Section 4.12. Command-Line Utilities

Previous page
Table of content
Next page

4.12. Command-Line Utilities

In this section, I'll describe some useful programs designed to be run from a command line that you can use to automate your DNS setup and configuration processes.

4.12.1. DNSCmd

The Windows Server 2003 Support Tools collection, described earlier in the book, contains the DNSCmd utility , which is a great way to access some command DNS configuration-related functions through the power and speed of the command prompt. To get to DNSCmd, look in the Support\Tools directory on the Windows Server 2003 distribution CD for the file support.cab. Inside, copy and paste DNSCmd to a convenient location.

DNSCmd displays and changes the properties of DNS servers, zones, and resource records. Some operations of this tool work at the DNS server level while others work at the zone level. You can use DNSCmd on any Windows 2000 or XP computer as long as the user that is running the application is a member in the Administrators or Server Operators group on the target computer. Both the user account and the server computer must be members of the same domain or reside within trusted domains.

DNSCmd can be used in any of the following situations:

  • You want to retrieve information about a DNS server.

  • You want to begin the scavenging process.

  • You want to view information and contents of a DNS zone.

  • You want to create, remove, or "pause" zones.

  • You want to change the properties of a zone.

  • You want to add, delete, or enumerate records in a zone.

You use DNSCmd simply by specifying attributes and their values as part of a command. For example, to create a new standard primary zone called corp.hasselltech.local on a server named dc1.corp.hasselltech.local and stored in corp.hasselltech.local.dns files, use the following syntax:

 dnscmd dc1.corp.hasselltech.local/ZoneAdd corp.hasselltech.local /Primary /file corp. hasselltech.local.dns

I could have also chosen to make corp.hasselltech.local a secondary zone by replacing the /Primary switch with /Secondary.

To create a new A record, I could issue the following command, which adds a record for a machine named wwwto the zone with an IP address of 192.168.1.23to the same DNS server as the previous example:

 Dnscmd dc1.corp.hasselltech.local /RecordAdd corp.hasselltech.local www A 192.168.1.23

You can see all of the zones on a target server by entering the following command:

 dnscmd dc1.corp.hasselltech.local /enumzones

If you're experiencing some problems with replication and want to trigger the process manually, you can start it with the following command (assuming you want to use the same server to begin the process as in the previous examples):

 Dnscmd dc1.corp.hasselltech.local /ZoneRefresh corp.hasselltech.local

Likewise, you might find yourself needing to manually age all of the records on a particular machine. You can easily do so through DNSCmd using the following:

 dnscmd corp.hasselltech.local /ageallrecords dc1.corp.hasselltech.local

You'll need to confirm your choice, and then the current time will be applied to all records on that machine.

You might also need to clear the DNS cache on a target server, which can be done using this command:

 Dnscmd dc1.corp.hasselltech.local /clearcache

To quickly stop and start the DNS process on the target computer, use the following command:

 Dnscmd dc1.corp.hasselltech.local /restart

If you want to export a particular zone to a file, you can issue the following command:

 dnscmd /zoneexport corp.hasselltech.local corp.hasselltech.local.dns

And, finally, to delete a zone from a target server, use the following command:

 dnscmd dc1.corp.hasselltech.local /zonedelete corp.hasselltech.local

4.12.2. DNSLint

Also on the distribution CD in support tools is DNSLint. DNSLint is a utility born out of the desire to automate the process of troubleshooting lame delegation issues and problems with AD replication because of faulty DNS records. DNSLint is a great tool to make sure that every DNS server that has records on your services has correct records and that there are no issues with those DNS servers' data. (And in case you're wondering, the name "DNSLint" comes from the idea that lint is something you find in your blue jeans after they come out of the dryer. When you find lint, it is useless and perhaps even embarrassing, meaning you probably quickly discard it. You should do the same with outdated or inaccurate DNS records for critical machines on your network.)

The best thing to do from the start is to create a standard report on any given DNS domain, using the following:

 dnslint /d hasselltech.local /v

DNSLint produces an HTML-based report and then starts Internet Explorer to display the result. The results are color-coded with warnings in amber and errors in red for easy scanning. (You can elect to get a text-based report, if you prefer.) The report generated by the previous command will show a detailed listing of each DNS server for the corp.hasselltech.local domain and indicate whether or not the server responds to a query on port 53, which is the standard DNS port. It will tell you how it found each server, and it will also list each server that reports authoritatively. You will also see Mail Exchanger (MX) records in the zone, which is a useful addition to help with troubleshooting SMTP routing problems.

If you are specifically having email difficulties, you can use DNSLint to determine whether a designated email server listens on the correct port. Use the following command:

 dnslint /d domainname.tld /c

The report generated by that command will list whether a server indicated in an MX record is listening for SMTP, POP3 and IMAP4 requests, and will also show the SMTP header returned by the server to help in diagnostics.

To assist in troubleshooting, the following functions are available in DNSLint:


dnslint /d domainname

This diagnoses potential causes of "lame delegation," covered earlier in this chapter, and other related DNS problems. You'll receive an HTML-based report once the diagnosis is complete. Add /vfor more information about how the DNS servers listed in the report were found. If you get errors saying that the domain specified is not listed with InterNIC, simply add the /soption.


dnslint /ql mylist.txt

This verifies a user-defined set of DNS records on multiple DNS servers. You can specify in a simple text file the sets of records you'd like to test. For example, the following tests A, PTR, CNAME, and MX records for the domain name and IP address of a fairly well-known company:

 microsoft.com,a,r      ;A record 207.46.197.100,ptr,r   ;PTR record microsoft.com,cname,r  ;CNAME record microsoft.com,mx,r       ;MX record


dnslint /ad localhost

This verifies the DNS records on a specific host (in this case, the current machine) specifically used for Active Directory replication. If you get errors saying that the domain specified is not listed with InterNIC, simply add the /soption.


Previous page
Table of content
Next page
Learning Windows Server 2003
Learning Windows Server 2003
ISBN: 0596101236
EAN: 2147483647
Year: 2004
Pages: 171
Authors: Jonathan Hassell
BUY ON AMAZON
Oracle Developer Forms Techniques
C++ GUI Programming with Qt 3
Microsoft VBScript Professional Projects
InDesign Type: Professional Typography with Adobe InDesign CS2
Junos Cookbook (Cookbooks (OReilly))
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy