Change DNS in a script

[xploit1030]

Here is the situation. We have 4 DNS servers were I work, 2 Linux (see to the world) & 2 Windows (behind our firewall).

DNS Servers (Not actual IPs)

Linux DNS1 10.0.0.1

Linux DNS2 10.0.0.2

Windows DNS1 10.0.0.3

Windows DNS2 10.0.0.4

We only recently setup the windows DNS (when we decided to start using SMS 2003). Some of the client machines are pointing to the linux DNS only. We need all the machines to point to the Windows DNS. We can't use a script to change the DNS settings for all devices to a specific IP because we have many users with laptops that have multiple settings (I.E. one setting for home and one for work).

We need a script that can change the address of the DNS if it matches a given IP.

Example:

If (Local Area Connection DNS1 = 10.0.0.1)

Then set DNS1 = 10.0.0.3

I have done many hours of research on the web and found many ways to set the DNS on all Local Area Connections but as I stated this is not what we need. Any help would be greatly appreciated. Please let me know if you need further info.

I would perfer a script that can run remotely for each machine but one that can be used in a login script would work as well.

[+BudMan MVC]

Huh???

This is why you would use DHCP... Machine is at work -- DHCP hands out DNS it should use.. User takes machine home.. Their routers DHCP hands out DNS to use, or their ISP does..

Use DHCP -- solve all your problems.

As to a script way of changing clients to dhcp vs static, or changing their dns.. netsh is what your looking for..

http://www.microsoft.com/resources/documen...n-us/netsh.mspx

Using Netsh

example

netsh interface ip set dns "Local Area Connection" static 192.168.0.200

here -- quick little run through for you;

C:\>netsh interface ip show config

Configuration for interface "Local Area Connection"

DHCP enabled: Yes

InterfaceMetric: 0

DNS servers configured through DHCP: 10.40.0.218

10.40.0.219

WINS servers configured through DHCP: 10.40.0.233

Register with which suffix: Primary only

C:\>netsh interface ip set dns "Local Area Connection" static 192.168.0.200

Ok.

C:\>netsh interface ip show config

Configuration for interface "Local Area Connection"

DHCP enabled: Yes

InterfaceMetric: 0

Statically Configured DNS Servers: 192.168.0.200

WINS servers configured through DHCP: 10.40.0.233

Register with which suffix: Primary only

C:\>netsh interface ip set dns "Local Area Connection" dhcp

Ok.

C:\>netsh interface ip show config

Configuration for interface "Local Area Connection"

DHCP enabled: Yes

InterfaceMetric: 0

DNS servers configured through DHCP: 10.40.0.218

10.40.0.219

WINS servers configured through DHCP: 10.40.0.233

Register with which suffix: Primary only

Edited February 21, 2006 by BudMan

[xploit1030]

We cannot use DHCP for many reasons that I won't bother going into here. Keep in mind some government organizations are required to use static IPs.

[markwolfe Veteran]

Forgive me if I am showing some ignorance here, but can you not bring up your Windows servers with the IP addresses that your Linux servers are currently using? Doing all the work at the server end, and making it transparent to the clients seems to be the best option to me.

[xploit1030]

  markjensen said:

Forgive me if I am showing some ignorance here, but can you not bring up your Windows servers with the IP addresses that your Linux servers are currently using? Doing all the work at the server end, and making it transparent to the clients seems to be the best option to me.

We cannot the IPs being used by the Linux servers are what is registered with the world and some of the internal machine need direct access to those servers. We do not want our private DNS servers to become our public servers for security and other reasons.

BudMan, the problem with netsh in a script is that I would have to assume all the connections are "Local Area Connection" when some are that others are "Local Area Connection 2", "Local Area Connection 3", etc.

I know the command can show me which connection I want but I need to capture that data in an automated process.

We have 2000+ clients and checking to see which "Local Area Connection" to use manually would be intensive at best.

Edited February 21, 2006 by xploit1030

[+BudMan MVC]

  xploit1030 said:

We cannot use DHCP for many reasons that I won't bother going into here. Keep in mind some government organizations are required to use static IPs.

See my edit - I gave you the commands even.. netsh is how you would configure dns from the commandline, or script.. etc..

edit:

You can use whatever the name of the connection is in the command/script.... have you script look to what the name of the connections are.. then use that name when you make the change.. It's not freaking rocket science for gosh sake..

