA       coredc01.jdhlab.local. hostmaster.jdhlab.local.
41 900 600 86400 3600
CLIENT1 [Aging:3586654] 1200 A  172.16.10.192
coredc01 3600 A 172.16.10.190
SERVER01 [Aging:3586651] 1200 A 172.16.10.191

Let's add a new CNAME record to the zone:

C:\>dnscmd coredc01 /recordadd jdhlab.local. SERVER02 CNAME 172.16.10.195

Look at help for dnscmd /recordadd to view all the different RRTypes you can create. Or perhaps you need to do a little clean up and want to delete some records.

C:\>dnscmd coredc01 /recorddelete  jdhlab.local . CNAME Server02

You'll be prompted for confirmation before the entry is deleted.

I hope it goes without saying that mucking around with DNS is alot like mucking around with the registry: you can put yourself in a very bad place if you aren't careful. By all means, please become familiar with DNSCMD in a non-production setting. But once you have the basics, I think you'll find managing DNS is as simple as ABC.