Share via

Appendix B: Windows PowerShell for DNS Server

  • Article

 

Applies To: Windows Server 2012 R2, Windows Server 2012

Windows PowerShell support for DNSSEC was added in Windows Server 2012 and extended in Windows Server 2012 R2. For a list of all Windows PowerShell cmdlets for DNS server, see Domain Name System (DNS) Server Cmdlets in Windows PowerShell.

Several DNS server cmdlets are specifically used with DNSSEC-signed zones, including the following DNSSEC-related Windows PowerShell cmdlets in Windows Server 2012 and Windows Server 2012 R2.

Cmdlet

Description

Add-DnsServerResourceRecordDnsKey

Adds a DNSKEY resource record to a zone.

Add-DnsServerResourceRecordDS

Adds a DS resource record to a zone.

Add-DnsServerSigningKey

Adds a key signing key (KSK) or zone signing key (ZSK) to a signed zone.

Add-DnsServerTrustAnchor

Adds a trust anchor to a DNS server.

Disable-DnsServerSigningKeyRollover

Disables key rollover on a specified key.

Enable-DnsServerSigningKeyRollover

Enables rollover on a specified key.

Export-DnsServerDnsSecPublicKey

Exports DS and DNSKEY information for a DNSSEC–signed zone.

Get-DnsServerDnsSecZoneSetting

Gets DNSSEC settings for a zone.

Get-DnsServerSigningKey

Gets zone signing keys.

Get-DnsServerTrustAnchor

Gets trust anchors on a DNS server.

Get-DnsServerTrustPoint

Gets trust points on a DNS server.

Import-DnsServerTrustAnchor

Imports a trust anchor for a DNS server.

Invoke-DnsServerSigningKeyRollover

Initiates rollover of signing keys for the zone.

Invoke-DnsServerZoneSign

Initiates zone signing.

Invoke-DnsServerZoneUnsign

Initiates zone unsigning.

Remove-DnsServerSigningKey

Removes signing keys from a zone.

Remove-DnsServerTrustAnchor

Removes a trust anchor from a DNS server.

Reset-DnsServerZoneKeyMasterRole

Transfers the role of Key Master for a DNS zone.

Set-DnsServerDnsSecZoneSetting

Changes DNSSEC settings for a zone.

Set-DnsServerSigningKey

Changes settings of a signing key.

Show-DnsServerKeyStorageProvider

Returns a list of key storage providers on a DNS server.

Step-DnsServerSigningKeyRollover

Forces rollover of a KSK that is waiting for a parent delegation signer (DS) update.

Test-DnsServerDnsSecZoneSetting

Validates DNSSEC settings for a zone.

Update-DnsServerTrustPoint

Updates all trust points on a DNS server.

The previous table is not a comprehensive list of all DNS server Windows PowerShell cmdlets that can be used with signed zones. Other generic DNS server Windows PowerShell cmdlets can also be used to create, view, and modify DNSSEC-signed resource records. For example, Get-DnsServerResourceRecord displays resource records from both signed and unsigned zones.

The following table categorizes the DNS server Windows PowerShell cmdlets in Windows Server 2012 and Windows Server 2012 R2 by noun.

Noun

Verb

Description

Windows PowerShell cmdlet / reference

Get

Set

Test

Gets a DNS server configuration.

Overwrites a DNS server configuration.

Tests that a specified computer is a functioning DNS server.

Get-DnsServer

Set-DnsServer

Test-DnsServer

Cache

Clear

Get

Set

Show

Clears resource records from a cache on the DNS server.

Gets DNS server cache settings.

Modifies cache settings for a DNS server.

Shows the records in a DNS server cache.

Clear-DnsServerCache

Get-DnsServerCache

Set-DnsServerCache

Show-DnsServerCache

ConditionalForwarderZone

Add

Set

Adds a conditional forwarder to a DNS server.

Changes settings for a DNS conditional forwarder.

Add-DnsServerConditionalForwarderZone

Set-DnsServerConditionalForwarderZone

Diagnostics

Get

Set

Gets DNS event logging details.

Sets debugging and logging parameters.

Get-DnsServerDiagnostics

Set-DnsServerDiagnostics

DirectoryPartition

Add

Get

Register

Remove

Unregister

Creates a DNS application directory partition.

Gets a DNS application directory partition.

Registers a DNS server in a DNS application directory partition.

