Appendix B: Windows PowerShell for DNS Server
Applies To: Windows Server 2012 R2, Windows Server 2012
Windows PowerShell support for DNSSEC was added in Windows Server 2012 and extended in Windows Server 2012 R2. For a list of all Windows PowerShell cmdlets for DNS server, see Domain Name System (DNS) Server Cmdlets in Windows PowerShell.
Several DNS server cmdlets are specifically used with DNSSEC-signed zones, including the following DNSSEC-related Windows PowerShell cmdlets in Windows Server 2012 and Windows Server 2012 R2.
Cmdlet |
Description |
|---|---|
Adds a DNSKEY resource record to a zone. |
|
Adds a DS resource record to a zone. |
|
Adds a key signing key (KSK) or zone signing key (ZSK) to a signed zone. |
|
Adds a trust anchor to a DNS server. |
|
Disables key rollover on a specified key. |
|
Enables rollover on a specified key. |
|
Exports DS and DNSKEY information for a DNSSEC–signed zone. |
|
Gets DNSSEC settings for a zone. |
|
Gets zone signing keys. |
|
Gets trust anchors on a DNS server. |
|
Gets trust points on a DNS server. |
|
Imports a trust anchor for a DNS server. |
|
Initiates rollover of signing keys for the zone. |
|
Initiates zone signing. |
|
Initiates zone unsigning. |
|
Removes signing keys from a zone. |
|
Removes a trust anchor from a DNS server. |
|
Transfers the role of Key Master for a DNS zone. |
|
Changes DNSSEC settings for a zone. |
|
Changes settings of a signing key. |
|
Returns a list of key storage providers on a DNS server. |
|
Forces rollover of a KSK that is waiting for a parent delegation signer (DS) update. |
|
Validates DNSSEC settings for a zone. |
|
Updates all trust points on a DNS server. |
The previous table is not a comprehensive list of all DNS server Windows PowerShell cmdlets that can be used with signed zones. Other generic DNS server Windows PowerShell cmdlets can also be used to create, view, and modify DNSSEC-signed resource records. For example, Get-DnsServerResourceRecord displays resource records from both signed and unsigned zones.
The following table categorizes the DNS server Windows PowerShell cmdlets in Windows Server 2012 and Windows Server 2012 R2 by noun.
Noun |
Verb |
Description |
Windows PowerShell cmdlet / reference |
|---|---|---|---|
Get Set Test |
Gets a DNS server configuration. Overwrites a DNS server configuration. Tests that a specified computer is a functioning DNS server. |
||
Cache |
Clear Get Set Show |
Clears resource records from a cache on the DNS server. Gets DNS server cache settings. Modifies cache settings for a DNS server. Shows the records in a DNS server cache. |
|
ConditionalForwarderZone |
Add Set |
Adds a conditional forwarder to a DNS server. Changes settings for a DNS conditional forwarder. |
|
Diagnostics |
Get Set |
Gets DNS event logging details. Sets debugging and logging parameters. |
|
DirectoryPartition |
Add Get Register Remove Unregister |
Creates a DNS application directory partition. Gets a DNS application directory partition. Registers a DNS server in a DNS application directory partition. Removes a DNS application directory partition. Deregisters a DNS server from a DNS application directory partition. |
Add-DnsServerDirectoryPartition Get-DnsServerDirectoryPartition Register-DnsServerDirectoryPartition |
DnsSecPublicKey |
Export |
Exports DS and DNSKEY information for a DNSSEC–signed zone. |
|
DnsSecZoneSetting |
Get Set Test |
Gets DNSSEC settings for a zone. Changes settings for DNSSEC for a zone. Validates DNSSEC settings for a zone. |
Get-DnsServerDnsSecZoneSetting |
DsSetting |
Get Set |
Gets DNS server Active Directory settings. Modifies DNS Active Directory settings. |
|
EDns |
Get Set |
Gets EDNS configuration settings on a DNS sever. Changes EDNS settings on a DNS server. |
|
Forwarder |
Add Get Remove Set |
Adds server-level forwarders to a DNS server. Gets forwarder configuration settings on a DNS server. Removes server-level forwarders from a DNS server. Changes forwarder settings on a DNS server. |
|
GlobalNameZone |
Get Set |
Gets DNS server GlobalName zone configuration details. Changes configuration settings for a GlobalNames zone. |
|
