(2013-03-19)
Problem
Batch update of Windows 2003-hosted DNS server
Solution
First change the DNS zone configuration to permit insecure updates
- Start the DNS manager
- Select the zone in question, right-click, properties
- General tab
- Change the Dynamic Updates field to "Nonsecure and secure"
Generate a batch file with your updates:
server 10.8.0.41
update delete wwxx.ad.myzone.internal. A 192.168.1.99
send
answer
server 10.8.0.41
prereq nxdomain qawand02.ad.myzone.internal.
update add qawand02.ad.myzone.internal. 1800 A 192.168.10.58
send
answer
server 10.8.0.41
prereq nxdomain 58.10.168.192.in-addr.arpa.
update add 58.10.168.192.in-addr.arpa 1800 PTR qawand02.ad.myzone.local.
send
answer
The
prereq stanza says "don't create this record if it already exists".
Notes:
- The prereq stanza says "don't create this record if it already exists".
- I find I have to do a 'server' and 'send' command after each update command or an internal limit gets overflowed easily. (Update: if you say nsupdate -v $FILE instead, the connection is done over TCP instead of UDP and the limit doesn't apply.)
- You have to specify the entire record to be removed including data, since DNS does permit you to have multiple records with the same lookup value.
- Trailing dots matter on domain names.
Then run the nsupdate command with the file listing your changes:
You probably want to change the Secure Updates value back to whatever you found it as after your batch update unless you intend to do this regularly. But be aware that anyone with nsupdate can make changes to your DNS if you leave it as insecure update.
That's really all there is.