Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, September 24, 2019 4:52 PM
No amount of Bing/Google searching could help me with this issue. I have a Windows Server 2016 workgroup (non-domain joined) machine that's acting as a DNS server (simply forwarding all DNS requests to another DNS server on the Internet). I need to blackhole a large list of domains. I'm writing a Powershell script to be able to do this. However, I'm just trying to do it manually in Powershell with a single domain. I'll show you what I've done:
PS C:\WINDOWS\system32> Get-DnsServerZone | Select-Object -Property ZoneName,ZoneType,ReplicationScope,DirectoryPartitionName
ZoneName ZoneType ReplicationScope DirectoryPartitionName
0.in-addr.arpa Primary None
127.in-addr.arpa Primary None
255.in-addr.arpa Primary None
example.com Primary None
TrustAnchors Primary None
PS C:\WINDOWS\system32> Add-DnsServerPrimaryZone -Name test.com
cmdlet Add-DnsServerPrimaryZone at command pipeline position 1
Supply values for the following parameters:
ReplicationScope:
Add-DnsServerPrimaryZone : Cannot validate argument on parameter 'ReplicationScope'. The argument "" does not belong to the set "Forest,Domain,Legacy,Custom" specified by the ValidateSet
attribute. Supply an argument that is in the set and then try the command again.
At line:1 char:1
+ Add-DnsServerPrimaryZone -Name test.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-DnsServerPrimaryZone], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Add-DnsServerPrimaryZone
PS C:\WINDOWS\system32> Add-DnsServerPrimaryZone -Name test.com -ReplicationScope None
Add-DnsServerPrimaryZone : Cannot validate argument on parameter 'ReplicationScope'. The argument "None" does not belong to the set "Forest,Domain,Legacy,Custom" specified by the ValidateSet
attribute. Supply an argument that is in the set and then try the command again.
At line:1 char:59
+ Add-DnsServerPrimaryZone -Name test.com -ReplicationScope None
+ ~~~~
+ CategoryInfo : InvalidData: (:) [Add-DnsServerPrimaryZone], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Add-DnsServerPrimaryZone
PS C:\WINDOWS\system32> Add-DnsServerPrimaryZone -Name test.com -ReplicationScope Custom
Add-DnsServerPrimaryZone : The input replication scope and directory partition are either incorrect or incompatible.
At line:1 char:1
+ Add-DnsServerPrimaryZone -Name test.com -ReplicationScope Custom
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (test.com:root/Microsoft/...rverPrimaryZone) [Add-DnsServerPrimaryZone], CimException
+ FullyQualifiedErrorId : WIN32 87,Add-DnsServerPrimaryZone
PS C:\WINDOWS\system32> Add-DnsServerPrimaryZone -Name test.com -ReplicationScope Custom -DirectoryPartitionName ''
Add-DnsServerPrimaryZone : Cannot validate argument on parameter 'DirectoryPartitionName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command
again.
At line:1 char:90
+ ... ne -Name test.com -ReplicationScope Custom -DirectoryPartitionName ''
+ ~~
+ CategoryInfo : InvalidData: (:) [Add-DnsServerPrimaryZone], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Add-DnsServerPrimaryZone
The "example.com" domain is one I've added manually via the DNS Manager GUI. I simply added the zone and a single A record with nothing in the Name field and an IP of 127.0.0.1, which is how I plan to blackhole the wider list of domains. As you can see, it's a Primary zone with a "Replication Scope" of None. However, when using the "Add-DnsServerPrimaryZone" cmdlet, it won't let me set the "-ReplicationScope" parameter to None. I've tried all possible options for it (Forest, Domain, Legacy, Custom) with anything I could think of for the "-DirectoryPartitionName" parameter while having a "Custom" replication scope.
Is this just not possible for a workgroup machine?
All replies (4)
Wednesday, September 25, 2019 2:37 PM âś…Answered | 1 vote
Hi,
Thanks for your question.
Please try to run "help add-dnsserverprimaryzone -online" to learn how to use the command.
-ReplicationScope
Specifies a partition on which to store an Active Directory-integrated zone. The acceptable values for this parameter are:
Custom. Any custom directory partition that a user creates. Specify a custom directory partition by using the DirectoryPartitionName parameter.
Domain. The domain directory partition.
Forest. The ForestDnsZone directory partition.
Legacy. A legacy directory partition.
-DirectoryPartitionName
Specifies a directory partition on which to store the zone. Use this parameter when the ReplicationScope parameter has a value of Custom.
You can try to use "-ZoneFile" parameter to create dns primary zone.
For example:
Add-DnsServerPrimaryZone -Name "west02.contoso.com" -ZoneFile "west02.contoso.com.dns"
/en-us/powershell/module/dnsserver/add-dnsserverprimaryzone?view=win10-ps
Best regards,
Lee
Just do it.
Tuesday, September 24, 2019 6:08 PM
Well, I've accomplished my task with a batch script using "dnscmd."
for /F "tokens=*" %%A in (%~dp0domains.txt) do (dnscmd /zoneadd %%A /primary /file %%A.dns & dnscmd /RecordAdd %%A "@" A 127.0.0.1)
Not sure why PowerShell wouldn't let me. I would still like to know if I was doing anything wrong in Powershell.
Wednesday, September 25, 2019 3:45 PM
Well I'll be damned. That worked. When I tried the cmdlet with only specifying the -Name parameter, it would ask for the "ReplicationScope" so I thought that was required.
Thank you!
Thursday, September 26, 2019 7:21 AM
Hi,
I am glad to hear that your issue was successfully resolved.
Best regards,
Lee
Just do it.