Validate DNS Zone Names and Master Servers

I am trying to come up with a script that will validate ($True or $False) if a specified list of DNS Zone Names and their associated Master Servers list exists on a DNS Server.

Example List:

Zone Names				Master Servers

testCorp.com				"158.192.20.251","155.108.26.130","156.107.74.100","157.191.169.71","156.109.176.244"
190.157.in-addr.arpa			"157.191.169.71","156.109.176.244"
testCorpacademy.com			"157.191.169.71","156.109.176.244","156.107.74.71"
solutions.testCorp.com			"209.244.0.3"
amazon.cz				"8.8.8.8"

I can run

gwmi -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone -Filter "ZoneType = 4" | Select Name,{$_.MasterServers}

This gets me the zones and master servers from the server.

What I need is to do is:
1)Confirm if the DNS Zone in the list exists on the server
2)If the DNS Zone exists verify that all the Master Servers are specified (the Zone can contain other master servers but must have the ones specified)
3)Repeat this for each DNS Zone
4)Validate $True if all DNS Zones exist and have the specified Master Servers
5)Validate $False if any of the Zones or associated Master Servers are not present on the server.

I started trying to flush this out and have come up with this so far:

		$ZonesExist = $False

        ### Index in to DNSZones array for the region.
        $ZoneName         = $NewDNSZone[0]
        $MasterServer1    = $NewDNSZone[1]
        $MasterServer2    = $NewDNSZone[2]
        $MasterServer3    = $NewDNSZone[3]
        $MasterServer4    = $NewDNSZone[4]
		$MasterServer5    = $NewDNSZone[5]

 ### This section checks for  Conditional Forwarders for the core Zones.  These entries are required!
  
        # Create an array of regional DNS Zones
		
		$NewDNSZones   = @()
		$NewDNSZones   = ,("testCorp.com","158.192.20.251","155.108.26.130","156.107.74.100","157.191.169.71","156.109.176.244")
		$NewDNSZones  += ,("190.157.in-addr.arpa","157.191.169.71","156.109.176.244")
		$NewDNSZones  += ,("testCorpacademy.com","157.191.169.71","156.109.176.244","156.107.74.71")
		$NewDNSZones  += ,("solutions.testCorp.com","209.245.0.3")
		$NewDNSZones  += ,("amazon.cn","8.8.8.8")

	
	$ExistingZones = gwmi -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone -Filter "ZoneType = 4" | Select Name,{$_.MasterServers}
	
	ForEach ($Zone in $ZoneName) {
		if ($Zone -like $ExistingZones.Name} {
			if ($MasterServer1 -eq $ExistingZones.MasterServers)
			}
	}

I am having some trouble figuring out how to first validate the DNS Zone name, then if that is there validate that that DNS Zone has the proper Master Servers and cycling through all the DNS Zone names.

Any help and guidance is appreciated.

~Ed

Are these Windows DNS servers?

yes

So, not knowing what tools you’re able to use, have you dug into either the DNS Server commands in the RSAT, or into the WMI classes exposed by DNS Server?

I have looked at the WMI classes and the following command gets me the info I need (sort of):

gwmi -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone -Filter "ZoneType = 4" | Select Name,{$_.MasterServers}

This gives me the name of any ConditionalForwarderZones and the associated MasterServers like so:

Name MasterServers

107.156.in-addr.arpa {156.107.74.71, 157.191.169.71}
109.156.in-addr.arpa {156.109.176.244, 157.191.169.71}
191.157.in-addr.arpa {157.191.169.71, 156.109.176.244}
amazon.cn {8.8.8.8, 4.4.4.4}
dev-int.mso.local {156.109.215.197, 156.109.215.198}
epsm.net {156.107.74.81, 156.107.74.71, 157.191.125.136}
esurveydesigns.com {156.109.176.244, 157.191.169.71}
mckinsey.com {157.191.19.250, 156.109.27.131, 156.107.74.100, 157.191.169.71…}
mckinseyacademy.com {157.191.169.71, 156.109.176.244, 156.107.74.71}
news.qq.com {8.8.8.8}
ohi-survey.com {156.109.215.197, 156.109.215.198}
sina.com.cn {8.8.8.8}
solutions.mckinsey.com {209.244.0.3}
weibo.com {8.8.8.8, 4.4.4.4}

My problem here is even though I think I am calling to have the string values expanded with the {$.MasterServers} they are not fully expanded. I think it is recognizing {$.MasterServers} as I get the same results whether I use that or simply ‘MasterServers’.

Once I get that worked out I then need to figure out the programming logic so that I can ensure that all the zones and their associated Master Servers match the list.

No, that syntax isn’t expanding them. You can’t really get two properties and expand one; you have to create our own objects. For example:

gwmi -Namespace root\MicrosoftDNS -Class MicrosoftDNS_Zone -Filter "ZoneType = 4" |
foreach {
  foreach ($server in $_.masterservers) {
    new-object -type psobject -prop @{Name=$_.Name;MasterServer=$server}
  }
} 

That’ll give you one output object per master server IP address. Or roughly should - you may need to tweak and adjust to get exactly what you need.

Thanks Don, this helps a lot.