Web Development

Export DNS zones to a text file

Windows DNS servers are the lifeblood of a healthy network; here is a one-liner that can give you a stronger audit trail and be more attractive than a full restore of your DNS server.

Many of the more powerful network commands in Windows Server can be done with the command line. Netsh is one that I have covered a bit, and dnscmd is another that can give administrators a lot of functionality in protecting their DNS zones.

Before the naysayers light up the comments below I must mention that I’m not suggesting this as a replacement for a backup of your Windows-integrated DNS servers. I’m proposing an export of the DNS zones (ideally as a scheduled task) to a flat file that you can see what the zones contained in a point of time. This can be to accommodate what was changed, added, or deleted when looking through oddities that come up with administering a Windows Active Directory integrated DNS server.

To get started with dnscmd, this command may need to be installed on your server depending on its current configuration. It is most frequently installed with the server support tools pack for the server version you are using. Default installations put the command in the C:\Program Files\Support Tools path. In the example I will use, I will put the DNS zones to the C:\zonex folder locally on the DNS server. To export a DNS zone to a text file, run the following commands:

dnscmd 10.187.187.200 /ZoneExport RWVDEV.INTRA rwvdev-dot-intra.txt

move c:\windows\system32\dns\rwvdev-dot-intra.txt c:\zonex /Y

This will export the zone RWVDEV.INTRA from server 10.187.187.200 to the file rwvdev-dot-intra.txt. The next line moves it to the zonex path where I would like to keep these for archival and review.

A little tweaks for your environment and you can be ready to go quite quickly with this script. This can be easier for DNS forensics as well as possibly more attractive than a restore if you know what changed by reviewing the export.

What tricks do you do to protect and record your DNS entries? Share your comments below.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

3 comments
Realvdude
Realvdude

I tried dnscmd on a XP workstation. I was able to enumerate records as on the server, but the zone export failed. The enumeration is still handy. I have to admit with a network with only about a dozen machines, I don't backup the DNS config. With this, I will at least know what I need to re-enter.

tor.rogstad
tor.rogstad

Install DIG (or complete BIND) on your managementstation. Put the IP of this station in your AD list of allowed DNS servers (to allow it to get data). Then you have all the functionality of DIG, and you can issue this command: "dig yourdomain -t AXFR > yourfile" to get all the address records. This command could be scheduled each night to always have a fresh (and searchable) copy available. You could also assign a key (e.g. ctrl-alt-d) to a small .bat file that opens the DNS address file in Notepad. DNS at your fingertips... (Microsoft has a lot to learn).