GlobalQueryBlockList |
Get Set |
Gets a global query block list. Changes settings of a global query block list. |
|
KeyStorageProvider |
Show |
Returns a list of key storage providers. |
|
PrimaryZone |
Add ConvertTo Restore Set |
Adds a primary zone to a DNS server. Converts a zone to a DNS primary zone. Restores primary DNS zone contents from Active Directory or from a file. Changes settings for a DNS primary zone. |
|
Recursion |
Get Set |
Gets DNS server recursion settings. Modifies recursion settings for a DNS server. |
|
ResourceRecord |
Add Get Remove Set |
Adds a resource record of a specified type to a specified DNS zone. Gets resource records from a specified DNS zone. Removes specified DNS server resource records from a zone. Changes a resource record in a DNS zone. |
|
ResourceRecordA |
Add |
Adds a type A resource record to a DNS zone. |
|
ResourceRecordAAAA |
Add |
Adds a type AAAA resource record to a DNS server. |
|
ResourceRecordAging |
Set |
Begins aging of resource records in a specified DNS zone. |
|
ResourceRecordCName |
Add |
Adds a type CNAME resource record to a DNS zone. |
|
ResourceRecordDnsKey |
Add |
Adds a type DNSKEY resource record to a DNS zone. |
|
ResourceRecordDS |
Add Import |
Adds a type DS resource record to a DNS zone. Imports DS resource record information from a file. |
|
ResourceRecordMX |
Add |
Adds an MX resource record to a DNS zone. |
|
ResourceRecordPtr |
Add |
Adds a type PTR resource record to a DNS zone. |
|
RootHint |
Add Get Import Remove Set |
Adds root hints on a DNS server. Gets root hints on a DNS server. Copies root hints from a DNS server. Removes root hints from a DNS server. Replaces a list of root hints. |
|
Scavenging |
Get Set Start |
Gets DNS aging and scavenging settings. Changes DNS server scavenging settings. Notifies a DNS server to attempt a search for stale resource records. |
|
SecondaryZone |
Add ConvertTo Restore Set |
Adds a DNS server secondary zone. Converts a primary zone or stub zone to a secondary zone. Restores secondary zone information from its source. Change settings for a DNS secondary zone. |
ConvertTo-DnsServerSecondaryZone |
Setting |
Get Set |
Gets DNS server settings. Modifies DNS server settings. |
|
SigningKey |
Add Get Remove Set |
Adds a KSK or ZSK to a signed zone. Gets zone signing keys. Removes signing keys. Changes settings of a signing key. |
|
SigningKeyRollover |
Disable Enable Invoke Step |
Disables key rollover on an input key. Enables rollover on the input key. Initiates rollover of signing keys for the zone. Rolls over a KSK that is waiting for a parent DS update. |
Disable-DnsServerSigningKeyRollover Enable-DnsServerSigningKeyRollover |
Statistics |
Clear Get |
Clears all DNS server statistics or statistics for zones. Gets DNS server statistics or statistics for zones. |
|
StubZone |
Add Set |
Adds a DNS stub zone. Changes settings for a DNS server stub zone. |
|
TrustAnchor |
Add Get Import Remove |
Adds a trust anchor to a DNS server. Gets trust anchors on a DNS server. Imports a trust anchor for a DNS server. Removes a trust anchor from a DNS server. |
|
TrustPoint |
Get Update |
Gets trust points on a DNS server. Updates all trust points in a DNS trust anchor zone. |
|
Zone |
Export Get Remove Resume Suspend Sync |
Exports contents of a zone to a file. Gets details of DNS zones on a DNS server. Removes a zone from a DNS server. Resumes name resolution on a suspended zone. Suspends a zone on a DNS server. Checks the DNS server memory for changes, and writes them to persistent storage. |
|
ZoneAging |
Get Set |
Gets DNS aging settings for a zone. Configures DNS aging settings for a zone. |
|
ZoneDelegation |
Add Get Remove Set |
Adds a new delegated DNS zone to an existing zone. Gets the zone delegations of a DNS server zone. Removes a name server or delegation from a DNS zone. Changes delegation settings for a child zone. |
|
ZoneKeyMasterRole |
Reset |
Transfers the Key Master role for a DNS zone. |
|
ZoneSign |
Invoke |
Signs a DNS zone. |
|
ZoneTransfer |
Start |
Starts a zone transfer for a secondary DNS zone from master servers. |
|
ZoneUnsign |
Invoke |
Unsigns a DNS zone. |