check the Windows DNS server for forwarders that are private IP addresses.

Hi all. I’m new to Powershell.

My task is to check a Windows DNS server for forwarders that are private IP addresses.
I can’t do integer operations on what I get back from the Get-DnsServerForwarder cmdlet. I think it returns an object or something other than an integer. I’d like to do submasking operations to check for private addresses. If that is po!ssible in powershell.

Not sure about the subnet masking operations. That sounds tricky.

I would just treat the IP addresses as strings, split them on the dots and then check the value of the octet to determine if it’s a public or private address:

$ipAddresses = Get-DnsServerForwarder | Select -ExpandProperty IPAddress

foreach ($ipAddress in $ipAddresses) {

    $splitIp = $ipAddress.ToString().Split('.')

    if (($splitIp[0] -eq '10') -or ($splitIp[0] -eq '172' -and $splitIp[1] -le '32') -or($splitIp[0] -eq '192' -and $splitIp[1] -eq '168')) {

        Write-Output "$ipAddress is a private address"


    else {
        Write-Output "$ipAddress is a public address"


you also can use
and use it with integer operations

btw, Matt, 172 range starts with 16 and ends with 31, so ($splitIp[0] -eq ‘172’ -and $splitIp[1] -le ‘31’ -and $splitIp[1] -ge ‘16’)

and with integers it can be something like
($bytes[0] -eq 10) -or
($bytes[0] -eq 172 -and $bytes[1] -in 16…31) -or
($bytes[0] -eq 192 -and $bytes[1] -eq 168)

hey, thanks!
I came up with a solution. I need my script to somewhat readable for QA. so I’ve hard coded the testing range values in decimal in vars for them so they can see the dotted equivalence:

It’s rudimentary but I’m learning.
I greatly appreciate the replies and hope to contribute to the forum

Thanks, Max. I can never remember the 172 block. I even had the Wiki open and still got it wrong!