Adding NS records to Primary non-AD DNS zones using DNSCMD and Powershell 3.0

Question

I know there is a very similar question posted about this but the fix offered will not work for me so instead of hijacking his thread, i started a new question.

I'm adding an NS record to some zones via Powershell and dnscmd, each with the same result--an asterisk by the IP address, meaning it is an "IP address retrieved as the result of a DNS query and may not represent actual records on this server". The zone absolutely will not transfer when the asterisk is present.

after using the script, i look at the secondary zones created on the DNS2,3 and 4 servers and it says the "Zone Not loaded by DNS Server" if i go back and remove the NS from the Primary created by the script and add the NS manually, the asterisk goes away and after a refresh, the secondary zones are fine and loaded by the DNS server.

If I add the same server via the Name Servers tab in the GUI, there is no asterisk and the zone transfers without issue.

i am doing this to "blackhole" these zones

here is the Powershell script i created (yes, i know it may not be the best way or the best tool, but no we don't have server 2012 yet, i cant import any modules into my Powershell and the DNSCMD tool is all i have to work with and all i am allowed to work with on this network.

i have a text file of the web addresses i am adding to the "blackhole" using the below script

$a = Get-Content "D:\filelocation\blackholetest.txt"
$b = "@"
foreach ($a in $a)
{
    dnscmd DNS1 /zoneadd $a /Primary /File $a".dns"
    dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS
    dnscmd DNS1 /recordadd $a $b NS DNS2.fully.qualified.domain.name
    dnscmd DNS1 /recordadd $a $b NS DNS3.fully.qualified.domain.name
    dnscmd DNS1 /recordadd $a $b NS DNS4.fully.qualified.domain.name
    dnscmd DNS2 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
    dnscmd DNS3 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
    dnscmd DNS4 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
}

On the master zone, you need to set the IP addresses of the secondary zones that it is allowed to transfer to [link]https://technet.microsoft.com/en-us/library/cc772069(v=ws.11).aspx#BKMK_22 Use the zoneresetsecondaries command on the master server to specify how it responds to zone transfer requests from secondary servers. Sample usage dnscmd dnssvr1.contoso.com /zoneresetsecondaries test.contoso.com /noxfr /nonotify dnscmd dnssvr1.contoso.com /zoneresetsecondaries test.contoso.com /securelist 11.0.0.2 — Mass Nerder, Sep 27 '16 at 21:48

NuckinFutz · Accepted Answer · 2016-09-29T17:58:15.810

So, Mass Nerder sent me in the right direction. Thank you Mass.

even though I was naming the NS in the script and the Zone transfer was set to transfer to the servers in the NS tab, it wasn't because of the * in the NS tab in the IP of the servers. By adding a few lines to the script to set the IP of the secondary servers in the Zone Transfer tab and setting the zone transfers to go to the servers in the list, all is right with the world and is working the way it needs to be. (see final script below)

thanks to all and thanks again Mass for pointing me in the right direction.

$a = Get-Content "D:\filelocation\blackholetest.txt"
$b = "@"
foreach ($a in $a)
{
dnscmd DNS1 /zoneadd $a /Primary /File $a".dns"
dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS
dnscmd DNS1 /recordadd $a $b NS DNS2.fully.qualified.domain.name
dnscmd DNS1 /recordadd $a $b NS DNS3.fully.qualified.domain.name
dnscmd DNS1 /recordadd $a $b NS DNS4.fully.qualified.domain.name
dnscmd DNS1 /zoneresetsecondaries $a /securelist DNS2.IP.ADD.RESS DNS3.IP.ADD.RESS DNS4.IP.ADD.RESS /notify
dnscmd DNS2 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
dnscmd DNS3 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
dnscmd DNS4 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
}

after realizing that I may not be the only one in my organization that would be using this script, I decided to modify it to use user input instead of a get-content and decided to make it loop. see new code below.

do
 {
 $a = Read-Host "Enter Domain name you want to add to the black hole.  If you are done type Exit"
 if ($a -eq "Exit")
 {break}
 else
 {
$b = "@"
 dnscmd DNS1 /zoneadd $a /Primary /File $a".dns"
  dnscmd DNS1 /recordadd $a WWW A IP.ADD.RE.SS
  dnscmd DNS1 /recordadd $a $b NS DNS2.fully.qualified.domain.name
  dnscmd DNS1 /recordadd $a $b NS DNS3.fully.qualified.domain.name
  dnscmd DNS1 /recordadd $a $b NS DNS4.fully.qualified.domain.name
  dnscmd DNS1 /zoneresetsecondaries $a /securelist DNS2.IP.ADD.RESS DNS3.IP.ADD.RESS DNS4.IP.ADD.RESS /notify
  dnscmd DNS2 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
  dnscmd DNS3 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
  dnscmd DNS4 /zoneadd $a /Secondary MASTER.DNS.Server.IPAddesss /File $a".dns"
 }
 }
 until ($a -eq "Exit")

Adding NS records to Primary non-AD DNS zones using DNSCMD and Powershell 3.0

1 Answers1