Obscurum per Obscurius

Explaining the obscure by means of the more obscure

How to update the list of Name Servers on a DNS Zone with a Script

How to update the list of Name Servers on a DNS Zone with a Script

  • Comments 4

I was working with a customer this week doing some Active Directory cleanup tasks.  We were decommissioning the last of their Windows Server 2003 domain controllers so we could upgrade the domain and forest functional level to Windows Server 2008 R2 to take advantage of some new features.

After removing the last Windows Server 2003 domain controller we opened up the DNS console to cleanup all the references to the decommissioned server including SRV records and DNS zone name server entries.  Removing the name server entries from the forward lookup zones was easy to do manually since there were only a couple.  When we got to the reverse lookup zones we realized we needed some automation since there were over 20 reverse lookup zones to remove the obsolete name server entries from.

The following commands can be used to Add or Delete Name Server (NS) records from a zone:

Add Record

DNSCMD <DNS server> /RECORDADD <zone name> @ NS <name server FQDN>

Delete Record

DNSCMD <DNS server> /RECORDDELETE <zone name> @ NS <name server FQDN> /F

Notice the “/F” at the end of the delete command.  This suppresses the “Y/N?” prompt

To automate the task we created a script that uses a DOS FOR loop to iterate through the zones in a text file and remove the obsolete name server records.  I added the DNSCMD commands above to my standard FOR loop script template that includes logging.

The first thing we did was create a ZONES.TXT file containing all the reverse lookup zones we needed to modify.  We placed the ZONES.TXT file in the same directory as the script. 

The contents are shown below:

11.10.10.in-addr.arpa
12.10.10.in-addr.arpa
13.10.10.in-addr.arpa
14.10.10.in-addr.arpa
15.10.10.in-addr.arpa
16.10.10.in-addr.arpa

The contents of the UPDATE_NAME_SERVERS.CMD script is shown below:

:::::::::::::::::::::::::: BEGIN SCRIPT ::::::::::::::::::::::::::::::::

@ECHO OFF
  :: NAME:UPDATE_NAME_SERVERS
  :: DATE: 4:56 PM 12/16/2013
  :: PURPOSE: 
  ::
  :: The ZONES.TXT contains a list of zones (one server per line)
  :: to be modified
  
  SET LOGFILENAME=.\UPDATE_NAME_SERVER_OUTPUT.LOG

ECHO     DATE: %DATE% > %LOGFILENAME%
ECHO     TIME: %TIME% >> %LOGFILENAME%
ECHO     USER: %USERNAME% >> %LOGFILENAME%
ECHO COMPUTER: %COMPUTERNAME% >> %LOGFILENAME%
ECHO. >> %LOGFILENAME%
ECHO. >> %LOGFILENAME%
ECHO. >> %LOGFILENAME%

FOR /F "tokens=1" %%i in (zones.txt) DO (
   ECHO Running command on... %%i
   ECHO. >> %LOGFILENAME%
   REM Delete Name Server (NS) records from a zone
   dnscmd vdc02.contoso.com /recorddelete %%i @ NS admin1.contoso.com /f  >> %LOGFILENAME%

  REM USe this section to ADD Name Server (NS) Records
   REM Uncomment the DNSCMD line below to add NS records
   REM ============================================
   REM  dnscmd vdc02.contoso.com /recordadd %%i @ NS admin1.contoso.com >> %LOGFILENAME%
  )

GOTO EOF

:EOF
  ECHO.
  ECHO.
  ECHO  %0 COMPLETED!
  ECHO.
  ECHO.
  ECHO.
  :::::::::::::::::::::::::: END SCRIPT :::::::::::::::::::::::::::::::::::

Remember when using sample scripts always test them in a lab environment first before using them in production.  If you found this useful or have feedback feel free to leave me a comment below.

Leave a Comment
  • Please add 7 and 8 and type the answer here:
  • Post
  • Fantasic! Cleanup script.  Most admins dont know that they have stale NS records and failed demotions.

  • Thanks, this script saved me a lot of time.

  • This does not work

    DNS_ERROR_ZONE_DOES_NOT_EXIST     9601  (00002581)

    ??

  • @Glennn, Did any zones get updated? If no check your command syntax. Do you have a zones.txt file in the same folder as script?  Make sure script lines did not get wrapped when you copy/pasted.

Page 1 of 1 (4 items)