環境は以下の通りです。
SE'S BOOK: dnscmdコマンドでDNS条件付きフォワーダーを作成、設定
上記サイトによると dnscmd
というのを使うと簡単とのことなので試してみます。
PS C:\Users\Administrator> dnscmd /? 使用法: DnsCmd <サーバー> /ZoneInfo <ゾーン名> [<プロパティ>] <プロパティ> -- 表示するゾーン プロパティ 例: AllowUpdate DsIntegrated Aging RefreshInterval NoRefreshInterval IsSigned Keymaster IsKeymaster SignWithNSEC3 NSEC3HashAlgorithm NSEC3Iterations NSEC3RandomSaltLength NSEC3UserSalt NSEC3CurrentSalt NSEC3OptOut MaintainTrustAnchor SignatureInceptionOffset DNSKEYRecordSetTTL DSRecordSetTTL SecureDelegationPollingPeriod DsRecordAlgorithms RFC5011KeyRollovers SigningKeyDescriptors PropagationTime ParentHasSecureDelegation 今後のバージョンの Windows では、dnscmd.exe が削除される可能性があります。 現在 dnscmd.exe を使用して DNS サーバーを構成および管理している場合は、 Windows PowerShell に移行することをお勧めします。 DNS サーバー管理のコマンドの一覧を表示するには、Windows PowerShell プロンプト で、「Get-Command -Module DnsServer」と入力します。DNS の Windows PowerShell コマンドの詳細については、 http://go.microsoft.com/fwlink/?LinkId=217627 を参照してください。
使うなと言われたのと、dnscmd
は結果をオブジェクトとして扱えないので DnsServer
モジュールを使ってみることにします。
PS C:\Users\Administrator> get-command -module dnsserver CommandType Name ModuleName ----------- ---- ---------- Alias Export-DnsServerTrustAnchor dnsserver Function Add-DnsServerConditionalForwarderZone dnsserver Function Add-DnsServerDirectoryPartition dnsserver Function Add-DnsServerForwarder dnsserver Function Add-DnsServerPrimaryZone dnsserver Function Add-DnsServerResourceRecord dnsserver Function Add-DnsServerResourceRecordA dnsserver Function Add-DnsServerResourceRecordAAAA dnsserver Function Add-DnsServerResourceRecordCName dnsserver Function Add-DnsServerResourceRecordDnsKey dnsserver Function Add-DnsServerResourceRecordDS dnsserver Function Add-DnsServerResourceRecordMX dnsserver Function Add-DnsServerResourceRecordPtr dnsserver Function Add-DnsServerRootHint dnsserver Function Add-DnsServerSecondaryZone dnsserver Function Add-DnsServerSigningKey dnsserver Function Add-DnsServerStubZone dnsserver Function Add-DnsServerTrustAnchor dnsserver Function Add-DnsServerZoneDelegation dnsserver Function Clear-DnsServerCache dnsserver Function Clear-DnsServerStatistics dnsserver Function ConvertTo-DnsServerPrimaryZone dnsserver Function ConvertTo-DnsServerSecondaryZone dnsserver Function Disable-DnsServerSigningKeyRollover dnsserver Function Enable-DnsServerSigningKeyRollover dnsserver Function Export-DnsServerDnsSecPublicKey dnsserver Function Export-DnsServerZone dnsserver Function Get-DnsServer dnsserver Function Get-DnsServerCache dnsserver Function Get-DnsServerDiagnostics dnsserver Function Get-DnsServerDirectoryPartition dnsserver Function Get-DnsServerDnsSecZoneSetting dnsserver Function Get-DnsServerDsSetting dnsserver Function Get-DnsServerEDns dnsserver Function Get-DnsServerForwarder dnsserver Function Get-DnsServerGlobalNameZone dnsserver Function Get-DnsServerGlobalQueryBlockList dnsserver Function Get-DnsServerRecursion dnsserver Function Get-DnsServerResourceRecord dnsserver Function Get-DnsServerRootHint dnsserver Function Get-DnsServerScavenging dnsserver Function Get-DnsServerSetting dnsserver Function Get-DnsServerSigningKey dnsserver Function Get-DnsServerStatistics dnsserver Function Get-DnsServerTrustAnchor dnsserver Function Get-DnsServerTrustPoint dnsserver Function Get-DnsServerZone dnsserver Function Get-DnsServerZoneAging dnsserver Function Get-DnsServerZoneDelegation