DNS and DHCP validation tasks?

Does anyone have a task to perform simple DNS validation?

Working on migrating Windows and Unix systems to new DNS servers, which are in new subnets, etc.

Looking to run a task on all Windows that would do a simple DNS lookup against the new DNS Server and validate the answer.

  • this is to help identify route, firewall, and acl issues which may prevent a system from resolving against the new DNS servers. This is all before actually setting the client to the new DNS server.
  • We have several systems in firewall compartments, both local and remote datacenters which may have some obscure historical settings to block the new dns servers from answering correctly.

I found the powershell "resolve-dnsnameā€™ cmdlet which will perform the lookup, but i have been fighting syntax - if then else

Steps:

  1. Run powershell command output to file C:\Windows\Temp\avpoke.txt
  2. if the output of the file containst ā€œAnswerā€ then
    set client setting _dnspoke=0,
    else
    set client setting _dnspoke=991
  3. I am using the Exit code to allow me not to really look at the client setting for failed initially.

This is what i have today:

delete __appendfile

 appendfile Resolve-DnsName -name gmail.com -type A -server 10.221.255.254 -Dnsonly | out-file "C:\Windows\Temp\avpoke.txt"
appendfile Resolve-DnsName -name gmail.com -type A -server 10.251.255.254 -Dnsonly | out-file "C:\Windows\Temp\avpoke2.txt"

delete "C:\Windows\Temp\avpoke.txt"
delete "C:\Windows\Temp\avpoke2.txt"
delete pstest.ps1
copy __appendfile pstest.ps1


waithidden { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -noprofile -ExecutionPolicy Bypass -file "pstest.ps1"


if  ( exists file "C:\Windows\Temp\avpoke.txt" whose (not exists line whose (it contains "Answer") of it))  
   setting "_dnspoke"="1" on "{parameter "action issue date" of action}" for client
    exit 999
 else
      setting "_dnspoke"="0" on "{parameter "action issue date" of action}" for client
 endif

 
if  ( exists file "C:\Windows\Temp\avpoke2.txt" whose (not exists line whose (it contains "Answer") of it))  
   setting "_dnspoke"="2" on "{parameter "action issue date" of action}" for client
    exit 999
 else
   setting "_dnspoke"="0" on "{parameter "action issue date" of action}" for client
 endif

delete "C:\Windows\Temp\avpoke.txt"
delete "C:\Windows\Temp\avpoke2.txt"

The outfile is empty when there is an error and contains output similar to the below on success
Also the exit status of the ā€˜resolve-dnsnameā€™ changes for failed vs success

This is basically something that will be run a dozen times in the next month and then not for a few years, so slow and dirty is ok - but simple would be best.

Any help and ideas are welcome.

PS C:\Program Files (x86)\BigFix Enterprise\BES Client> cat C:\Windows\Temp\avpoke.txt

Name Type TTL Section IPAddress


gmail.com A 300 Answer 64.233.1 77.17
gmail.com A 300 Answer 64.233.1 77.83
gmail.com A 300 Answer 64.233.1 77.19
gmail.com A 300 Answer 64.233.1 77.18

Not a comment on your method, but the logic needs checking - by my reading, the setting _dnspoke will only ever have a value of 2 or 0 upon completion - setting it to 1 or 0 will be overwritten later in the script

Completely understand.
The idea is for the action to exit with error where it first failed or complete clean.
As Any failure is something that requires manual review and potential fw, network updates

@mesee2 , Modify the if statements and change the parenthesis to curly braces only at the beginning and ending of the statement. For example:
if { exists file "C:\Windows\Temp\avpoke.txt" whose (not exists line whose (it contains "Answer") of it) }

1 Like