Microsoft DNS & stale records

Chris — Fri, 10 Oct 2008 11:18:56 +0000

This post explains how to identify and report on stale records in a dynamically updated Microsoft DNS zone.

The time stamp taken from a DNS record represents the numbers of hours since 01/01/1601 00:00. The value can be converted into a useful date within a script. By default, all times are reported and tested in UTC.

A stale record is a record where both the No-Refresh Interval and Refresh Interval have passed without the time stamp updating. Ordinarily stale records would be removed by a Scavenging process. These scripts may be useful if trying to asses the impact of enabling Scavenging or reducing Aging intervals.

Listing stale records with VbScript

This script uses a WMI query to return all A records for a domain, then it sorts through each record, echoing when the time stamp is older than our pre-defined maximum age. The script will work best when run with cscript.

' No-Refresh + Refresh (in Days)
Const MAXIMUM_AGE = 4

' Connect to the MicrosoftDNS Namespace
Set objWMIService = _
  GetObject("winmgmts:\\dc01.internal.highorbit.co.uk\root\MicrosoftDNS")

' Query A records with MicrosoftDNS_AType class where the record is not static
Set colItems = objWMIService.ExecQuery("SELECT * FROM MicrosoftDNS_AType " &_
  " WHERE ContainerName='internal.highorbit.co.uk' AND TimeStamp<>0")

For Each objItem In colItems
  ' Convert the timestamp into a date and time
  dtmTimeStamp = DateAdd("h", objItem.TimeStamp, "01/01/1601 00:00:00")
  ' Compare the date and time with MAXIMUM_AGE
  If dtmTimeStamp <= (Date() - MAXIMUM_AGE) Then
    ' Echo the record details if it is older than the MAXIMUM_AGE
    WScript.Echo objItem.OwnerName & VbTab & objItem.IPAddress &_
      VbTab & dtmTimeStamp
  End If
Next

Listing stale records with PowerShell

This snippet uses Get-WMIObject and a improved query to return only stale records rather than sorting after returning all dynamic records.

A timespan value is generated to represent the minimum value of TimeStamp for valid records.

# No-Refresh + Refresh (in Days)
$TotalAgingInterval = 4

$ServerName = "dc01.internal.highorbit.co.uk"
$ContainerName = "internal.highorbit.co.uk"

$MinTimeStamp = [Int](New-TimeSpan `
  -Start $(Get-Date("01/01/1601 00:00")) `
  -End $((Get-Date).AddDays(-$TotalAgingInterval))).TotalHours

Get-WMIObject -Computer $ServerName `
  -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_AType" `
  -Filter `
  "ContainerName='$ContainerName' AND TimeStamp<$MinTimeStamp AND TimeStamp<>0" `
 | Select-Object OwnerName, `
  @{n="TimeStamp";e={(Get-Date("01/01/1601")).AddHours($_.TimeStamp)}}

Reading Aging intervals with PowerShell

The Aging intervals and the date the zone can be scavenged set on a zone can be read using WMI using the MicrosoftDNS_Zone class. As with the TimeStamp the .AddHours method must be used to return a date.

$ServerName = "dc01.internal.highorbit.co.uk"
$ContainerName = "internal.highorbit.co.uk"

Get-WMIObject -Computer $ServerName `
  -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_Zone" `
  -Filter "ContainerName='$ContainerName'" `
 | Select-Object NoRefreshInterval, RefreshInterval, `
  @{n="AvailForScavengeTime";e={
    (Get-Date("01/01/1601")).AddHours($_.AvailForScavengeTime)}}

Localisation

As mentioned at the beginning of this post, all times are reported in UTC by default. By calling a the ToLocalTime method the date returned can be converted to local time, using the time zone configured on the system executing the query.

$ServerName = "dc01.internal.highorbit.co.uk"
$ContainerName = "internal.highorbit.co.uk"

$MinTimeStamp = [Int](New-TimeSpan `
  -Start $(Get-Date("01/01/1601 00:00")) `
  -End $((Get-Date).AddDays(-$TotalAgingInterval))).TotalHours

Get-WMIObject -Computer $ServerName `
  -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_AType" `
  -Filter `
  "ContainerName='$ContainerName' AND TimeStamp<$MinTimeStamp AND TimeStamp<>0" `
 | Select-Object OwnerName, `
  @{n="TimeStamp";e={
    ((Get-Date("01/01/1601")).AddHours($_.TimeStamp)).ToLocalTime()}}

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Microsoft DNS & static records

Chris — Thu, 02 Oct 2008 11:59:32 +0000

Windows 2008 has an improved user interface for DNS. The main console includes details of a records time stamp and whether or not the record is Static. Life isn’t quite so easy with Windows 2003. However, as each static record has a time stamp set to 0 they can be found with a little work.

When using an Active Directory Integrated zone records are stored within Active Directory as dnsNode objects. The Time Stamp value is encoded along with the rest of the record properties (TTL, etc) in the dnsRecord attribute on the dnsNode. The attribute is a Binary Large Object (BLOB), Microsoft do not currently publish references or maps for these attributes. WMI queries can be used as an alternative.

The DNS management console

To see the current time stamp, and whether a record is dynamic or not first enable View / Advanced in the DNS console. For each record that makes an additional tick box and text box visible.

The record below is dynamic, if the box is not ticked, and the time stamp field is blank the record is static. That means that unticking the box stating the record can be scavenged changes the record to static.

DNSCMD

DNSCMD installs along with the Windows Support Tools. It can be used to identify static records, although it can be very difficult pulling the results out of a list like this.

For example:

dnscmd /ZonePrint somedomain.example

WMIC

WMIC, Windows Management Instrumentation Command-Line, will install the first time it is run. As the name suggests, it allows execution of WMI queries on the command line.

WMIC /NAMESPACE:"\\root\MicrosoftDNS" PATH "MicrosoftDNS_AType" WHERE "ContainerName='somedomain.example’ AND TimeStamp=0" GET "OwnerName,TTL,TimeStamp"

WMIC /NAMESPACE:"\\root\MicrosoftDNS" PATH "MicrosoftDNS_AType" WHERE "TimeStamp=0" GET "OwnerName,TTL,TimeStamp"

VbScript

This VbScript snippet echoes each static record, it is works best when run with cscript.

strServerName = "dc01.somedomain.example"
strContainerName = "somedomain.example"

Set objWMIService = GetObject("winmgmts:\\" & strServerName & _
  "\root\MicrosoftDNS")
Set colItems = objWMIService.ExecQuery("SELECT * FROM MicrosoftDNS_AType " &_
  " WHERE ContainerName='" & strContainerName & "' AND TimeStamp=0")

For Each objItem In colItems
  WScript.Echo objItem.OwnerName & VbTab & objItem.IPAddress & VbTab & "Static"
Next

Set colItems = Nothing
Set objWMIService = Nothing

PowerShell

$ServerName = "dc01.somedomain.example"
$ContainerName = "somedomain.example"

Get-WMIObject -Computer $ServerName `
    -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_AType" `
    -Filter "ContainerName='$ContainerName' AND TimeStamp=0" `
  | Select-Object OwnerName,TTL, @{n="TimeStamp";e={"Static"}}

The same search can be used for any record type, by changing the WMI class. The options most likely to be useful are:

MicrosoftDNS_AType – Address or Host records
MicrosoftDNS_CNAMEType – Alias records
MicrosoftDNS_MXType – Mail Exchanger records
MicrosoftDNS_NSType – Name Server records
MicrosoftDNS_SRVType – Service records
MicrosoftDNS_PTRType – Pointer records (Reverse Lookup zone)