使用(windows) PowerShell对BIND9服务器执行TSIG动态DNS更新
使用(windows) PowerShell对BIND9服务器执行TSIG动态DNS更新
提问于 2019-03-07 17:25:20
我运行BIND9 DNS服务器,并允许我的客户使用TSIG键进行动态DNS更新。
我的一个客户只使用Windows环境,因此使用PowerShell来运行脚本。他想使用PowerShell向我的服务器发送动态更新。
从Linux进行测试很容易:使用nsupdate。
来自:https://www.freeipa.org/page/Howto/DNS_更新_和_区域_转帐_使用_TSIG
您必须使用选项-y算法:keyname:keyvalue或-k keyfilename选项。例如
$ nsupdate -y hmac-sha512:keyname:keyvalue或$ nsupdate -k Kkeyname.+165+0316.private
然后做你的更新:
来自https://linux.die.net/man/8/nsupdate:
oldhost.example.com > update oldhost.example.com A> update newhost.example.com 86400 A 172.16.1.1 >发送
若要在Powershell中不使用 TSIG执行更新,则.有点简单..。我想?:使用cmdlet (例如) undefined
-Name "host23“-ZoneName "contoso.com”- AllowUpdateAny -IPv4Address "172.18.99.23“-TimeToLive 01:00:00
在浏览了文档之后,我没有看到任何对事务签名的引用,也没有以某种方式使用TSIG密钥。
How我是否使用TISG键从Powershell向BIND9服务器发送动态更新?
这是令人沮丧的很难找到一个例子。我可以找到的大多数示例都是使用PowerShell通过API发送更新,然后(可能)在黑匣子内执行某种部署或动态更新。我只想构建一个DDNS更新并使用PowerShell发送它。
回答 3
Server Fault用户
发布于 2019-03-07 20:03:03
他们必须从BIND (https://www.isc.org/downloads/)下载nsupdate。可以从PowerShell主机调用nsupdate。
Server Fault用户
发布于 2019-12-06 19:46:15
下面是一个脚本,如果提供了tsig文件,它将创建和提交DDNS请求。确保NTFS权限设置为防止未经授权的用户(包括其他管理员)访问此文件。
这确实假设您已经在C:\windows\system32 32中安装了nsupdate.exe和相关的dll,但是可以对其他路径进行修改。
我欢迎你的任何请求。https://github.com/ACiDGRiM/UsefulScripts/blob/master/Update-DNS.ps1
Param (
[String]$KeyPath = "C:\Windows\System32\drivers\etc\windows-update-client.txt",
[String]$NSScriptPath = "$env:Temp\nsupdate.txt",
[String]$NSUpdatePath = "$env:SystemRoot\System32"
)
begin {
#Gather status of system IP Addresses, DNS Servers, and domains
$IPAddresses = Get-NetIPAddress | Where-Object -FilterScript { ($_.InterfaceAlias -like "Ethernet*" -or $_.InterfaceAlias -like "Wi-Fi*") -and $_.IPAddress -notlike "fe*"}
$DNSServers = Get-DnsClientServerAddress | Where-Object -FilterScript { $_.InterfaceAlias -like "Ethernet*" -or $_.InterfaceAlias -like "Wi-Fi*"}
$DNSClient = Get-DnsClient | Where-Object -FilterScript { $_.InterfaceAlias -like "Ethernet*" -or $_.InterfaceAlias -like "Wi-Fi*"}
}
process {
[array]$RequestOutput = @()
#Parse network status into simplified objects
foreach ( $if in $IPAddresses ) {
$requesthash = @{
IPAddress = @{Address = $if.IPAddress;AddressFamily = $if.AddressFamily}
Zone = $DNSClient | Where-Object -FilterScript { $_.InterfaceAlias -eq $if.InterfaceAlias } | Select-Object -ExpandProperty "ConnectionSpecificSuffix" -First 1
Servers = $DnsServers | Where-Object -FilterScript { $_.InterfaceAlias -eq $if.InterfaceAlias } | Select-Object -ExpandProperty "ServerAddresses"
}
$RequestObj = New-Object -TypeName psobject -Property $requesthash
$RequestOutput += $RequestObj
}
#Condense zones from multiple interfaces
[array]$UniqueZones = ($RequestOutput.Zone|Sort-Object -Unique)
#Combine IPv6 and IPv4 addresses into a single object property for each zone
[array]$CombinedOutput = @()
for ($i=0;$i -lt $UniqueZones.count;$i++) {
$Combinedhash = @{
Addresses = $RequestOutput | Where-Object -FilterScript {$_.Zone -eq $UniqueZones[$i]} | Select-Object -ExpandProperty "IPAddress"
Servers = $RequestOutput | Where-Object -FilterScript {$_.Zone -eq $UniqueZones[$i]} | Select-Object -ExpandProperty "Servers" | Sort-Object -Unique
Zone = $UniqueZones[$i]
}
$CombinedObj = New-Object -TypeName psobject -Property $Combinedhash
$CombinedOutput += $CombinedObj
}
foreach ( $o in $CombinedOutput ) {
foreach ( $s in $o.Servers ) {
$CurrentRecords = Resolve-DnsName $env:COMPUTERNAME`.$($o.Zone) -Server $s -Type "A_AAAA" -DnsOnly -DnssecOK -QuickTimeout -ErrorAction "SilentlyContinue" | Select-Object -ExpandProperty "IPAddress" -ErrorAction "SilentlyContinue"
if ( $CurrentRecords ) {
$CurrentState = Compare-Object $IPAddresses.IPAddress $CurrentRecords -ErrorAction "SilentlyContinue"
} else {
$CurrentState = $true
}
if ( $CurrentState ) {
$script += "server $s
"
foreach ( $a in $o.Addresses ) {
if ( $a.AddressFamily -eq "IPv4" ) {
$PTR = $a.Address -replace '^(\d+)\.(\d+)\.\d+\.(\d+),'$3.$2.$1.in-addr.arpa.'
