14.4 Zone Classes

The MicrosoftDNS_Zone class offers a plethora of properties and methods to aid in managing your zones. Even if you are using AD-integrated zones, which help reduce the amount of work required to maintain DNS, inevitably you need to configure a zone's settings or create additional zones. In Tables Table 14-3 and Table 14-4, available properties and methods for the MicrosoftDNS_Zone class are listed.

Table 14-3. MicrosoftDNS_Zone class properties
Property name	Property description
`Aging`	Boolean that indicates whether scavenging is enabled for the zone. The default value is FALSE, which means it is disabled.
`AllowUpdate`	Flag indicating whether dynamic updates are allowed. The value for this property can be one of the following: 0 No updates allowed. 1 Zone accepts both secure and nonsecure updates. 2 Zone accepts secure updates only. The default for new zones is 0.
`AutoCreated`	Boolean that indicates whether the zone was auto-created , as is the case with the standard reverse zones (e.g., 255.in-addr.arpa) that are automatically created by default.
`AvailForScavengeTime`	Time period when scavenging can be run (if configured for the zone).
`DataFile`	Name of the zone datafile.
`DisableWINSRecordReplication`	Boolean that if TRUE indicates that WINS record replication is disabled. The default value is FALSE (WINS record replication does occur).
`DsIntegrated`	Boolean that indicates whether the zone is AD-integrated.
`ForwarderSlave`	Boolean that indicates whether the name server relies entirely on its forwarders when resolving domain names in this zone. This can override the server IsSlave setting.
`ForwarderTimeout`	Number of seconds the name server waits after forwarding a query for domain names in this zone before trying to resolve the query itself. This overrides the server setting.
`LastSuccessfulSoaCheck`	Number of seconds from January 1, 1970, GMT since the zone's serial number was checked.
`LastSuccessfulXfr`	Number of seconds from January 1, 1970, GMT since the last successful zone transfer from a master.
`LocalMasterServers`	If zone is a secondary, this contains the list of master name servers to request zone transfers from. This overrides the MasterServers setting, which can be stored in AD.
`MasterServers`	If zone is a secondary, this contains the list of master name servers to request zone transfers from.
`NoRefreshInterval`	For AD-integrated zones, the no-refresh interval in hours. If not specified, the default server no-refresh interval is used.
`Notify`	If set to 1, the name server notifies secondaries of zone changes.
`NotifyServers`	Name servers that are notified when there are changes to the zone.
`Paused`	Flag indicating whether the zone is paused and therefore not responding to requests.
`RefreshInterval`	For AD-integrated zones, the refresh interval in hours. If not specified, the default server refresh interval is used.
`Reverse`	If TRUE, the zone is a reverse-mapping (in-addr.arpa) zone. If FALSE, zone is a forward-mapping zone.
`ScavengeServers`	Array of IP addresses of servers that are allowed to perform scavenging for the zone. If this is not set, any authoritative server in the zone can perform scavenging.
`SecondaryServers`	IP addresses of name servers allowed to receive zone transfers.
`SecureSecondaries`	Flag indicating whether zone transfers are allowed only to name servers specified in `SecondariesIPAddressesArray`. The value for this property can be one of the following: 0 Send zone transfers to all secondary servers that request them. 1 Send zone transfers only to name servers that are authoritative for the zone. 2 Send zone transfers only to servers specified in `SecondaryServers`. 3 Do not send zone transfers. The default is 0 for standard primary zones and 3 for AD-integrated zones.
`Shutdown`	Boolean that if TRUE means the zone has expired (or shut down).
`UseWins`	Boolean that indicates whether the zone uses WINS lookups. The default is FALSE, which disables WINS lookups.
`ZoneType`	Type of zone: DS Integrated,^[3] Primary, or Secondary.

^[3] Most people refer to zones stored in Active Directory as AD-integrated. The WMI DNS Provider consistently uses DS Integrated instead.