So you hint that your a gov office and your forced to use static IPs?? Where is this requirement?? I would be curious to read it -- its a gov office, then the requirements for security should be public -- should they not? Would reservations in dhcp not be an option?

Making mass changes to machines tcp/ip settings.. be it address mask, dns wins, etc... all kinds of other options you might want/need your clients to use is what dhcp is all about.. If you can not use that -- I would really look to why.. my guess is the guy before you did not have a clue to what he was doing ;) And your just stuck with the same mess -- Fix it!

Managing network settings for a large group of machines is what dhcp is meant to do.. sounds like you have a large group of machines.. you should be using dhcp.. If not guess you better get busy walking around to each machine ;) or you could do it all from your desk using netsh..

Sounds like it sucks to be you :rofl:

here maybe some of this will help..

http://www.microsoft.com/technet/scriptcen...tnc_remote.mspx

Automating TCP/IP Networking on Clients

Part 3: Scripting Remote Network Management

http://www.microsoft.com/technet/scriptcen...5_atnc_dns.mspx

Automating TCP/IP Networking on Clients

Part 5: Scripting DNS on Clients

Edited February 21, 2006 by BudMan

[Kasandoro]

Well...I have a suggestion...

I *believe* WMI scripting in a vbscript will allow you to do this...ASSUMING all the network connections are named "Local Area Connection" followed by something, you could do a WMI query for all the adapters on the computer, and add an AND conditional that matches the IP you're looking to change... (you can use the % operator as a wildcard with the LIKE operator in the WMI query). Then, you could change it via the object.Put_ method (I think).

I don't have time to write a script for you, but that might point you in the right direction (sorry if I'm wrong here...seems like I did something like this once for work).

[xploit1030]

  Kasandoro said:

Well...I have a suggestion...

I *believe* WMI scripting in a vbscript will allow you to do this...ASSUMING all the network connections are named "Local Area Connection" followed by something, you could do a WMI query for all the adapters on the computer, and add an AND conditional that matches the IP you're looking to change... (you can use the % operator as a wildcard with the LIKE operator in the WMI query). Then, you could change it via the object.Put_ method (I think).

I don't have time to write a script for you, but that might point you in the right direction (sorry if I'm wrong here...seems like I did something like this once for work).

This is more along the lines of what I was already working. I found how to set a new IP, I just couldn't find a way to see the current DNS entry (a query).

[spartyjohnson]

You should be able to take the answer in the query of which adapter it is and then use that in the netsh command.

[MazX_Napalm]

Not even 2 minutes on Google and ......

Automating TCP/IP Networking on Clients

Part 5: Scripting DNS on Clients

http://www.microsoft.com/technet/scriptcen...5_atnc_dns.mspx

[+BudMan MVC]

  MazX_Napalm said:

Not even 2 minutes on Google and ......

Automating TCP/IP Networking on Clients

Part 5: Scripting DNS on Clients

http://www.microsoft.com/technet/scriptcen...5_atnc_dns.mspx

:rofl: I had posted that just before you did ;) Did not take anywhere close to 2 minutes.. like 5 seconds.. ;) First search, first page..

[MazX_Napalm]

I got it using "change dns ip +vbs", second link on the page.

[+BudMan MVC]

  MazX_Napalm said:

I got it using "change dns ip +vbs", second link on the page.

Makes you wonder how anyone could of put hours into research ;)

[MazX_Napalm]

Maybe they on dial-up.

[+BudMan MVC]

  MazX_Napalm said:

Maybe they on dial-up.

:rofl: Even on dailup.. a search is fast..

[xploit1030]

I appreciate the help even though you felt it was necessary to include the sarcasm.

Because the example didn't do exactly what I wanted (even though I too had found that exact article) I was hoping someone else had already run into the same problem but I guess posting questions leaves me open to ridicule.

It required a small amount of modification to get it working for my specific needs so I threw in a portion to change the settings for all machines in an OU (much better than 1 machine at a time).

I made two scripts one will change the DNS and DNS suffix settings on a single machine the other on an OU or array of OUs.