} else {
$PTR = (([char[]][BitConverter]::ToString(([IPAddress]$a.Address).GetAddressBytes())-ne'-')[31..0]-join".")+'.ip6.arpa.'
}
$script += "update delete $env:COMPUTERNAME.$($o.Zone). $(if($a.AddressFamily -eq "IPv4"){"A"}else{"AAAA"})
update add $env:COMPUTERNAME.$($o.Zone). 60 $(if($a.AddressFamily -eq "IPv4"){"A"}else{"AAAA"}) $($a.Address)
update delete $PTR PTR
update add $PTR 60 PTR $env:COMPUTERNAME.$($o.Zone).
"
}
}
}
}
}
end {
$script | Out-File -FilePath $NSScriptPath -Encoding "ascii" -Force
Start-Process -FilePath (Join-Path -Path $NSUpdatePath -ChildPath "nsupdate.exe") -ArgumentList "-d -k `"$KeyPath`" `"$NSScriptPath`"" -Wait -NoNewWindow -RedirectStandardError "$env:TEMP\nsstderr" -RedirectStandardOutput "$env:TEMP\nsstdout" -WorkingDirectory $NSUpdatePath | Out-Null
}Server Fault用户
发布于 2020-08-08 18:27:46
对于那些没有静态IP地址并且需要动态更新DNS区域的IP和反向DNS PTR记录的人的解决方案
$Server = "your server"; $Hostname = "mail"; $Zonename = "your zone";
$MZone = $Hostname + "." + $Zonename
<# No need to edit below unless you have to change some internal component #>
$oldobj = get-dnsserverresourcerecord -ComputerName $Server -name $Hostname -zonename $zonename -rrtype "A"
$newobj = get-dnsserverresourcerecord -ComputerName $Server -name $Hostname -zonename $zonename -rrtype "A"
$ip = (Invoke-WebRequest ifconfig.me/ip).Content.Trim()
$oip = $oldobj.recorddata.Ipv4address.IpAddressToString
$oipSplit = $oip.Split("."); $oipr = $oipSplit[2] + "." + $oipSplit[1] + "." + $oipSplit[0] + ".in-addr.arpa"
$ipSplit = $ip.Split("."); $ipr = $ipSplit[2] + "." + $ipSplit[1] + "." + $ipSplit[0] + ".in-addr.arpa"
$newobj.recorddata.ipv4address=[System.Net.IPAddress]::parse($ip)
if ($oip -ne $ip) {
Set-dnsserverresourcerecord -ComputerName $Server -newinputobject $newobj -oldinputobject $oldobj -zonename $zonename -passthru
echo "updated A record"
}
$oiprZ = Resolve-DnsName -Name $oipr -Server $Server; $oiprR = 0;
if ($oiprZ.count -gt 0) {
$oiprR = get-dnsserverresourcerecord -ComputerName $Server -ZoneName $oipr -rrtype "PTR" -Name $oipSplit[3] | Select-Object HostName, @{Name='RecordData';Expression={$MZone}}
if ($oiprR -ne 0 -And $oiprR -ne $null -and -not ($oiprR[0].HostName -eq $ipSplit[3] -and $oiprR[0].RecordData -eq $MZone -and $oipr -eq $ipr ) ){
Remove-DnsServerResourceRecord -ComputerName $Server -ZoneName $oipr -rrtype "PTR" -Name $oipSplit[3] -RecordData $MZone -Force
echo "removing existing ptr record"
echo $oiprR
echo "removed existing ptr record"
}
$oiprR =get-dnsserverresourcerecord -ComputerName $Server -ZoneName $oipr -rrtype "PTR"
if (((($oiprR) -eq $null) -or (($oiprR).Count -eq 0)) -And $oipr -ne $ipr ) {
Remove-DnsServerZone -ComputerName $Server $oipr -PassThru -Verbose -Force
echo "Removing RDNS Zone"
echo $oiprZ
echo "Removing RDNS Zone"
}
}
$ipNID = $ipSplit[0] + "." + $ipSplit[1] + "." + $ipSplit[2] + ".0/24"
$iprZ = Resolve-DnsName -Name $ipr -Server $Server; $iprR = 0;
if ($iprZ.count -gt 0) {
$iprR = get-dnsserverresourcerecord -ComputerName $Server -ZoneName $ipr -rrtype "PTR" -Name $ipSplit[3] | Select-Object HostName, @{Name='RecordData';Expression={$MZone}}
if ($iprR -eq $null ){
Add-DnsServerResourceRecordPtr -ComputerName $Server -Name $ipSplit[3] -ZoneName $ipr -AllowUpdateAny -TimeToLive 01:00:00 -AgeRecord -PtrDomainName $MZone
echo "adding ptr record"
echo $iprR
echo "added ptr record"
}
else
{
}
}
if ($iprZ.count -eq 0) {
Add-DnsServerPrimaryZone -ComputerName $Server -DynamicUpdate Secure -NetworkId $ipNID -ReplicationScope Domain
Add-DnsServerResourceRecordPtr -ComputerName $Server -Name $ipSplit[3] -ZoneName $ipr -AllowUpdateAny -TimeToLive 01:00:00 -AgeRecord -PtrDomainName $MZone
}页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/957232
复制相关文章
相似问题
腾讯云开发者
