Solved

How to update the TTL for all domains on Windows 2003 DNS server

Posted on 2009-05-18
14
1,620 Views
Last Modified: 2012-05-07
Hi Experts.

We have a Windows 2003 DNS server with 1000+ domains.

It is currently set to the following:
Refresh Interval: 15sec
Retry Interval: 10sec
Expires After: 1sec
Minimum (default) TTL: 0 Days
TTL for this record: 0:0:0:0

What would be the recommended/standard configuration to use? How would I go about updating all the records as none of the domains have preferred settings and all use the defaults.

Changing them individually it just too time consuming so I am looking for a batch style update if possible.

Your help is much appreciated.
0
Comment
Question by:1NSANE
  • 7
  • 6
14 Comments
 
LVL 6

Expert Comment

by:Krisdeep
ID: 24419169
Does this help Let me know?

http://support.microsoft.com/kb/297510
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24419511

Should be possible to script modification of the SOA through WMI, looking now.

Chris
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24419609

Okay, it is. Would you be happy using PowerShell to perform this change? Easier than VbScript, none of the default tools (dnscmd etc) allow for record modification.

http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx

There are no hard rules that say what intervals you must use above. The values I've used are below, then explanation here:

SOA TTL - Matching the value of MinimumTTL, a reasonably long value. SOA is unlikely to change that frequently

Refresh Interval - For Secondary Servers, how frequently they check for updates. If Notify is enabled they will check on notify in addition to this.

Retry Delay - Retry for a failed transfer

Expire Limit - How long a Secondary zone is kept until it is discarded by a Secondary server. Long time periods allow for greater fault tolerance.

Minimum TTL - You know this one

And the code bears some explanation.

This bit gets the SOA Record for a single zone (SomeZone.com):

Get-WMIObject -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_SOAType" `
  -ComputerName "SomeDNSServer" -Filter "ContainerName='SomeZone.com'"

It can be run remotely because of the ComputerName parameter, but we will need WMI access. To return all SOA records on the server, remove the Filter parameter.

% is a loop, for each SOA record returned by the search.

Modify has fixed parameters, the serial is incremented below, Primary Server and Responsible Party are copied from the original record ($_). The rest are set to the new values.

Chris
# New values for the SOA
 

$SOATTL = "86400" # 1 Day

$RefreshInterval = "21600" # 6 Hours

$RetryDelay = "900" # 15 Minutes

$ExpireLimit = "1209600" # 2 Weeks

$MinimumTTL = "86400" # 1 Day
 

# Retrieving the SOA Record for SomeZone.com
 

Get-WMIObject -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_SOAType" `

  -ComputerName "SomeDNSServer" -Filter "ContainerName='SomeZone.com'" | %{

  # Modifying the SOA Record values

  $_.Modify($SOATTL, $_.SerialNumber + 1, $_.PrimaryServer, $_.ResponsibleParty, `

    $RefreshInterval, $RetryDelay, $ExpireLimit, $MinimumTTL)

}

Open in new window

0
 

Author Comment

by:1NSANE
ID: 24420771
All domains have updated correctly.

Thanks for the help. It is very much appreciated.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24420781

You're welcome :)

Chris
0
 

Author Comment

by:1NSANE
ID: 24438905
Hi Chris

I have configured a new Windows 2003 DNS server. I need to update the SOA name server records for the secondary etc. on the primary DNS server.

How can this be done in a batch update? Can this be done through PowerShell?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24439007

I'm not quite sure what you mean I'm afraid?

Did you want to update  the NS Record for the Secondary Server? Or change the zone transfer settings?

The SOA record only applies to the Primary, the Secondary uses it to determine whether and when to transfer a zone, but you shouldn't need to make changes to the SOA to appease the Secondary.

Still, it almost certainly can be scripted. Very little of the DNS system is inaccessible from script.

Chris
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:1NSANE
ID: 24439055
We have 2 DNS servers (NS1 and NS2). NS2 has been rebuilt and the IP has changed. NS1 has 2 entries under the "Name Servers" tab. I want to change the references to NS2 so that it reflects the new IP of NS2 unless it does its own DNS query which would mean it is not necessary.

I want NS1 to replicate to NS2 automatically as it was never setup this way.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24439497

Okay cool, that makes sense.

So we need to modify the out-of-zone A record for ns2 (if it exists). Do you know if Zone Transfers are currently set to "All servers listed in the name servers tab"? That would avoid having to change anything there.

Lets deal with the A record first.

Typically WMI appears to dislike displaying Out-Of-Zone records, which includes the Glue for NS records. Irritating as hell. That means either editing the text files or calling DNSCMD to remove, then add the glue back in.

Lets try that one one zone first, then we can think about wrapping a script around it to do it for all zones.

It should go like this:

DNSCMD /RecordDelete domainname.com ns2.domain.com. A <OldIP>

If it works, it should change the IP address in the Name Servers tab to the current IP for that resource with a * after it (indicating it's the result of a lookup). Then glue can be added again with:

DNSCMD /RecordAdd domainnamecom ns2.domain.com. A <NewIP>

You will need the trailing "." after ns2.domain.com., otherwise it'll add a record relative to the zone itself, not much help.

As long as ns2.domain.com is referenced in the NS record it should be fine committing the glue. It will refuse to fully commit the change unless a corresponding NS Record also exists.

Chris
0
 

Author Comment

by:1NSANE
ID: 24441187
Hi Chris.

Sorry for the delayed response.

Our Zone Transfers are set to "Only servers listed on the Name Servers tab".

I get this error when trying the command:

The term 'dnscmd' is not recognized as a cmdlet, function, operable program, or script file. Verify the term and try ag
ain.
At line:1 char:7
+ dnscmd  <<<< /RecordDelete clientdomain.com ns1.domain.com. A 130.94.x.x

I am running the command on the local DNS server. Once I can get the entries for NS2 changed then I need to add all the forward lookup zones to NS2 as secondary records referenced from NS1.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24441609

Ahh it's part of the Windows Support Tools, those will need to be installed to use it.

Chris
0
 

Author Comment

by:1NSANE
ID: 24445247
The /recorddelete command worked. It doesn't delete the entry just the IP and puts a " * " behind it. It has the new IP now.
If we can set it to run that command through all the forward zones that would be perfect.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24448812

Good stuff :)

Lets stuff a bit of script around it then, back to PowerShell (because it's short and sweet).

This will return reverse lookup zones as well (ZoneType just tells it to return Primary zones), if you don't want it to the Filter can be modified to exclude them.

Get-WMIObject -Namespace "root\MicrosoftDNS" -Class MicrosoftDNS_Zone `
  -Filter "ZoneType='1'" | %{

  DNSCMD /RecordDelete $($_.ContainerName) ns2.domain.com. A <OldIP>
  DNSCMD /RecordAdd $($_.ContainerName) ns2.domain.com. A <NewIP>
}

Chris
0
 

Author Comment

by:1NSANE
ID: 24465629
Thanks again. All is working and updated.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now