OUS = Array("OU=Workstations,DC=neowin,DC=net", _
"OU=TestOU,DC=neowin,DC=net")

For Each OU in OUS

Set objOU = GetObject("LDAP://" & OU)
objOU.Filter = Array("Computer")

On Error Resume Next
For Each objItem in objOU


strComputer = objItem.CN
strDNSDomain = "neowin.net"
strOldDNSServer1 = "192.168.0.2"
strOldDNSServer2 = "192.168.0.3"
arrNewDNSServerSearchOrder = Array("192.168.0.4", _
 "192.168.0.5", "192.168.0.2", "192.168.0.3")

Set objWMIService = GetObject("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colNicConfigs = objWMIService.ExecQuery _
 ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")

For Each objNicConfig In colNicConfigs
  arrDNSServerSearchOrder = objNicConfig.DNSServerSearchOrder
  If Not IsNull(objNicConfig.DNSServerSearchOrder) Then
	For Each strDNSServer In objNicConfig.DNSServerSearchOrder
	Next
  End If
  blnFound = 0
  For i = 0 to UBound(arrDNSServerSearchOrder)
	If (arrDNSServerSearchOrder(i) = strOldDNSServer1) OR _
	  arrDNSServerSearchOrder(i) = strOldDNSServer2 Then
	  arrDNSServerSearchOrder(i) = arrNewDNSServerSearchOrder(i)
	  blnFound = 1
	End If
  Next
  If blnFound Then
	retSetDNS = objNicConfig.SetDNSServerSearchOrder(arrDNSServerSearchOrder)
	intSetDomain = objNicConfig.SetDNSDomain(strDNSDomain)
  End If
Next

Set colNicConfigs = objWMIService.ExecQuery _
 ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")

Next

wscript.echo "All DNS settings have been updated for the Computers in " & _
 OU & " have changed as of: " & Now()

Next

Now the single computer version

On Error Resume Next

strComputer = "."
strDNSDomain = "neowin.net"
strOldDNSServer1 = "192.168.0.2"
strOldDNSServer2 = "192.168.0.3"
arrNewDNSServerSearchOrder = Array("192.168.0.4", _
 "192.168.0.5", "192.168.0.2", "192.168.0.3")

Set objWMIService = GetObject("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colNicConfigs = objWMIService.ExecQuery _
 ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")

For Each objNicConfig In colNicConfigs
  arrDNSServerSearchOrder = objNicConfig.DNSServerSearchOrder
  If Not IsNull(objNicConfig.DNSServerSearchOrder) Then
	For Each strDNSServer In objNicConfig.DNSServerSearchOrder
	Next
  End If
  blnFound = 0
  For i = 0 to UBound(arrDNSServerSearchOrder)
	If (arrDNSServerSearchOrder(i) = strOldDNSServer1) OR _
	  arrDNSServerSearchOrder(i) = strOldDNSServer2 Then
	  arrDNSServerSearchOrder(i) = arrNewDNSServerSearchOrder(i)
	  blnFound = 1
	End If
  Next
  If blnFound Then
	retSetDNS = objNicConfig.SetDNSServerSearchOrder(arrDNSServerSearchOrder)
	intSetDomain = objNicConfig.SetDNSDomain(strDNSDomain)
  End If
Next

Set colNicConfigs = objWMIService.ExecQuery _
 ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")


wscript.echo "All DNS settings have been updated for Computer: " & _
 strComputer & " as of: " & Now()

[Komakino[BE]]

Dude, why don't you use reservations in DHCP? That will give the clients always the same address. Or does the government really require that it is put manually on every damn client?

Although I wouldn't be surprised, given all the pointless procedures some governments have. :no:

[xploit1030]

  Quote

' date='Feb 23 2006, 20:01' post='587235892']

Dude, why don't you use reservations in DHCP? That will give the clients always the same address. Or does the government really require that it is put manually on every damn client?

Although I wouldn't be surprised, given all the pointless procedures some governments have. :no:

We could but we would have to input all those MAC addresses which would take a long time. I'll agree that it is a better alternative than static IPs but a pain in the butt to implement.

Unfortuantly my bosses (as is almost always the case with the government) don't want us doing any huge projects like that as long as we can come up with work arounds like that script.

This is not the case on my network but I have worked with networks where DHCP is explicitly forbidden.

[Komakino[BE]]

  xploit1030 said:

We could but we would have to input all those MAC addresses which would take a long time. I'll agree that it is a better alternative than static IPs but a pain in the butt to implement.

Unfortuantly my bosses (as is almost always the case with the government) don't want us doing any huge projects like that as long as we can come up with work arounds like that script.

This is not the case on my network but I have worked with networks where DHCP is explicitly forbidden.

