DNS lookup Powershell 2.0 compliant

PowerShell Help
1

My current environment requires that PowerShell 2.0 compliance be adhered to as we still have server 2003. I am seeing interesting behavior when using the ‘System.Net.Dns::GetHostEntry(“computername”)’. When running the command against a remote machine name the proper (single) entry from DNS is returned. If I run the same command as follows on that remote computer while logged in locally to it ‘System.Net.Dns::GetHostEntry($env:Computername)’ it returns all local IP addresses whether in DNS or not. Is this expected behavior? I have spent hours searching forums for someone else experiencing the same issue but haven’t been successful.
Ultimately my goal is to only return what is actually registered in DNS and not something local.

Thanks

2

You’re probably just seeing normal DNS behavior, nothing to do with PowerShell. Keep in mind that a computer will normally cache its own IP addresses indefinitely, locally. So the “name resolution system” will return those, on that computer, without needing to resort to the DNS server. That’s kind of how lookup is supposed to work.

If your goal is to just check the DNS server, then you don’t want name resolution - you want to query the DNS server directly. If it’s a Microsoft DNS server, there’s a WMI namespace you can use for that. You’d connect to the server directly via Get-WmiObject and request whatever specific record(s) you want.

3

@Don Jones, thank you. That put me on the right track. I was able to use nslookup and parse the string to get the results I needed.

$FullAddressList = nslookup -type=a $env:COMPUTERNAME | findstr "[0-9].[0-9].[0-9].[0-9]"
$counter = 0
foreach ($line in $FullAddressList)
{
	$counter += 1
	if ($counter -ne 1)
	{
		write "$line" | %{ $_.Split(" ")[2] }
	}
}
4

Parsing nslookup in an odd and bug-ridden way seems suboptimal. Don was hinting towards using Get-WmiObject. There appears to be some info here - I just skimmed briefly: http://www.computerperformance.co.uk/powershell/powershell_wmi_dns.htm

I would, however, use this: https://dnsshell.codeplex.com/ – that uses WMI under the hood.

Your foreach and if could be better written as the following unless I’m missing something:

$FullAddressList | Select -Skip 1 | ForEach-Object { $_.Split(" ")[2] }

But your nslookup command doesn’t work the way you want it to, so that’ll be wrong too… :

PS D:\> nslookup wiki.powershelladmin.com | findstr "[0-9].[0-9].[0-9].[0-9]"
Non-authoritative answer:
Address:  192.168.1.1
Address:  96.126.122.49

It returns that line of text, which is written to STDOUT (file descriptor 2 - see redirection in code below to the file “tmp.tmp”) and the router/DNS server IP as well as the actual result (last).

I guess your version does work since you skip the first STDOUT result, ignore STDERR (dumped to screen and just happily ignored?), and then get the second one, but calling “findstr” from PowerShell? That’s bad. Very bad.

If you do want to parse nslookup, this works:

PS D:\temp> [regex]::Matches((nslookup wiki.powershelladmin.com 2> tmp.tmp | select -last 2), 'Address:\s+([\d.]+)') | %{ $_.Groups[1].Value }
96.126.122.49

You could also use the -match operator:

PS D:\temp> (nslookup wiki.powershelladmin.com 2> tmp.tmp | select -last 2 | select -first 1) -match 'Address:\s+([\d.]+)'
True
PS D:\temp> $Matches[1]
96.126.122.49
5

If anyone is looking for a precise regex for matching an IPv4 address, this article should help.