I had a customer with more than 60 DHCP Scopes but all DNS Reverse Lookup Zones were unfortunately not created, configured and/or consisted of a lot of old invalid static records. And in addition both the Primary and Reverse Zones were containing a lot of old Name Servers.
Here is the scripts I ran to fix the issues. Just remove the -whatif to actually make it do stuff.
In this case, our Name Servers had the name standard ADM-V-ADDS…. so the script will remove all other name servers. Obviously, modify to fit your environment!
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# Create Reverse Lookup Zones for all DHCP Scopes foreach ($scopeid in Get-DhcpServerv4Scope | where subnetmask -eq "255.255.255.0" | select -ExpandProperty scopeid) { Try { Add-DnsServerPrimaryZone -NetworkId "$scopeid/24" -ReplicationScope Domain -ErrorAction Stop Write-Output "Reverse zone $scopeid created" } Catch [Microsoft.Management.Infrastructure.CimException] { Write-Warning "Reverse zone for $scopeid already exists" } } # Make all Reverse Lookup Zones configured the same way and remove all Static Records (devices will simply re-register themselves). Get-DnsServerZone | where ZoneName -like "*.arpa" | where ZoneName -notlike "127.in-*" | where ZoneName -notlike "0.in-addr.arpa" | where ZoneName -notlike "255.in-addr.arpa" | % { $Name = $_.zonename ; Set-DnsServerZoneAging -Name $_.ZoneName -Aging $true -NoRefreshInterval "7.00:00:00" -RefreshInterval "7.00:00:00" -WhatIf Set-DnsServerPrimaryZone -Name $_.ZoneName -ReplicationScope Domain -WhatIf Set-DnsServerPrimaryZone -Name $_.ZoneName -DynamicUpdate Secure -WhatIf Get-DnsServerResourceRecord -ZoneName $_.zonename -RRType "NS" | ? {$_.RecordData.NameServer -notlike "*adm-v-adds*"} | Remove-DnsServerResourceRecord -ZoneName $name -Force -PassThru -Confirm:$false -WhatIf Get-DnsServerResourceRecord -ZoneName $_.zonename -RRType "WINS" | ? {$_.RecordData.NameServer -notlike "*adm-v-adds*"} | Remove-DnsServerResourceRecord -ZoneName $name -Force -PassThru -Confirm:$false -WhatIf Get-DnsServerResourceRecord -ZoneName $_.zonename -RRType "WinsR" | ? {$_.RecordData.NameServer -notlike "*adm-v-adds*"} | Remove-DnsServerResourceRecord -ZoneName $name -Force -PassThru -Confirm:$false -WhatIf Get-DnsServerResourceRecord -ZoneName $_.zonename -RRType "Ptr" | ? { $_.Timestamp -eq $null } | Remove-DnsServerResourceRecord -ZoneName $name -Force -PassThru -Confirm:$false -WhatIf } # Set some settings on the normal Zones too plus fix Name Servers. Get-DnsServerZone | where ZoneName -notlike "*.arpa" | where ZoneName -notlike "TrustAnchors" | % { $Name = $_.zonename ; Set-DnsServerZoneAging -Name $_.ZoneName -Aging $true -NoRefreshInterval "7.00:00:00" -RefreshInterval "7.00:00:00" -WhatIf Set-DnsServerPrimaryZone -Name $_.ZoneName -ReplicationScope Domain -WhatIf Set-DnsServerPrimaryZone -Name $_.ZoneName -DynamicUpdate Secure -WhatIf Get-DnsServerResourceRecord -ZoneName $_.zonename -RRType "NS" | ? {$_.RecordData.NameServer -notlike "*adm-v-adds*"} | Remove-DnsServerResourceRecord -ZoneName $name -Force -PassThru -Confirm:$false -WhatIf } |
Worked like a charm.