Búsqueda de registros DNS incorrectos en Azure DNS: ejemplo de script de PowerShell
El siguiente script de Azure PowerShell busca registros DNS incorrectos en las zonas públicas de Azure DNS.
Nota
Se recomienda usar el módulo Azure Az de PowerShell para interactuar con Azure. Para comenzar, consulte Instalación de Azure PowerShell. Para más información sobre cómo migrar al módulo Az de PowerShell, consulte Migración de Azure PowerShell de AzureRM a Az.
<#
1. Install Pre requisites Az PowerShell modules (/powershell/azure/install-az-ps)
2. Sign in to your Azure Account using Login-AzAccount or Connect-AzAccount.
3. From an elevated PowerShell prompt, navigate to folder where the script is saved and run the following command:
.\ Get-AzDNSUnhealthyRecords.ps1 -SubscriptionId <subscription id> -ZoneName <zonename>
Replace subscription id with the subscription id of interest.
Replace ZoneName with the actual zone name.
#>
param(
# subscription if to fetch dns records from
[String]$SubscriptionId = "All",
#filtering zone name
[String]$ZoneName = "All"
)
if ($SubscriptionId -eq "All") {
Write-Host -ForegroundColor Yellow "No subscription Id passed will process all subscriptions"
}
if ($ZoneName -eq "All") {
Write-Host -ForegroundColor Yellow "No Zone name passed will process all zones in subscription"
}
$ErrorActionPreference = "Stop"
$AZModules = @('Az.Accounts', 'Az.Dns')
$AzLibrariesLoadStart = Get-Date
$progressItr = 1;
$ProgessActivity = "Loading required Modules";
$StoreWarningPreference = $WarningPreference
$WarningPreference = 'SilentlyContinue'
Foreach ($module in $AZModules) {
$progressValue = $progressItr / $AZModules.Length
Write-Progress -Activity $ProgessActivity -Status "$module $($progressValue.ToString('P')) Complete:" -PercentComplete ($progressValue * 100)
If (Get-Module -Name $module) {
continue
}
elseif (Get-Module -ListAvailable -Name $module) {
Import-Module -name $module -Scope Local -Force
}
else {
Install-module -name $module -AllowClobber -Force -Scope CurrentUser
Import-Module -name $module -Scope Local -Force
}
$progressItr = $progressItr + 1;
If (!$(Get-Module -Name $module)) {
Write-Error "Could not load dependant module: $module"
throw
}
}
$WarningPreference = $StoreWarningPreference
Write-Progress -Activity $ProgessActivity -Completed
$context = Get-AzAccessToken;
if ($context.Token -eq $null) {
Write-host -ForegroundColor Yellow "Please sign in to your Azure Account using Login-AzAccount or Connect-AzAccount before running the script."
exit
}
$subscriptions = Get-AzSubscription
if ($SubscriptionId -ne "All") {
$subscriptions = $subscriptions | Where-Object { $_.Id -eq $SubscriptionId }
if ($subscriptions.Count -eq 0) {
Write-host -ForegroundColor Yellow "Provided Subscription Id not found exiting."
exit
}
}
$scount = $subscriptions | Measure-Object
Write-Host "Subscriptions found $($scount.Count)"
if ($scount.Count -lt 1) {
exit
}
$InvalidItems = @()
$TotalRecCount = 0;
$ProgessActivity = "Processing Subscriptions";
$progressItr = 1;
$subscriptions | ForEach-Object {
$progressValue = $progressItr / $scount.Count
Select-AzSubscription -Subscription $_ | Out-Null
Write-Progress -Activity $ProgessActivity -Status "current subscription $_ $($progressValue.ToString('P')) Complete:" -PercentComplete ($progressValue * 100)
$progressItr = $progressItr + 1;
$subscription = $_
try {
$dnsZones = Get-AzDnsZone -ErrorAction Continue
}
catch {
Write-Host "Error retrieving DNS Zones for subscription $_"
return;
}
if ($ZoneName -ne "All") {
$dnsZones = $dnsZones | Where-Object { $_.Name -eq $ZoneName }
if ($dnsZones.Count -eq 0) {
Write-host -ForegroundColor Yellow "Provided ZoneName $ZoneName not found in Subscription $_."
return;
}
}
$dnsZones | ForEach-Object {
$allrecs = Get-AzDnsRecordSet -Zone $_
$sZoneName = $_.Name
$nsrecords = $allrecs | Where-Object { $_.RecordType -eq "NS" }
$records = $allrecs | Where-Object { ($_.RecordType -ne 'NS' ) -or ($_.Name -ne '@' ) }
$records | ForEach-Object {
$rec = $_
$Invalid = $false
$endsWith = "*$($rec.Name)"
$nsrecords | ForEach-Object { if ($endsWith -like "*.$($_.Name)") { $Invalid = $true } }
$TotalRecCount++
if ($Invalid) {
Write-Host -ForegroundColor Yellow "$($rec.Name) recordType $($rec.RecordType) zoneName $sZoneName subscription $subscription"
$hash = @{
Name = $rec.Name
RecordType = $rec.RecordType
ZoneName = $sZoneName
subscriptionId = $subscription
}
$item = New-Object PSObject -Property $hash
$InvalidItems += $item
}
else {
# Write-Host -ForegroundColor Green "$($rec.Name) recordType $($rec.RecordType) zoneName $ZoneName subscription $subscription "
}
}
}
}
Write-Progress -Activity $ProgessActivity -Completed
Write-Host "Total records processed $TotalRecCount"
$invalidMeasure = $InvalidItems | Measure-Object
Write-Host "Invalid Count $($invalidMeasure.Count)"
Write-Host "Invalid Records "
Write-Host "==============="
$InvalidItems | Format-Table
Explicación del script
Este script usa los siguientes comandos para crear la implementación. Cada elemento de la tabla incluye vínculos a la documentación específica del comando.
| Get-Help | Notas |
|---|---|
| Get-AzDnsZone | Obtiene una zona DNS pública de Azure. |
| Get-AzDnsRecordSet | Recuperación de un conjunto de registros de DNS. |
Pasos siguientes
Para obtener más información sobre el módulo de Azure PowerShell, consulte la documentación de Azure PowerShell.