14.4 Zone Classes

The MicrosoftDNS_Zone class offers a plethora of properties and methods to aid in managing your zones. Even if you are using AD-integrated zones, which help reduce the amount of work required to maintain DNS, inevitably you need to configure a zone's settings or create additional zones. In Tables Table 14-3 and Table 14-4, available properties and methods for the MicrosoftDNS_Zone class are listed.

Table 14-3. MicrosoftDNS_Zone class properties

Property name

Property description

Aging

Boolean that indicates whether scavenging is enabled for the zone. The default value is FALSE, which means it is disabled.

AllowUpdate

Flag indicating whether dynamic updates are allowed. The value for this property can be one of the following:


0

No updates allowed.


1

Zone accepts both secure and nonsecure updates.


2

Zone accepts secure updates only.

The default for new zones is 0.

AutoCreated

Boolean that indicates whether the zone was auto-created , as is the case with the standard reverse zones (e.g., 255.in-addr.arpa) that are automatically created by default.

AvailForScavengeTime

Time period when scavenging can be run (if configured for the zone).

DataFile

Name of the zone datafile.

DisableWINSRecordReplication

Boolean that if TRUE indicates that WINS record replication is disabled. The default value is FALSE (WINS record replication does occur).

DsIntegrated

Boolean that indicates whether the zone is AD-integrated.

ForwarderSlave

Boolean that indicates whether the name server relies entirely on its forwarders when resolving domain names in this zone. This can override the server IsSlave setting.

ForwarderTimeout

Number of seconds the name server waits after forwarding a query for domain names in this zone before trying to resolve the query itself. This overrides the server setting.

LastSuccessfulSoaCheck

Number of seconds from January 1, 1970, GMT since the zone's serial number was checked.

LastSuccessfulXfr

Number of seconds from January 1, 1970, GMT since the last successful zone transfer from a master.

LocalMasterServers

If zone is a secondary, this contains the list of master name servers to request zone transfers from. This overrides the MasterServers setting, which can be stored in AD.

MasterServers

If zone is a secondary, this contains the list of master name servers to request zone transfers from.

NoRefreshInterval

For AD-integrated zones, the no-refresh interval in hours. If not specified, the default server no-refresh interval is used.

Notify

If set to 1, the name server notifies secondaries of zone changes.

NotifyServers

Name servers that are notified when there are changes to the zone.

Paused

Flag indicating whether the zone is paused and therefore not responding to requests.

RefreshInterval

For AD-integrated zones, the refresh interval in hours. If not specified, the default server refresh interval is used.

Reverse

If TRUE, the zone is a reverse-mapping (in-addr.arpa) zone. If FALSE, zone is a forward-mapping zone.

ScavengeServers

Array of IP addresses of servers that are allowed to perform scavenging for the zone. If this is not set, any authoritative server in the zone can perform scavenging.

SecondaryServers

IP addresses of name servers allowed to receive zone transfers.

SecureSecondaries

Flag indicating whether zone transfers are allowed only to name servers specified in SecondariesIPAddressesArray. The value for this property can be one of the following:


0

Send zone transfers to all secondary servers that request them.


1

Send zone transfers only to name servers that are authoritative for the zone.


2

Send zone transfers only to servers specified in SecondaryServers.


3

Do not send zone transfers.

The default is 0 for standard primary zones and 3 for AD-integrated zones.

Shutdown

Boolean that if TRUE means the zone has expired (or shut down).

UseWins

Boolean that indicates whether the zone uses WINS lookups. The default is FALSE, which disables WINS lookups.

ZoneType

Type of zone: DS Integrated,[3] Primary, or Secondary.

[3] Most people refer to zones stored in Active Directory as AD-integrated. The WMI DNS Provider consistently uses DS Integrated instead.

Table 14-4. MicrosoftDNS_Zone class methods

Method name

Method description

AgeAllRecords

Age part or all of a zone.

ChangeZoneType

Convert zone to a different type and make it AD-integrated.

CreateZone

Create a new zone.

ForceRefresh

Force secondary to update its zone from master.

GetDistinguishedName

Get distinguished name of the zone.

PauseZone

Cause the name server not to respond to queries for the zone.

