某次需要通过命令行给Windows Server的DNS服务上添加大量的DNS记录,手工累不说还容易出错,研究了一下,发现命令行命令是DnsCmd,这个早期的Windows Server上可能要另外安装,但我在Windows Server 2016上默认是有安装的。
下面以给某服务器添加一批A记录为例,说明如何结合Excel来批量生成大量的命令:
- 首先介绍一下DnsCmd的用法
1.1 运行DnsCmd /?或者DnsCmd可以获得全部命令及使用方式:
C:\>DnsCmd /?
Usage: DnsCmd <ServerName> <Command> [<Command Parameters>]
<ServerName>:
IP address or host name -- remote or local DNS server
. -- DNS server on local machine
<Command>:
/Info -- Get server information
/Config -- Reset server or zone configuration
/EnumZones -- Enumerate zones
/Statistics -- Query/clear server statistics data
/ClearCache -- Clear DNS server cache
/WriteBackFiles -- Write back all zone or root-hint datafile(s)
/StartScavenging -- Initiates server scavenging
/IpValidate -- Validate remote DNS servers
/EnumKSPs -- Enumerate available key storage providers
/ResetListenAddresses -- Set server IP address(es) to serve DNS requests
/ResetForwarders -- Set DNS servers to forward recursive queries to
/ZoneInfo -- View zone information
/ZoneAdd -- Create a new zone on the DNS server
/ZoneDelete -- Delete a zone from DNS server or DS
/ZonePause -- Pause a zone
/ZoneResume -- Resume a zone
/ZoneReload -- Reload zone from its database (file or DS)
/ZoneWriteBack -- Write back zone to file
/ZoneRefresh -- Force refresh of secondary zone from master
/ZoneUpdateFromDs -- Update a DS integrated zone by data from DS
/ZonePrint -- Display all records in the zone
/ZoneResetType -- Change zone type
/ZoneResetSecondaries -- Reset secondary\notify information for a zone
/ZoneResetScavengeServers -- Reset scavenging servers for a zone
/ZoneResetMasters -- Reset secondary zone's master servers
/ZoneExport -- Export a zone to file
/ZoneChangeDirectoryPartition -- Move a zone to another directory partition
/ZoneSeizeKeymasterRole -- Seize the key master role for a zone
/ZoneTransferKeymasterRole -- Transfer the key master role for a zone
/ZoneEnumSKDs -- Enumerate the signing key descriptors for a zone
/ZoneAddSKD -- Create a new signing key descriptor for a zone
/ZoneDeleteSKD -- Delete a signing key descriptor for a zone
/ZoneModifySKD -- Modify a signing key descriptor for a zone
/ZoneValidateSigningParameters -- Validate DNSSEC online signing parameters for a zone
/ZoneSetSKDState -- Set Active and/or Standby keys for a signing key descriptor for a zone
/ZoneGetSKDState -- Retrieve dynamic state for a signing key descriptor for a zone
/ZonePerformKeyRollover -- Trigger a key rollover in a signing key descriptor for a zone
/ZonePokeKeyRollover -- Trigger a key rollover in a signing key descriptor for a zone
/ZoneSign -- Signs the zone using DNSSEC online signing parameters
/ZoneUnsign -- Removes DNSSEC signatures from a signed zone
/ZoneResign -- Regenerate DNSSEC signatures in a signed zone
/EnumRecords -- Enumerate records at a name
/RecordAdd -- Create a record in zone or RootHints
/RecordDelete -- Delete a record from zone, RootHints or cache
/NodeDelete -- Delete all records at a name
/AgeAllRecords -- Force aging on node(s) in zone
/TrustAnchorAdd -- Create a new trust anchor zone on the DNS server
/TrustAnchorDelete -- Delete a trust anchor zone from DNS server or DS
/EnumTrustAnchors -- Display status information for trust anchors
/TrustAnchorsResetType -- Change zone type for a trust anchor zone
/EnumDirectoryPartitions -- Enumerate directory partitions
/DirectoryPartitionInfo -- Get info on a directory partition
/CreateDirectoryPartition -- Create a directory partition
/DeleteDirectoryPartition -- Delete a directory partition
/EnlistDirectoryPartition -- Add DNS server to partition replication scope
/UnenlistDirectoryPartition -- Remove DNS server from replication scope
/CreateBuiltinDirectoryPartitions -- Create built-in partitions
/ExportSettings -- Output settings to DnsSettings.txt in the DNS server database directory
/OfflineSign -- Offline signing zone files, including key generation/deletion
/EnumTrustPoints -- Display active refresh information for all trust points
/ActiveRefreshAllTrustPoints -- Perform an active refresh on all trust points now
/RetrieveRootTrustAnchors -- Retrieve root trust anchors via HTTPS
<Command Parameters>:
DnsCmd <CommandName> /? -- For help info on specific Command
In future versions of Windows, Microsoft might remove dnscmd.exe.
