Does anyone have a task to perform simple DNS validation?
Working on migrating Windows and Unix systems to new DNS servers, which are in new subnets, etc.
Looking to run a task on all Windows that would do a simple DNS lookup against the new DNS Server and validate the answer.
- this is to help identify route, firewall, and acl issues which may prevent a system from resolving against the new DNS servers. This is all before actually setting the client to the new DNS server.
- We have several systems in firewall compartments, both local and remote datacenters which may have some obscure historical settings to block the new dns servers from answering correctly.
I found the powershell "resolve-dnsnameā cmdlet which will perform the lookup, but i have been fighting syntax - if then else
Steps:
- Run powershell command output to file C:\Windows\Temp\avpoke.txt
- if the output of the file containst āAnswerā then
set client setting _dnspoke=0,
else
set client setting _dnspoke=991 - I am using the Exit code to allow me not to really look at the client setting for failed initially.
This is what i have today:
delete __appendfile
appendfile Resolve-DnsName -name gmail.com -type A -server 10.221.255.254 -Dnsonly | out-file "C:\Windows\Temp\avpoke.txt"
appendfile Resolve-DnsName -name gmail.com -type A -server 10.251.255.254 -Dnsonly | out-file "C:\Windows\Temp\avpoke2.txt"
delete "C:\Windows\Temp\avpoke.txt"
delete "C:\Windows\Temp\avpoke2.txt"
delete pstest.ps1
copy __appendfile pstest.ps1
waithidden { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -noprofile -ExecutionPolicy Bypass -file "pstest.ps1"
if ( exists file "C:\Windows\Temp\avpoke.txt" whose (not exists line whose (it contains "Answer") of it))
setting "_dnspoke"="1" on "{parameter "action issue date" of action}" for client
exit 999
else
setting "_dnspoke"="0" on "{parameter "action issue date" of action}" for client
endif
if ( exists file "C:\Windows\Temp\avpoke2.txt" whose (not exists line whose (it contains "Answer") of it))
setting "_dnspoke"="2" on "{parameter "action issue date" of action}" for client
exit 999
else
setting "_dnspoke"="0" on "{parameter "action issue date" of action}" for client
endif
delete "C:\Windows\Temp\avpoke.txt"
delete "C:\Windows\Temp\avpoke2.txt"
The outfile is empty when there is an error and contains output similar to the below on success
Also the exit status of the āresolve-dnsnameā changes for failed vs success
This is basically something that will be run a dozen times in the next month and then not for a few years, so slow and dirty is ok - but simple would be best.
Any help and ideas are welcome.
PS C:\Program Files (x86)\BigFix Enterprise\BES Client> cat C:\Windows\Temp\avpoke.txt
Name Type TTL Section IPAddress
gmail.com A 300 Answer 64.233.1 77.17
gmail.com A 300 Answer 64.233.1 77.83
gmail.com A 300 Answer 64.233.1 77.19
gmail.com A 300 Answer 64.233.1 77.18