ReloadZone

Reload the contents of the zone. This may be necessary after making changes to a zone that you want to take effect immediately.

ResetSecondaries

Specify list of secondaries.

ResumeZone

Cause the name server to start responding to queries for the zone after pausing the zone.

UpdateFromDS

Reload the zone data from Active Directory; valid only for AD-integrated zones.

WriteBackZone

Save zone data to a file.

14.4.1 Creating a Zone

Creating a zone with the DNS Provider is a straightforward operation. You need to get a WMI object for the DNS namespace, instantiate an object from the MicrosoftDNS_Zone class, and call CreateZone on that object. The next example shows how to do this:

strNewZone = "movie.edu."
strServer = "terminator.movie.edu"

on error resume next

set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
set objDNSZone = objDNS.Get("MicrosoftDNS_Zone")
strNull = objDNSZone.CreateZone(strNewZone,0,TRUE)

if Err then
   WScript.Echo "Error occurred creating zone: " & Err.Description
else 
   WScript.Echo "Zone created . . . "
end if

The three parameters we passed into CreateZone include the zone name, the zone type flag, and the AD-integrated flag. A zone type of 0 creates a primary zone. When the AD-integrated flag is set to true, the primary zone is AD-integrated; if it is false, it is a standard primary. At the time of this writing, Microsoft had conflicting documentation about these parameters and their valid values. Refer to the MSDN Library for more information; hopefully, they'll get it straight eventually.

14.4.2 Configuring a Zone

Configuring a zone is not too different from configuring a name server. The primary difference is in how you instantiate a MicrosoftDNS_Zone object. In order to use the Get method on a WMI object, you have to specify the keys for the class you want to instantiate. For the MicrosoftDNS_Zone class, the keys include ContainerName, DnsServerName, and Name. In this case, ContainerName and Name are both the name of the zone. We retrieve DnsServerName by getting a MicrosoftDNS_Server object as we've done earlier in the chapter.

The following example lists all of the properties of the movie.edu zone before it modifies the AllowUpdate property and commits the change:

strZone = "movie.edu."
strServer = "terminator.movie.edu"

on error resume next

set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
set objDNSZone = objDNS.Get("MicrosoftDNS_Zone.ContainerName=""" & strZone & _
                            """,DnsServerName=""" & objDNSServer.Name & _
                            """,Name=""" & strZone & """")

' List all of the properties of the zone
Wscript.Echo objDNSZone.Name
for each objProp in objDNSZone.Properties_
   if IsNull(objProp.Value) then
      Wscript.Echo " " & objProp.Name & " : NULL"
   else
      if objProp.IsArray = TRUE then
         For I = LBound(objProp.Value) to UBound(objProp.Value)
             wscript.echo " " & objProp.Name & " : " & objProp.Value(I)
         next
      else
         wscript.echo " " & objProp.Name & " : " & objProp.Value
      end if
   end if 
next

' Modify the zone
objDNSZone.AllowUpdate = 1
objDNSZone.Put_

WScript.Echo ""
if Err then
   Wscript.Echo "Error occurred: " & Err.Description
else 
   WScript.Echo "Change successful"
end if

14.4.3 Listing the Zones on a Server

The last zone example we'll show lists the configured zones on a specific name server. To make the following example a little more robust, we've added logic to make the script configurable so it can be run against any name server using the specified credentials. That is accomplished by using the ConnectServer method on the SWbemLocator object.

strServer   = "terminator.movie.edu"
strUsername = "dnsadmin"
strPassword = "dnspwd"

Set objLocator = CreateObject("WbemScripting.SWbemLocator")
Set objDNS = objLocator.ConnectServer(strServer, "root\MicrosoftDNS", _
                                      strUsername, strPassword)
set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
set objZones = objDNS.ExecQuery("Select * from MicrosoftDNS_Zone " & _
                                "Where DnsServerName = '" & _
                                objDNSServer.Name & "'") 
WScript.Echo objDNSServer.Name
for each objZone in objZones
   WScript.Echo " " & objZOne.Name
next

To retrieve the list of zones, we used a WQL query with ExecQuery to find all MicrosoftDNS_Zone objects that had a DnsServerName equal to the name of the server we are connecting to.