asked on

Script to Consolidate DNS Reverse Lookup zones

We have a very large network (18K clients, 1200 servers), and I inherited DNS -- running Win2k3 AD with MS-Integrated DNS. One problem is that we have hundreds of DNS Reverse Lookup zones (in-addr.arpa), many of which have overalpping ranges. i.e.
10.0.0.0
10.1.2.0

These zones contain both static and dynamic PTR records. This is working, for the most (records are normally added to the most specific zone), but in an effort to cleanup and ease administration (since many zones are miscofigured with different aging, scavenging, allow dynamic updated, etc), I would like to consolidate the more specific ranges to the higher level CIDR range.

Is there a problem doing this type of consolidation? What do I need to be careful of with the static records? Most importantly, does anyone have a script, perhaps using DNSCMD, that would make this job easier? This needs to be seamless to the users, of course.

I read one of Chris-Dent's threads that sounded like he may have a script for this. Chris?

Thanks!

arnold

PTR records in most cases get updated by the network interface or the DHCP server.
Private IP PTR are for reference only and I do not believe there is any application that would deny a user access either because of the absence of a PTR record or because it is mismatched.
Create a new CIDR pool and see how it goes.

the only reason to setup the private IP pool on an internal DNS is to avoid the forwarding of those requests wasting resources.

Chris Dent

It would probably work best to export the static records, then let any dynamic records deal with themselves in a new zone. Happy with Windows PowerShell?

Single domain forest? And do the existing DNS zones already replicate across the entire enterprise?

Chris

Member_2_3387013

ASKER

Chris,
Yes, it's a single domain forest.
Yes, we replicate all zones across the forest (all DC's)
Yes, no problem using Powershell (I run Win7 on my Admin PC, and Win2k3 on the DC's.)

Thanks!!

Member_2_3387013

ASKER

I know everyone's been busy with the holidays... I could still use a script for this, so I've bumped up points to max 500. Chris, any luck?

Thanks!!

arnold

See if the script at http://myitforum.com/cs2/blogs/yli628/archive/2008/06/19/powershell-script-to-add-multiple-a-records-in-dns.aspx

http://www.highorbit.co.uk/?p=636

Chris Dent

Sorry, got completely side-tracked. Lets get the static records out of the zones first. This PowerShell command will do for that part:

Get-WMIObject -Computer $ServerName `
-Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_PTRType" `
-Filter "TimeStamp=0" | Select-Object TextRepresentation

See if that returns every static record you want?

If it does, there are two choices. Either we can create a brand new zone file using those records as the base (and a reasonable SOA and NS record set), or we can import into an existing zone. The first is perhaps easiest because it'll be a copy and paste job, changing the zone type to AD Integrated after the event.

If we go for the first option, not much work is required. Run this modified command:

Get-WMIObject -Computer $ServerName `
-Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_PTRType" `
-Filter "TimeStamp=0" | %{ $_.TextRepresentation >> "NewZone.dns" }

The file will be created as it adds the first record, we can add the SOA and NS records once it's done. Then we can create the zone either using DNSCMD, or via the GUI, using the existing file. Dead easy :)

Chris

Chris Dent

Missed a bit. $ServerName must be set. e.g.

$ServerName = "YourDNSServer"

Otherwise the variable should be replaced with the server name.

Chris

ASKER CERTIFIED SOLUTION

Chris Dent

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Member_2_3387013

ASKER

I will give this a shot (test in the lab first.) Looks simple enough. Thanks for the great Powershell script, Chris!