How to update the list of Name Servers on a DNS Zone with a Script
I was working with a customer this week doing some Active Directory cleanup tasks. We were decommissioning the last of their Windows Server 2003 domain controllers so we could upgrade the domain and forest functional level to Windows Server 2008 R2 to take advantage of some new features.
After removing the last Windows Server 2003 domain controller we opened up the DNS console to cleanup all the references to the decommissioned server including SRV records and DNS zone name server entries. Removing the name server entries from the forward lookup zones was easy to do manually since there were only a couple. When we got to the reverse lookup zones we realized we needed some automation since there were over 20 reverse lookup zones to remove the obsolete name server entries from.
The following commands can be used to Add or Delete Name Server (NS) records from a zone:
Add Record
DNSCMD <DNS server> /RECORDADD <zone name> @ NS <name server FQDN>
Delete Record
DNSCMD <DNS server> /RECORDDELETE <zone name> @ NS <name server FQDN> /F
Notice the â/Fâ at the end of the delete command. This suppresses the âY/N?â prompt
To automate the task we created a script that uses a DOS FOR loop to iterate through the zones in a text file and remove the obsolete name server records. I added the DNSCMD commands above to my standard FOR loop script template that includes logging.
The first thing we did was create a ZONES.TXT file containing all the reverse lookup zones we needed to modify. We placed the ZONES.TXT file in the same directory as the script.
The contents are shown below:
11.10.10.in-addr.arpa
12.10.10.in-addr.arpa
13.10.10.in-addr.arpa
14.10.10.in-addr.arpa
15.10.10.in-addr.arpa
16.10.10.in-addr.arpa
The contents of the UPDATE_NAME_SERVERS.CMD script is shown below:
:::::::::::::::::::::::::: BEGIN SCRIPT ::::::::::::::::::::::::::::::::
@ECHO OFF
:: NAME:UPDATE_NAME_SERVERS
:: DATE: 4:56 PM 12/16/2013
:: PURPOSE:
::
:: The ZONES.TXT contains a list of zones (one server per line)
:: to be modified
SET LOGFILENAME=.\UPDATE_NAME_SERVER_OUTPUT.LOG
ECHO DATE: %DATE% > %LOGFILENAME%
ECHO TIME: %TIME% >> %LOGFILENAME%
ECHO USER: %USERNAME% >> %LOGFILENAME%
ECHO COMPUTER: %COMPUTERNAME% >> %LOGFILENAME%
ECHO. >> %LOGFILENAME%
ECHO. >> %LOGFILENAME%
ECHO. >> %LOGFILENAME%
FOR /F "tokens=1" %%i in (zones.txt) DO (
ECHO Running command on... %%i
ECHO. >> %LOGFILENAME%
REM Delete Name Server (NS) records from a zone
dnscmd vdc02.contoso.com /recorddelete %%i @ NS admin1.contoso.com /f >> %LOGFILENAME%
REM USe this section to ADD Name Server (NS) Records
REM Uncomment the DNSCMD line below to add NS records
REM ============================================
REM dnscmd vdc02.contoso.com /recordadd %%i @ NS admin1.contoso.com >> %LOGFILENAME%
)
GOTO EOF
:EOF
ECHO.
ECHO.
ECHO %0 COMPLETED!
ECHO.
ECHO.
ECHO.
:::::::::::::::::::::::::: END SCRIPT :::::::::::::::::::::::::::::::::::
Remember when using sample scripts always test them in a lab environment first before using them in production. If you found this useful or have feedback feel free to leave me a comment below.
Comments
Anonymous
January 13, 2014
Fantasic! Cleanup script. Most admins dont know that they have stale NS records and failed demotions.Anonymous
February 03, 2014
Thanks, this script saved me a lot of time.Anonymous
June 17, 2014
This does not work DNS_ERROR_ZONE_DOES_NOT_EXIST 9601 (00002581) ??Anonymous
June 18, 2014
@Glennn, Did any zones get updated? If no check your command syntax. Do you have a zones.txt file in the same folder as script? Make sure script lines did not get wrapped when you copy/pasted.Anonymous
June 23, 2014
The comment has been removedAnonymous
July 05, 2014
here, we know how many name server we need to clean but incase, we don't know the list whom we need to delete then what will do ? in my environment, AD never cleaned last 10 yerasAnonymous
September 09, 2014
Why not turn on scavenging and let the process do the dirty work?- Anonymous
November 10, 2016
The comment has been removed- Anonymous
November 10, 2016
n/mSyntax needed to be as shown;>dnscmd dc5 /recorddelete crucible.company.com @ NS dc3.corp.mycompany.com
- Anonymous
- Anonymous