Removes a DNS application directory partition.

Deregisters a DNS server from a DNS application directory partition.

Add-DnsServerDirectoryPartition

Get-DnsServerDirectoryPartition

Register-DnsServerDirectoryPartition

Remove-DnsServerDirectoryPartition

Unregister-DnsServerDirectoryPartition

DnsSecPublicKey

Export

Exports DS and DNSKEY information for a DNSSEC–signed zone.

Export-DnsServerDnsSecPublicKey

DnsSecZoneSetting

Get

Set

Test

Gets DNSSEC settings for a zone.

Changes settings for DNSSEC for a zone.

Validates DNSSEC settings for a zone.

Get-DnsServerDnsSecZoneSetting

Set-DnsServerDnsSecZoneSetting

Test-DnsServerDnsSecZoneSetting

DsSetting

Get

Set

Gets DNS server Active Directory settings.

Modifies DNS Active Directory settings.

Get-DnsServerDsSetting

Set-DnsServerDsSetting

EDns

Get

Set

Gets EDNS configuration settings on a DNS sever.

Changes EDNS settings on a DNS server.

Get-DnsServerEDns

Set-DnsServerEDns

Forwarder

Add

Get

Remove

Set

Adds server-level forwarders to a DNS server.

Gets forwarder configuration settings on a DNS server.

Removes server-level forwarders from a DNS server.

Changes forwarder settings on a DNS server.

Add-DnsServerForwarder

Get-DnsServerForwarder

Remove-DnsServerForwarder

Set-DnsServerForwarder

GlobalNameZone

Get

Set

Gets DNS server GlobalName zone configuration details.

Changes configuration settings for a GlobalNames zone.

Get-DnsServerGlobalNameZone

Set-DnsServerGlobalNameZone

GlobalQueryBlockList

Get

Set

Gets a global query block list.

Changes settings of a global query block list.

Get-DnsServerGlobalQueryBlockList

Set-DnsServerGlobalQueryBlockList

KeyStorageProvider

Show

Returns a list of key storage providers.

Show-DnsServerKeyStorageProvider

PrimaryZone

Add

ConvertTo

Restore

Set

Adds a primary zone to a DNS server.

Converts a zone to a DNS primary zone.

Restores primary DNS zone contents from Active Directory or from a file.

Changes settings for a DNS primary zone.

Add-DnsServerPrimaryZone

ConvertTo-DnsServerPrimaryZone

Restore-DnsServerPrimaryZone

Set-DnsServerPrimaryZone

Recursion

Get

Set

Gets DNS server recursion settings.

Modifies recursion settings for a DNS server.

Get-DnsServerRecursion

Set-DnsServerRecursion

ResourceRecord

Add

Get

Remove

Set

Adds a resource record of a specified type to a specified DNS zone.

Gets resource records from a specified DNS zone.

Removes specified DNS server resource records from a zone.

Changes a resource record in a DNS zone.

Add-DnsServerResourceRecord

Get-DnsServerResourceRecord

Remove-DnsServerResourceRecord

Set-DnsServerResourceRecord

ResourceRecordA

Add

Adds a type A resource record to a DNS zone.

Add-DnsServerResourceRecordA

ResourceRecordAAAA

Add

Adds a type AAAA resource record to a DNS server.

Add-DnsServerResourceRecordAAAA

ResourceRecordAging

Set

Begins aging of resource records in a specified DNS zone.

Set-DnsServerResourceRecordAging

ResourceRecordCName

Add

Adds a type CNAME resource record to a DNS zone.

Add-DnsServerResourceRecordCName

ResourceRecordDnsKey

Add

Adds a type DNSKEY resource record to a DNS zone.

Add-DnsServerResourceRecordDnsKey

ResourceRecordDS

Add

Import

Adds a type DS resource record to a DNS zone.

Imports DS resource record information from a file.

Add-DnsServerResourceRecordDS

Import-DnsServerResourceRecordDS

ResourceRecordMX

Add

Adds an MX resource record to a DNS zone.

Add-DnsServerResourceRecordMX

ResourceRecordPtr

Add

Adds a type PTR resource record to a DNS zone.

Add-DnsServerResourceRecordPtr

RootHint

Add

Get

Import

Remove

Set

Adds root hints on a DNS server.

Gets root hints on a DNS server.

Copies root hints from a DNS server.

Removes root hints from a DNS server.