If you currently use dnscmd.exe to configure and manage the DNS server,
Microsoft recommends that you transition to Windows PowerShell.
To view a list of commands for DNS server management, type
"Get-Command -Module DnsServer" at the Windows PowerShell prompt. Additional
information about Windows PowerShell commands for DNS is available at
http://go.microsoft.com/fwlink/?LinkId=217627.
C:\>
可以通过DnsCmd可以通过如下格式获取每个命令的帮助信息:
DnsCmd <命令> /?
例如我们查询这里要用到的/RecordAdd命令:
DnsCmd /RecordAdd /?
我们可以得到如下帮助:
C:\>DnsCmd /RecordAdd /?
Usage: DnsCmd <ServerName> /RecordAdd <Zone> <NodeName> [/Aging] [/OpenAcl]
[/CreatePTR] [<Ttl>] <RRType> <RRData>
<RRType> <RRData>
A <IPAddress>
CNAME,DNAME <HostName|DomainName>
NS,MB,MD <HostName|DomainName>
PTR,MF,MG,MR <HostName|DomainName>
MX,RT,AFSDB <Preference> <ServerName>
SRV <Priority> <Weight> <Port> <HostName>
SOA <PrimaryServer> <AdminEmail> <Serial#>
<Refresh> <Retry> <Expire> <MinTTL>
AAAA <Ipv6Address>
TXT <String> [<String>]
X25,HINFO,ISDN <String> [<String>]
MINFO,RP <MailboxName> <ErrMailboxName>
WKS <Protocol> <IPAddress> <Service> [<Service>]..]
DHCID <Base64Data>
NAPTR <Order> <Preference> <FlagString> <ServicesString>
<RegExpString> <ReplacementDomain>
WINS <MapFlag> <LookupTimeout>
<CacheTimeout> <IPAddress> [<IPAddress>]
WINSR <MapFlag> <LookupTimeout>
<CacheTimeout> <RstDomainName>
DNSKEY <Flags> <KeyProtocol> <CryptoAlgorithm> <Base64Data>
RRSIG <TypeCovered> <CryptoAlgorithm> <LabelCount>
<OriginalTTL> <SigExpiration> <SigInception>
<KeyTag> <Signer's Name> <Base64Data>
DS <KeyTag> <CryptoAlgorithm> <DigestType> <Digest>
NSEC <NextName> <Type> [<Type> ...]
NSEC3 <HashAlgorithm> <Flags> <Iterations> <BinarySalt>
<NextHashedName> [<Type> ...]
