Mastodon

Tuesday 27 August 2013

Querying DNS RecordData properties in PowerShell

Using the Get-DnsServerResourceRecord cmdlet it's simple to retrieve the records in a domain, and by combining it with Where-Object it's simple to filter by most of the properties of the zone as well. For instance :

    Get-DnsServerResourceRecord -ZoneName "mydomain.com" | Where-Object {$_.RecordType -eq "MX"}

will give you all the MX records within the mydomain.com zone. We can equally filter by HostName, DistinguishedName and a few others since they're simple string values.

What happens when we want to query a zone on RecordData? For example, how would we find all the records that point to "192.168.0.1", or MX records that are using "mydomain.com". This data isn't stored as a normal string, so it can't be queried in the same way. Using Get-Member to find the properties of Get-DnsServerResourceRecord you'll find that the RecordData property type is "CimInstance#Instance", not string like others mentioned above.

What this essentially means is that the RecordData property has properties within it, and it's these that we need query. Each type of record has its own individual properties corresponding to the type of data held within it.

Depending on the type of record you're querying there are different property names to use. To find the list use :

    $records = Get-DnsServerResourceRecord -ZoneName "mydomain.com"
    $records.RecordData | Get-Member


You'll see some have one relevant property, for instance IPv4Address, while others which hold more info have multiple, for instance MailExchange and Preference for MX records.

Note, you'll only see those values that exist within the zone you used above. So if the zone doesn't have an MX record you won't see any MX record details listed.

To query using them you add the property after RecordData, for instance :

    Get-DnsServerResourceRecord -ZoneName "mydomain.com" | Where-Object {$_.RecordData.IPv4Address -eq "192.168.0.1"}

or

    Get-DnsServerResourceRecord -ZoneName "mydomain.com" | Where-Object {$_.RecordData.MailExchange -match "mydomain.com"}

You see it's fairly straight forward to query these, it's just a question of finding them in the first place. Below is a list of the most common record types, it's not every single one possible but it should cover most situations.

A Record            IPv4Address
AAAA Record      IPv6Address
MX Record          MailExchange, Preference
CNAME Record    HostNameAlias
SRV Record        DomainName, Port, Priority, Weight
TXT Record        DescriptiveText
SOA Record       PrimaryServer, ExpireLimit, MinimumTimeToLive,   

                        RefreshInterval, ResponsiblePerson, RetryDelay, Serial Number
NS Record         NameServer
PTR Record        PtrDomainName

If you require any additional record types simply use Get-Member as listed above on a zone containing the required properties.

References:
http://ninjamonki.blogspot.co.uk/2013/02/powershell-and-dns.html
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6817b151-12f3-42d5-92ae-f4f0a7e99858/querying-getdnsserversourcerecordrecorddata-ciminstanceinstance-data-in-powershell-30