Replaces a list of root hints.

Add-DnsServerRootHint

Get-DnsServerRootHint

Import-DnsServerRootHint

Remove-DnsServerRootHint

Set-DnsServerRootHint

Scavenging

Get

Set

Start

Gets DNS aging and scavenging settings.

Changes DNS server scavenging settings.

Notifies a DNS server to attempt a search for stale resource records.

Get-DnsServerScavenging

Set-DnsServerScavenging

Start-DnsServerScavenging

SecondaryZone

Add

ConvertTo

Restore

Set

Adds a DNS server secondary zone.

Converts a primary zone or stub zone to a secondary zone.

Restores secondary zone information from its source.

Change settings for a DNS secondary zone.

Add-DnsServerSecondaryZone

ConvertTo-DnsServerSecondaryZone

Restore-DnsServerSecondaryZone

Set-DnsServerSecondaryZone

Setting

Get

Set

Gets DNS server settings.

Modifies DNS server settings.

Get-DnsServerSetting

Set-DnsServerSetting

SigningKey

Add

Get

Remove

Set

Adds a KSK or ZSK to a signed zone.

Gets zone signing keys.

Removes signing keys.

Changes settings of a signing key.

Add-DnsServerSigningKey

Get-DnsServerSigningKey

Remove-DnsServerSigningKey

Set-DnsServerSigningKey

SigningKeyRollover

Disable

Enable

Invoke

Step

Disables key rollover on an input key.

Enables rollover on the input key.

Initiates rollover of signing keys for the zone.

Rolls over a KSK that is waiting for a parent DS update.

Disable-DnsServerSigningKeyRollover

Enable-DnsServerSigningKeyRollover

Invoke-DnsServerSigningKeyRollover

Step-DnsServerSigningKeyRollover

Statistics

Clear

Get

Clears all DNS server statistics or statistics for zones.

Gets DNS server statistics or statistics for zones.

Clear-DnsServerStatistics

Get-DnsServerStatistics

StubZone

Add

Set

Adds a DNS stub zone.

Changes settings for a DNS server stub zone.

Add-DnsServerStubZone

Set-DnsServerStubZone

TrustAnchor

Add

Get

Import

Remove

Adds a trust anchor to a DNS server.

Gets trust anchors on a DNS server.

Imports a trust anchor for a DNS server.

Removes a trust anchor from a DNS server.

Add-DnsServerTrustAnchor

Get-DnsServerTrustAnchor

Import-DnsServerTrustAnchor

Remove-DnsServerTrustAnchor

TrustPoint

Get

Update

Gets trust points on a DNS server.

Updates all trust points in a DNS trust anchor zone.

Get-DnsServerTrustPoint

Update-DnsServerTrustPoint

Zone

Export

Get

Remove

Resume

Suspend

Sync

Exports contents of a zone to a file.

Gets details of DNS zones on a DNS server.

Removes a zone from a DNS server.

Resumes name resolution on a suspended zone.

Suspends a zone on a DNS server.

Checks the DNS server memory for changes, and writes them to persistent storage.

Export-DnsServerZone

Get-DnsServerZone

Remove-DnsServerZone

Resume-DnsServerZone

Suspend-DnsServerZone

Sync-DnsServerZone

ZoneAging

Get

Set

Gets DNS aging settings for a zone.

Configures DNS aging settings for a zone.

Get-DnsServerZoneAging

Set-DnsServerZoneAging

ZoneDelegation

Add

Get

Remove

Set

Adds a new delegated DNS zone to an existing zone.

Gets the zone delegations of a DNS server zone.

Removes a name server or delegation from a DNS zone.

Changes delegation settings for a child zone.

Add-DnsServerZoneDelegation

Get-DnsServerZoneDelegation

Remove-DnsServerZoneDelegation

Set-DnsServerZoneDelegation

ZoneKeyMasterRole

Reset

Transfers the Key Master role for a DNS zone.

Reset-DnsServerZoneKeyMasterRole

ZoneSign

Invoke

Signs a DNS zone.

Invoke-DnsServerZoneSign

ZoneTransfer

Start

Starts a zone transfer for a secondary DNS zone from master servers.

Start-DnsServerZoneTransfer

ZoneUnsign

Invoke

Unsigns a DNS zone.

Invoke-DnsServerZoneUnsign

See also

Appendix A: DNSSEC Terminology