NSEC3PARAM <CryptoAlgorithm> <Flags> <Iterations> <BinarySalt>
<Zone> -- <ZoneName> | /RootHints
<ZoneName> -- FQDN of a zone
<NodeName> -- name of node for which a record will be added
- FQDN of a node (name with a '.' at the end) OR
- node name relative to the ZoneName OR
- "@" for zone root node OR
- service name for SRV only (e.g. _ftp._tcp)
<Ttl> -- TTL for the RR (Default: TTL defined in SOA)
<HostName> -- FQDN of a host
<IPAddress> -- e.g. 255.255.255.255
<ipv6Address> -- e.g. 1:2:3:4:5:6:7:8
<Protocol> -- UDP | TCP
<Service> -- e.g. domain, smtp
<TypeCovered> -- type of the RRset signed by this RRSIG
<CryptoAlgorithm> -- 1=RSA/MD5, 2=Diffie-Hellman, 3=DSA
<SigExpiration> -- yyyymmddhhmmss - GMT
<SigInception> -- yyyymmddhhmmss - GMT
<KeyTag> -- used to discriminate between multiple DNSKEYs
<DigestType> -- 1=SHA-1
<Signer's Name> -- domain name of signer
<KeyProtocol> -- 1=TLS, 2=email, 3=DNSSEC, 4=IPSEC
<Base64Data> -- DNSKEY, RRSIG or DHCID binary data in base64 notation
<NextName> -- domain name of next RRSet in zone
<HashAlgorithm> -- 1=SHA-1
<BinarySalt> -- NSEC3 salt as a sequence of hexadecimal digits
- digits are case-insensitive
- no white space allowed
- represent no salt with a single '-' (no quotes)
<NextHashedName> -- Base32Hex representation of the hash of the next owner
name
/Aging -- Specifies that this resource record is eligible for
scavenging. If this parameter is not used, the resource
record will not be scavenged.
/OpenAcl -- Specifies that new records are open to modification by
any user until the first update. Without this parameter,
only administrators may modify the new record.
/CreatePTR -- Specifies that when this A or AAAA resource record is
created the corresponding PTR record should also be
created in the reverse lookup zone if that zone exists
on the local server.
In future versions of Windows, Microsoft might remove dnscmd.exe.
If you currently use dnscmd.exe to configure and manage the DNS server,
Microsoft recommends that you transition to Windows PowerShell.
To view a list of commands for DNS server management, type
"Get-Command -Module DnsServer" at the Windows PowerShell prompt. Additional
information about Windows PowerShell commands for DNS is available at
http://go.microsoft.com/fwlink/?LinkId=217627.
C:\>
1.2 简介一下我们要用到的/RecordAdd命令的简化后的格式
#原始说明
DnsCmd <ServerName> /RecordAdd <Zone> <NodeName> <RRType> <RRData>
#中文描述
DnsCmd <服务器名称> /RecordAdd <区域> <节点名称> <资源记录类型> <资源记录数据>
服务器名称:就是需要添加记录的目标DNS服务器的名称或者IP地址,可以用.或者localhost代表本机
区域:就是正向查找区域里的某个区域节点名称,这里我们假定是“demo.local”
节点名称:就是指的要添加的节点的名称,这里我们假定是某个服务器叫“pc_hr_001”
资源记录类型:就是指的这个DNS记录的类型,比如A记录、CNAME别名、MX记录等,不一一列举
资源记录数据:IP地址或者完整域名FQDN(如果是A记录就是IP地址),如果是CNAME或者MX就是FQDN。这里举例用IP地址192.168.1.1
这样我们在本机添加一条区域demo.local中指向IP地址为192.168.1.1的主机pc_hr_001的A记录命令如下:
#在本机添加一条区域demo.local中指向IP地址为192.168.1.1的主机pc_hr_001的A记录
DnsCmd . /RecordAdd demo.local pc_hr_001 A 192.168.1.1
-
用Excel辅助批量生成添加命令
我们在Excel中新建一个工作表,在工作表里定义五列数据如图:
图1. 批量生成命令的Excel表格数据格式
前面ABCD四列的数据都是直接添充的数据,第五列是一个公式,E2单元格公式的内容如下:
="dnscmd . /RecordAdd " & D2 & " " & A2 & " " & B2 & " " & C2
建好工作表后,把上面的公式复制粘贴到E2单元格里即可,最后在DNS服务器上打开Command Prompt或者PowerShell后,把第E列的所有命令一把复制一次性粘贴进去即可完成批量创建。
也可以复制第E列的命令复制粘贴到一个批处理文件里,到DNS服务器上直接运行即可。
网友评论