dnscontrol/docs/_providers/msdns.md
Tom Limoncelli 50db086278
NEW PROVIDER: MSDNS (#1005)
* New provider
* Add support for SRV records
* Modify ACTIVEDIRECTORY_PS provider to warn that it is deprecated.
2020-12-28 16:07:33 -05:00

3.5 KiB

name layout jsId title
Microsoft DNS Server (Windows Server) default MSDNS Microsoft DNS Server on Microsoft Windows Server

Microsoft DNS Server on Microsoft Windows Server

This provider updates a Microsoft DNS server.

It interacts with the server via PowerShell commands. As a result, DNSControl must be run on Windows and will automatically disable itself when run on non-Windows systems.

DNSControl will use New-PSSession to execute the commands remotely if computername is set in creds.json (see below).

This provider will replace ACTIVEDIRECTORY_PS which is deprecated.

Caveats

  • Two systems updating a zone is never a good idea. If Windows Dynamic DNS and DNSControl are both updating a zone, there will be unhappiness. DNSControl will blindly remove the dynamic records unless precautions such as IGNORE* and NO_PURGE are in use.
  • This is a new provider and has not been tested extensively, especially the pssession feature.

Running on Non-Windows systems

Currently this driver disables itself when run on Non-Windows systems.

It should be possible for non-Windows hosts with PowerShell Core installed to execute commands remotely via SSH. The module used to talk to PowerShell supports this. It should be easy to implement. Volunteers requested.

Configuration

The ActiveDirectory_PS provider reads an computername setting from creds.json to know the name of the ActiveDirectory DNS Server to run the commands on. Otherwise

{% highlight javascript %} { "msdns": { "dnsserver": "ny-dc01", "pssession": "mywindowshost" } } {% endhighlight %}

An example DNS configuration:

{% highlight javascript %} var REG_NONE = NewRegistrar('none', 'NONE') var MSDNS = NewDnsProvider("msdns", "MSDNS");

D('example.tld', REG_NONE, DnsProvider(MSDNS), A("test","1.2.3.4") ) {% endhighlight %}

Converting from ACTIVEDIRECTORY_PS

If you were using the ACTIVEDIRECTORY_PS provider and are switching to MSDNS, make the following changes:

  1. In dnsconfig.js, change ACTIVEDIRECTORY_PS to MSDNS in any NewDnsProvider() calls.

  2. In creds.json: Since unused fields are quietly ignored, it is safe to list both the old and new options: a. Add a field "dnsserver" with the DNS server's name. (OPTIONAL if dnscontrol is run on the DNS server.) b. If the PowerShell commands need to be run on a different host using a PSSession, add pssession: "remoteserver", where remoteserver is the name of the server where the PowerShell commands should run. c. The MSDNS provider will quietly ignore fakeps, pslog and psout. Feel free to leave them in creds.json until you are sure you aren't going back to the old provider.

During the transition your creds.json file might look like:

{% highlight javascript %} { "msdns": { "ADServer": "ny-dc01", << Delete these after you have "fakeps": "true", << verified that MSDNS works "pslog": "log.txt", << properly. "psout": "out.txt", "dnsserver": "ny-dc01", "pssession": "mywindowshost" } } {% endhighlight %}

  1. Run dnscontrol preview to make sure the provider works as expected.

  2. If for any reason you need to revert, simply change dnsconfig.js to refer to ACTIVEDIRECTORY_PS again (or use git commands). If you are reverting because you found a bug, please file an issue.

  3. Once you are confident in the new provider, remove ADServer, fakeps, pslog, psout from creds.json.