DNS monitoring via Powershell


There is a Microsoft service called ExRAP. (Exchange health check) and one of the errors in report, provided to you as a result of ExRAP is that internal DNS records are not checked automatically on all DNS servers. I have made a script, which will do DNS records monitoring for you and in case records differs from designed values, it will send e-mail to predefined e-mail address.
Prerequisites:
You must have rights to connect to DNS server and read DNS zones using WinRM.

How it works:

  • It uses powerful Powershell module called DNS Shell (downloadable here: http://dnsshell.codeplex.com/)
  • It connects to each DNS server in organization
  • It compares predefined (designed) values from CSV file with the values read from DNS servers (A and PTR) and if values of DNS records differs, it reports an error to e-mail message
  • Comparison is based on ODD / EVEN number of same records. If ODD record is found in field of read records, it stay that record on DNS server or CSV file is incorrect.

Preparation:

  • Implement DNSShell module to Powershell on server
    Extract DnsShell.zip to one of the paths shown by $Env:PSModulePath
  • Create CSV file with the following format (For each A record one line, for each PTR record one line)

“Name”;”RecordData”
“EXSERVER2″;”192.168.196.102”
“102.196.168.192.in-addr.arpa”;”EXSERVER2.yourdomain.com.”

  • Copy script to the same location as CSV file

# To make this work extract http://dnsshell.codeplex.com/ to C:Windowsystem32WindowsPowerShellv1.0Modules
# author: Zbynek.Salon@salonovi.cz
###################################################################################
$c = $null
$server =@()
$server = “DNS1″,”DNS2″,”DNS3”
foreach ($internalserver in $server){
#internal records check
import-module DNSShell
$tocomp = $null
$tocomp = import-csv .internal.csv -delimiter “;”
$data = @()
$data +=get-addnsrecord *exserver* | select name,recorddata
$data +=Get-DnsZone -Server $internalserver | where {$_.zonename -like “168.192*“} | get-dnsrecord | where {$_.recorddata -like “*exserver*“} | select name,recorddata
#$data | export-csv .tocompare.csv -delimiter “;”
$data +=$tocomp
$out = $data | sort name | group name,recorddata
$changed = @()
foreach ($rec in $out)
{
 $ev=$null
 $ev = [bool]!($rec.count%2)
 if ($ev -eq $false)
  {
  $changed +=”$($rec.name);”
  }
}
if ($changed -ne $null){
foreach ($chan in $changed){
$c +=”DNS server: $($internalserver)- Record: $($chan);<br />”}
}
}
if ($c -ne $null){send-mailmessage -From monitoring@yourdomain.com -To administrator@yourdomain.com,another.admin@yourdomain.com -Subject “Monitored DNS records changed – please check.” -Body “Hello,<br /> <br /> The following DNS records does not match with predefined values in’\SERVERNAMEd$ExchangeScriptsDNSrecordsMonitoringinternal.csv'<br />$(foreach($q in $c){$q;'<br />’})<br /> Please check accuracy. <br /> <br /> S pozdravem / Best regards, <br /> Zbynek” -BodyAsHtml -Encoding ([System.Text.Encoding]::unicode) -smtpserver SMTP.yourdomain.com
}

  • Green text in the script is subject to change
  • Do test run
  • In case of mismatch in DNSs records e-mail message is generated (Do not forget to use open relay connector and correct smtp server)

Hello,

The following DNS records does not match with predefined values in’\SERVERNAMEd$ExchangeScriptsDNSrecordsMonitoringinternal.csv’
DNS server: DNS1-Record: EXSERVER2, 192.168.196.111;;’
‘DNS server: DNS1-Record: EXSERVER2, 192.168.196.110;;’
‘DNS server: DNS2-Record: EXSERVER2, 192.168.196.111;;’
‘DNS server: DNS2-Record: EXSERVER2, 192.168.196.110;;’
‘DNS server: DNS3-Record: EXSERVER2, 192.168.196.111;;’
‘DNS server: DNS3-Record: EXSERVER2, 192.168.196.110;;’

Please check accuracy.

S pozdravem / Best regards,
Admin

  • Plan scheduled task to run the script as often as you want
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s