dnsserver Function Import-DnsServerResourceRecordDS dnsserver Function Import-DnsServerRootHint dnsserver Function Import-DnsServerTrustAnchor dnsserver Function Invoke-DnsServerSigningKeyRollover dnsserver Function Invoke-DnsServerZoneSign dnsserver Function Invoke-DnsServerZoneUnsign dnsserver Function Register-DnsServerDirectoryPartition dnsserver Function Remove-DnsServerDirectoryPartition dnsserver Function Remove-DnsServerForwarder dnsserver Function Remove-DnsServerResourceRecord dnsserver Function Remove-DnsServerRootHint dnsserver Function Remove-DnsServerSigningKey dnsserver Function Remove-DnsServerTrustAnchor dnsserver Function Remove-DnsServerZone dnsserver Function Remove-DnsServerZoneDelegation dnsserver Function Reset-DnsServerZoneKeyMasterRole dnsserver Function Restore-DnsServerPrimaryZone dnsserver Function Restore-DnsServerSecondaryZone dnsserver Function Resume-DnsServerZone dnsserver Function Set-DnsServer dnsserver Function Set-DnsServerCache dnsserver Function Set-DnsServerConditionalForwarderZone dnsserver Function Set-DnsServerDiagnostics dnsserver Function Set-DnsServerDnsSecZoneSetting dnsserver Function Set-DnsServerDsSetting dnsserver Function Set-DnsServerEDns dnsserver Function Set-DnsServerForwarder dnsserver Function Set-DnsServerGlobalNameZone dnsserver Function Set-DnsServerGlobalQueryBlockList dnsserver Function Set-DnsServerPrimaryZone dnsserver Function Set-DnsServerRecursion dnsserver Function Set-DnsServerResourceRecord dnsserver Function Set-DnsServerResourceRecordAging dnsserver Function Set-DnsServerRootHint dnsserver Function Set-DnsServerScavenging dnsserver Function Set-DnsServerSecondaryZone dnsserver Function Set-DnsServerSetting dnsserver Function Set-DnsServerSigningKey dnsserver Function Set-DnsServerStubZone dnsserver Function Set-DnsServerZoneAging dnsserver Function Set-DnsServerZoneDelegation dnsserver Function Show-DnsServerCache dnsserver Function Show-DnsServerKeyStorageProvider dnsserver Function Start-DnsServerScavenging dnsserver Function Start-DnsServerZoneTransfer dnsserver Function Step-DnsServerSigningKeyRollover dnsserver Function Suspend-DnsServerZone dnsserver Function Sync-DnsServerZone dnsserver Function Test-DnsServer dnsserver Function Test-DnsServerDnsSecZoneSetting dnsserver Function Unregister-DnsServerDirectoryPartition dnsserver Function Update-DnsServerTrustPoint dnsserver
DnsShell
はインストールが必要なようなので、インストール不要なこちらを利用することにします。
条件付きフォワーダの設定は Add-DnsServerConditionalForwarderZone
を使えばよさそうです。
今回は Active Directory 環境の DNS サーバなので、以下の様に設定してみました。
Add-DnsServerConditionalForwarderZone ` -Name "hogehoge.com" ` -MasterServers 10.0.0.2,10.0.0.3 ` -ReplicationScope "Forest"
これでフォレスト内のDNSサーバ間でレプリケーションもされます。
また、確認は Get-DnsServerZone
を使うとよさそうです。ZoneType が Forwarder になっています。
PS C:\Users\Administrator> Get-DnsServerZone ZoneName ZoneType IsAutoCreated IsDsIntegrated IsReverseLookupZone IsSigned -------- -------- ------------- -------------- ------------------- -------- _msdcs.example.local Primary False True False False 0.in-addr.arpa Primary True False True False 127.in-addr.arpa Primary True False True False 255.in-addr.arpa Primary True False True False hogehoge.com Forwarder False True False example.local Primary False True False False TrustAnchors Primary False True False False
dnsmgmt.msc でも追加されていることが確認できました。