Table 14-4. MicrosoftDNS_Zone class methods
Method name	Method description
`AgeAllRecords`	Age part or all of a zone.
`ChangeZoneType`	Convert zone to a different type and make it AD-integrated.
`CreateZone`	Create a new zone.
`ForceRefresh`	Force secondary to update its zone from master.
`GetDistinguishedName`	Get distinguished name of the zone.
`PauseZone`	Cause the name server not to respond to queries for the zone.
`ReloadZone`	Reload the contents of the zone. This may be necessary after making changes to a zone that you want to take effect immediately.
`ResetSecondaries`	Specify list of secondaries.
`ResumeZone`	Cause the name server to start responding to queries for the zone after pausing the zone.
`UpdateFromDS`	Reload the zone data from Active Directory; valid only for AD-integrated zones.
`WriteBackZone`	Save zone data to a file.

14.4.1 Creating a Zone

Creating a zone with the DNS Provider is a straightforward operation. You need to get a WMI object for the DNS namespace, instantiate an object from the MicrosoftDNS_Zone class, and call CreateZone on that object. The next example shows how to do this:

strNewZone = "movie.edu."
strServer = "terminator.movie.edu"

on error resume next

set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
set objDNSZone = objDNS.Get("MicrosoftDNS_Zone")
strNull = objDNSZone.CreateZone(strNewZone,0,TRUE)

if Err then
   WScript.Echo "Error occurred creating zone: " & Err.Description
else 
   WScript.Echo "Zone created . . . "
end if

The three parameters we passed into CreateZone include the zone name, the zone type flag, and the AD-integrated flag. A zone type of 0 creates a primary zone. When the AD-integrated flag is set to true, the primary zone is AD-integrated; if it is false, it is a standard primary. At the time of this writing, Microsoft had conflicting documentation about these parameters and their valid values. Refer to the MSDN Library for more information; hopefully, they'll get it straight eventually.

14.4.2 Configuring a Zone

Configuring a zone is not too different from configuring a name server. The primary difference is in how you instantiate a MicrosoftDNS_Zone object. In order to use the Get method on a WMI object, you have to specify the keys for the class you want to instantiate. For the MicrosoftDNS_Zone class, the keys include ContainerName, DnsServerName, and Name. In this case, ContainerName and Name are both the name of the zone. We retrieve DnsServerName by getting a MicrosoftDNS_Server object as we've done earlier in the chapter.

The following example lists all of the properties of the movie.edu zone before it modifies the AllowUpdate property and commits the change:

strZone = "movie.edu."
strServer = "terminator.movie.edu"

on error resume next

set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
set objDNSZone = objDNS.Get("MicrosoftDNS_Zone.ContainerName=""" & strZone & _
                            """,DnsServerName=""" & objDNSServer.Name & _
                            """,Name=""" & strZone & """")

' List all of the properties of the zone
Wscript.Echo objDNSZone.Name
for each objProp in objDNSZone.Properties_
   if IsNull(objProp.Value) then
      Wscript.Echo " " & objProp.Name & " : NULL"
   else
      if objProp.IsArray = TRUE then
         For I = LBound(objProp.Value) to UBound(objProp.Value)
             wscript.echo " " & objProp.Name & " : " & objProp.Value(I)
         next
      else
         wscript.echo " " & objProp.Name & " : " & objProp.Value
      end if
   end if 
next

' Modify the zone
objDNSZone.AllowUpdate = 1
objDNSZone.Put_

WScript.Echo ""
if Err then
   Wscript.Echo "Error occurred: " & Err.Description
else 
   WScript.Echo "Change successful"
end if

14.4.3 Listing the Zones on a Server

The last zone example we'll show lists the configured zones on a specific name server. To make the following example a little more robust, we've added logic to make the script configurable so it can be run against any name server using the specified credentials. That is accomplished by using the ConnectServer method on the SWbemLocator object.

strServer   = "terminator.movie.edu"
strUsername = "dnsadmin"
strPassword = "dnspwd"

Set objLocator = CreateObject("WbemScripting.SWbemLocator")
Set objDNS = objLocator.ConnectServer(strServer, "root\MicrosoftDNS", _
                                      strUsername, strPassword)
set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
set objZones = objDNS.ExecQuery("Select * from MicrosoftDNS_Zone " & _
                                "Where DnsServerName = '" & _
                                objDNSServer.Name & "'") 
WScript.Echo objDNSServer.Name
for each objZone in objZones
   WScript.Echo " " & objZOne.Name
next

To retrieve the list of zones, we used a WQL query with ExecQuery to find all MicrosoftDNS_Zone objects that had a DnsServerName equal to the name of the server we are connecting to.