Adding name servers to multiple DNS zones with PowerShell

Voiced by Amazon Polly

I ran into a little problem today where I needed to add multiple DNS servers as name servers to multiple DNS zones all in one go. So this is essentially adding NS resource records to a zone, but doing it for multiple zones all at once. Yes I could have done them manually, but that’s boring and time consuming. So, here’s a quick one-liner that does the trick, obviously substitute in your DNS server and name server FQDNs in the correct places. If it fails for any reason it will continue on, but report the zone it failed on.

Get-DnsServerZone -ComputerName dnsserver.domain.com | where {$_.zonetype -eq "primary" -or $_.zonetype -eq "secondary"} | ForEach-Object {try {Add-DnsServerResourceRecord -ZoneName $_.zonename -ns -ComputerName dnsserver.domain.com -name $_.zonename -NameServer newdnsserver.domain.com -ea:stop} catch {"$_"}}

Hope someone finds that useful.

7 thoughts on “Adding name servers to multiple DNS zones with PowerShell”

  1. Muhammad S Sheikh

    Hi Mark

    there is nothing on the whole internet that i could find to help me out including Microsoft articles. Microsoft dont even provide an example command about Name Server.
    thank you so much for the script and it ran successfully. i had to add new name servers to around 50 dns zones and i did not want to do it manually.
    but i when i did the opposite to remove old NS and change the Cmdlet to Remove -DnsServerResourceRecord it gave me error saying “A parameter cannot be found that matches parameter name ‘ns’.”
    i dont understand ns parameter works when adding name server but does not working when removing.
    I have lots of old Name servers and i was thinking that could use the script for same purpose

    1. Hi Muhammad,

      It seems for a removal you have to specify the NS value under the parameter “RRType”

      So for adding a record NS is a parameter as in the example in the post, but for removal it’d be like this:

      Remove-DnsServerResourceRecord -RRType ‘Ns’

      I have no idea why they’re done differently, there might not even be a sensible reason, but as a reference the Microsoft documentation for both commands is here:
      https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverresourcerecord?view=win10-ps
      https://docs.microsoft.com/en-us/powershell/module/dnsserver/remove-dnsserverresourcerecord?view=win10-ps

  2. So I’m still a little puzzled by something I just found. Here’s how I’ve attempted to add just a single nameserver to a single zone:

    Add-DnsServerResourceRecord -ZoneName existingzonename.com -ns -ComputerName dc03.domain.com -name existingzonename.com -nameserver newdnsserver.domain.com

    This adds a new nameserver into the zone’s list of nameservers, but that new nameserver is shown with an asterisk when viewed in the “DNS Manager” GUI. Down below it says “* represents an IP address retrieved as the result of a DNS query and may not represent the actual records stored on this server”.
    When I list the zone resource records with this:

    get-DnsServerResourceRecord -zonename existingzonename.com -computername dc03.domain.com -RRtype Ns

    then all the name servers added either using the above command line or using the GUI look the same.
    If I tweak that to pull just one record, however, with this command:

    get-DnsServerResourceRecord -zonename existingzonename.com -computername dc03.domain.com -name newdnsserver.domain.com

    I get an error for dns servers I added using powershell but not for servers added using the GUI.

    Any idea how to add the IP in at the same time like it does when using the GUI to add a nameserver to a zone?
    I’m not expert enough to know whether this would matter. Any chance you can also explain what the difference might be for that?

  3. OK I figured out some of the answer to my question. To add the glue record, I found out I can use a different powershell command: Add-DnsServerResrouceRecordA like so…

    Add-DnsServerResourceRecordA -ZoneName existingzonename.com -ComputerName dc03.domain.com -name newdnsserver.domain.com -IPv4Address “10.6.1.2”

    It seems the glue record can be added either before or after to make the asterisk go away. In the reading I did regarding glue records, having the IP glue record may improve performance, but I suppose it is possible the Microsoft DNS server automatically looks it up ahead of time and caches it.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.