Create & Manage DNS Zones and Records with PowerShell

A Windows administrator can use the good old Dnscmd cli tool or DNSServer module for PowerShell to manage DNS zones and records. In this article we’ll cover the basic operations of bulk creating, modification, and removing different DNS records or zones using PowerShell.

DNSServer PowerShell Module

The DNSServer module for PowerShell is a part of RSAT. On Windows 10 you will have to install RSAT separately, and on Windows Server you can enable the module using Server Manager GUI (Role Administration Tools -> DNS Server Tools).

Make sure the DNSServer PowerShell module is install on your computer:

Get-Module DNSServer –ListAvailable

You can display the list of commands in it (the module version for Windows Server 2016 has 134 cmdlets):

Get-Module DNSServer

Manage DNS Zones with PowerShell

Display the list of DNS zones on your server (in our case, it is a domain controller):

Get-DnsServerZone –ComputerName dc01

To add a new primary DNS zone named woshub.com, run this command:

Add-DnsServerPrimaryZone -Name woshub.com -ReplicationScope "Forest" –PassThru

As you can see, the primary DNS zone integrated into Active Directory has been created (isDsIntegrated=True).

You can create a Reverse Lookup Zone:

Add-DnsServerPrimaryZone -NetworkId "192.168.100.0/24" -ReplicationScope Domain

To synchronize a new zone with other DCs in the domain, run the following command:

Sync-DnsServerZone –passthru

Display the list of records in the new DNS zone (it is empty):

Get-DnsServerResourceRecord -ComputerName dc01 -ZoneName contoso.local

To remove the DNS zone, use the command:

Remove-DnsServerZone -Name woshub.com -ComputerName dc01

It will also remove all existing DNS records in the zone.

Managing DNS Records with DNSServer PowerShell Module

To create a new A record for the host in the specified DNS zone, use this command:

Add-DnsServerResourceRecordA -Name ber-rds1 -IPv4Address 192.168.100.33 -ZoneName woshub.com -TimeToLive 01:00:00

To add a PTR record to the Reverse Lookup Zone, you can add –CreatePtr parameter to the previous command or create the pointer manually using the Add-DNSServerResourceRecordPTR cmdlet:

Add-DNSServerResourceRecordPTR -ZoneName 100.168.192.in-addr.arpa -Name 33 -PTRDomainName ber-rds1.woshub.com

To add an alias (CNAME) for the specific A record, run this command:

Add-DnsServerResourceRecordCName -ZoneName woshub.com -Name Ber-RDSFarm -HostNameAlias ber-rds1.woshub.com

To change (update) the IP address in the A record, you will have to apply quite a complex method since you cannot change an IP address of a DNS record directly:

$NewADNS = get-DnsServerResourceRecord -Name ber-rds1 -ZoneName woshub.com -ComputerName dc01
$OldADNS = get-DnsServerResourceRecord -Name ber-rds1 -ZoneName woshub.com -ComputerName dc01

Then change the IPV4Address property of the $NewADNS object:

$NewADNS.RecordData.IPv4Address = [System.Net.IPAddress]::parse('192.168.100.133')

Change the IP address of the A record using the Set-DnsServerResourceRecord cmdlet:

Set-DnsServerResourceRecord -NewInputObject $NewADNS -OldInputObject $OldADNS -ZoneName woshub.com -ComputerName dc01

Make sure that the IP address of the A record has changed:

Get-DnsServerResourceRecord -Name ber-rds1 -ZoneName woshub.com

You can display the list of DNS records of the same type by using the –RRType parameter. Let’s display the list of CNAME records in the specified DNS zone:

Get-DnsServerResourceRecord -ComputerName DC01 -ZoneName woshub.com -RRType CNAME

You can also use filters by any DNS record parameters using Where-Object. For example, to display the list of A records containing rds phrase in their hostnames:

Get-DnsServerResourceRecord -ZoneName woshub.com -RRType A | Where-Object HostName -like "*rds*"

To remove DNS records, the Remove-DnsServerResourceRecord cmdlet is used.

For example, to remove a CNAME record, run the command:

Remove-DnsServerResourceRecord -ZoneName woshub.local -RRType CName -Name Ber-RDSFarm

To remove an A DNS record:

Remove-DnsServerResourceRecord -ZoneName woshub.local -RRType A -Name ber-rds1 –Force

To remove a PTR record from a Reverse Lookup Zone:

Remove-DnsServerResourceRecord -ZoneName “100.168.192.in-addr.arpa” -RRType “PTR” -Name “33”

How to Create Multiple A and PTR DNS Records from a .CSV File?

Suppose, you want to create multiple A records at a time in the specific DNS Forward Lookup Zone. You can add them one-by-one using the Add-DnsServerResourceRecordA cmdlet, but it is easier to add A records in bulk from a .CSV file.

Create a text file NewDnsRecords.txt with the names and IP addresses you want to add to DNS. The txt file format is as follows:

HostName, IPAddress

To create A records in the woshub.com zone according to the data in your TXT/CSV file, use the following PowerShell script:

Import-CSV "C:\PS\NewDnsRecords.txt" | %{
Add-DNSServerResourceRecordA -ZoneName woshub.com -Name $_."HostName" -IPv4Address $_."IPAddress"
}

If you want to add records to the Reverse Lookup Zone at the same time, add the –CreatePtr parameter to your Add-DNSServerResourceRecordA command.

Then using DNS Manager console (dnsmgmt.msc) or Get-DnsServerResourceRecord -ZoneName woshub.local make sure that all DNS records have been created successfully.

If you want to add PTR records to the Reverse Lookup Zone in bulk, create a text or a CSV file with the following structure:

octet,hostName,zoneName
102,ber-rds2.woshub.com,100.168.192.in-addr.arpa
103,ber-rds3.woshub.com,100.168.192.in-addr.arpa
104,ber-rds4.woshub.com,100.168.192.in-addr.arpa
105,ber-rds5.woshub.com,100.168.192.in-addr.arpa

Then run the script:

Import-CSV "C:\PS\NewDnsPTRRecords.txt" | %{
Add-DNSServerResourceRecordPTR -ZoneName $_."zoneName" -Name $_."octet" -PTRDomainName $_."hostName"
}

Make sure that your PTR records appeared in the DNS Reverse Lookup Zone.