Use DHCP Scope info to build DNS Reverse Lookup Zones and configure DNS with Powershell

I had a customer with more than 60 DHCP Scopes but all DNS Reverse Lookup Zones were unfortunately not created, configured and/or consisted of a lot of old invalid static records. And in addition both the Primary and Reverse Zones were containing a lot of old Name Servers.

Here is the scripts I ran to fix the issues. Just remove the -whatif to actually make it do stuff.

In this case, our Name Servers had the name standard ADM-V-ADDS…. so the script will remove all other name servers. Obviously, modify to fit your environment!

 

 

Using Azure DNS for Dynamic DNS with PowerShell

I’ve been using DynDNS and other Free DNS Services for  some time, but as they are getting harder and harder to use for free. Like you need to remember to logon and click a button once a month and what not. I figured it was time to migrate to Azure DNS instead. Being able to use PowerShell to handle my DNS together with everything I’ve already automated makes my life so much easier. And as I’ve already got a couple of domains and some Azure subscriptions there was more or less no increased cost for me.  As you can see in the picture, Azure DNS Pricing is really cheap.

I’ve used Task Scheduler to scheduled the script below to run at Computer Startup on one of my Hyper-V Hosts at home, and then every hour. That guarantees that if there is a power failure and I get a new IP from my ISP, when the server boots, the external DNS pointers will be updated at once and just to be sure check every hour.

In short, the script checks your External IP and compares that to the IP of the hostname you want updated. If they are not identical, it will logon to Azure and update the hostname with your current IP.
Simple as that.

In my case, I’ve setup a UserName in AzureDNS who has access to just that DNSZone and are using that UserName in the script.

 

You obviously need to migrate an existing or register a new DNS Zone to Azure and use Microsoft’s NameServers for this to work.

 

Reduce DNS Client Cache in Windows Server 2012 R2

I’m often using Remote Desktop Gateways to connect to various environments, including our Private Cloud. One challenge arises when I change IP-address or network settings on a computer through SCVMM. As the RDGW has cached the DNS entry and IP Address, it takes a while until that information is cleared and I’m able to eastablish a connection. Or to be fair, what I usually do is RDP into the RDGW and does a “ipconfig /flushdns” and then reconnect the first server.
It does work, but wouldn’t it be better if that was kind of done automatically. Well, I guess you could schedule a “ipconfig /flushdns” every X minutes and get the desired result.

A better solution is to reduce the DNS Cache timeout on the RDGW server! I’ve modified mine to cache entries for just 10 seconds, and then do a new DNS query.  10 Seconds might be a bit too aggressive though it works fine for me.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters  maxcacheTTL
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
maxcacheTTL

Use this registry key to set the DNS Client Cache timeout;

Restart the “DNS Client” service to take effect. (net stop dnscache & net start dnscache).
I’ve only tried this on Windows Server 2012 R2, but I guess it should also work on Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012.

Personally, I’ve set this key through Group Policy Preferences to make sure it’s always done, even if the RDGW Server is reinstalled.

The other two values; MaxCacheEntryTtlLimit and MaxNegativeCacheTtl are leftovers from my testing, it seems those values worked for “Windows 2000” and are not used anymore.