This article will demonstrate how to manage DNS with Powershell. If not obvious, the examples in this article are for an Active Directory DNS deployed on a domain controller or many domain controllers. It can cumbersome, slow, inefficient, and unintuitive to have to remote into a domain controller, open up the DNS management service, and point and click until you figure out how to add, update, or delete a DNS entry. In place of the UI, Powershell provides a set of commands for succinctly manipulating DNS in a repeatable and efficient manner.
Add DNS A record with Powershell
To add a DNS A record with Powershell, run the following command.
Add-DNsServerResourceRecordA -Name "host1" `
-ZoneName "example.com" `
-AllowUpdateAny `
-IPv4Address "10.10.10.10" `
-ComputerName "domaincontroller.example.com" `
-CreatePtr `
-TimeToLive "300" `Detailed description of each option:
| -Name | The host name of the server. This is not the FQDN, only the name of the host. |
| -ZoneName | The domain for which you are creating the A record. |
| -AllowUpdateAny | Allow any authenticated user to update this record |
| -IPv4Address | The IPv4 address assigned to the host |
| -ComputerName | This option is descriptive in naming. It is the name of the domain controller to update DNS for. |
| -CreatePtr | Automatically create the associated pointer resource record. The PTR record maps the IP to the FQDN. |
| -TimeToLive | The TTL in seconds for the record. This defines how long other DNS servers will cache the record. |
Add DNS AAAA Record with Powershell
AAAA records differ from A records in that they are used for IPv6 addresses, not IPv4. To create an AAAA record for IPv6, run the following command.
Add-DnsServerResourceRecordAAAA -Name "host1" `
-ZoneName "example.com" `
-AllowUpdateAny `
-IPv6Address "3ffe::1" `
-ComputerName "domaincontroller.example.com" `
-CreatePtr `
-TimeToLive "300" `The options for this command are the same as the command for IPv4 A records detailed above, with the exception of the -IPv6Address option.
Add DNS CNAME Record with Powershell
A CNAME is an alternate name for an IP address. It is to be associated with an existing A records host name. To create a CNAME record with Powershell run the following command.
Add-DnsServerResourceRecordCName -Name "host2" `
-HostNameAlias "host1"
-ZoneName "example.com" `
-AllowUpdateAny `
-ComputerName "domaincontroller.example.com" `
-CreatePtr `
-TimeToLive "300" `Again, the options for this command are the same as for the A record above. The one exception is the -HostNameAlias option which points to an existing A record.
Remove DNS Records with Powershell
To remove a DNS A Record with Powershell run the following command.
Remove-DnsServerResourceRecord `
-ZoneName "example.com" `
-RRType "A" `
-Name "host1"The RRType option can be used for each type of record, including A, AAAA, CNAME, and others. So to remove an AAAA or CNAME record just replace A in the example with the type of record you are removing.
Note that in this example, all A records with the name host1 will be removed. If you want to be more specific you can include the -RecordData option to only remove the A record for the given IP address.
Remove-DnsServerResourceRecord `
-ZoneName "example.com" `
-RRType "A" `
-Name "host1" `
-RecordData "10.10.10.10"Update or Change DNS Records with Powershell
To change an existing DNS record we recommend deleting the record with the Remove-DnsServerResourceRecord command and then adding a new record with the Add-DNsServerResourceRecordA command. Examples for both are above.
Managing Active Directory DNS from a remote computer
If you are off of the domain and need to manage DNS from a remote computer you can simply make a remote connection to the domain controller within PowerShell. This example code block will demonstrate how to do that. Obviously the credential is a domain credential with permissions to modify DNS.
The Invoke-Command function allows a script block to be executed on the remote host.
Here is a link to our GitHub gist for how to add a DNS record from a remote computer.
Conclusion
This article has demonstrated how to manage DNS in an Active Directory environment with Powershell. There are additional commands and examples we could have covered for managing DNS with Powershell that we can cover if there is a need. We tried to document the most common and useful. Let us know in the comments! In the meantime, check out more of our content.
Leave a Reply