OK, first of all this is not a major project. This process can be largely automated. Given that you are starting to use SMS, get used to scripting. SMS, is next to AD/Exchange/SQL, one of the most powerfull tools Microsoft has ever produced.

For instance, to put all reservations in MS DHCP, you could use the command dhcpcmd.exe which you will find on the Resourcekit.

All you have to do is generate a text file with the IP addresses and the MAC addresses.

Something like this...

dhcpcmd 10.0.0.1 addreservedip 10.0.1.0 10.0.1.150 001122334455

... will add an entry with MAC 001122334455 to DHCP server 10.0.0.1 with reserved ip 10.0.1.150 in the 10.0.1.x scope.

Now all you need to do is generate a list of mac addresses of all computers and run the script on your server to import everything in your server. If sms is already running on all clients you can simply get that info through sms. Otherwise let the clients dump the MAC address in a text file and put that in the DHCP import txt file.

If all this is over your head, get a consultant for a day who can help you. If your boss complains about the money, tell him that moving to DHCP will greatly simplify (a part of) the administration of your network and that it will save him money in the end.

[xploit1030]

  Quote

' date='Feb 24 2006, 12:15' post='587238445']

OK, first of all this is not a major project. This process can be largely automated. Given that you are starting to use SMS, get used to scripting. SMS, is next to AD/Exchange/SQL, one of the most powerfull tools Microsoft has ever produced.

For instance, to put all reservations in MS DHCP, you could use the command dhcpcmd.exe which you will find on the Resourcekit.

All you have to do is generate a text file with the IP addresses and the MAC addresses.

Something like this...

dhcpcmd 10.0.0.1 addreservedip 10.0.1.0 10.0.1.150 001122334455

... will add an entry with MAC 001122334455 to DHCP server 10.0.0.1 with reserved ip 10.0.1.150 in the 10.0.1.x scope.

Now all you need to do is generate a list of mac addresses of all computers and run the script on your server to import everything in your server. If sms is already running on all clients you can simply get that info through sms. Otherwise let the clients dump the MAC address in a text file and put that in the DHCP import txt file.

If all this is over your head, get a consultant for a day who can help you. If your boss complains about the money, tell him that moving to DHCP will greatly simplify (a part of) the administration of your network and that it will save him money in the end.

That is a great idea, and I'll take note of what you've done here but essentially I work for a bunch of monkeys afraid of change. It took me a year and a half to convince them of SMS. I've learned I have to pick my battles.

[+BudMan MVC]

  xploit1030 said:

That is a great idea

:blink: :blink: :blink: WTF have we been telling you from the start of this thread??? DHCP!! now its a great idea?? :rolleyes: :rofl:

[xploit1030]

  BudMan said:

:blink: :blink: :blink: WTF have we been telling you from the start of this thread??? DHCP!! now its a great idea?? :rolleyes: :rofl:

Your right. You were one of the people that were quick to say "Just implement DCHP" to avoid answering my question.

I was thanking Komakino[bE] for his effort, he wasn't addressing my initial problem but my response to some other people's questions. DHCP is still not an option for my organization, but when the day comes that it is I will be better prepared for that switch.

[+BudMan MVC]

  xploit1030 said:

Your right. You were one of the people that were quick to say "Just implement DCHP" to avoid answering my question.

Um -- not answering your question? What would you call this link in post 6 of this thread was then??

http://www.microsoft.com/technet/scriptcen...5_atnc_dns.mspx

Automating TCP/IP Networking on Clients

Part 5: Scripting DNS on Clients

Sure looks likes the scripts you posted came right out of that.. Not answering your question - yeah ok :rolleyes:

[Joel]

  xploit1030 said:

DHCP is still not an option for my organization

Why not?

[xploit1030]

  Joel said:

Why not?

We cannot because as much sense as it would make no one person in my organization has the authority to implement it. It must be approved by a board. The afore mentioned board has no technical expertise and have been known to ignore the advice of my Department. We have no configuration management, no IT director, and no central management of any kind.

All decisions made here are made by committee, that makes what should be simple actions taken by one person almost impossible to implement here.

We have in the past and could again easily present all the data I have been given here as well as many other supporting documents and it will get shot down because some researcher with no IT experience doesn't want it. Trying to explain to all these people how it will benefit them is an exercise in futility. They don't care how much easier or better it will make thier jobs, or our jobs.

The day I leave this place will be a happy one, I only have a couple of years left. Until then I forced to work within the confines that exist here.