«

»

Useful DNS commands for Windows

Changing the name of a server inside of a domain? Finding computers whose names don’t match with their IPs? You may need to do some DNS “magic”.

If you get an error about “service not running” when using one of these commands on a server, you may simply need to reboot it, for example after a name change. This could also generate “untrusted domain” errors when connecting to SQL or similar services running on the server that rely on Windows Authentication to grant remote access from applications.

Commands to update DNS for any computer running Windows:
Open a Command Prompt (Run -> CMD or Start -> Programs -> Accessories. Right-click and select “Run as Administrator” if you experience problems).

ipconfig /displaydns
ipconfig /flushdns
ipconfig /registerdns

Commands for administration of a DNS server:
These mostly rely on the Resource Kit command line tool for DNS server administrators, known as DNSCMD.exe.
Right click the shortcut to Command Prompt and select “Run as administrator” before using DNSCMD.exe.

Tip: Add DNSCMD.exe to the System32 folder to be able to run it from any root in any command prompt window.

Function DNSCMD option Example Comments
Do any dnscmd command on a remote system dnscmd servername command dnscmd main.bigfirm.com /zoneprint bigfirm.com
Create a primary zone dnscmd /zoneadd zonename /primary dnscmd /zoneadd bigfirm.com /primary
Create a secondary zone dnscmd /zoneadd zonename /secondary master IP address dnscmd /zoneadd bigfirm.com /secondary 192.168.1.1
Host a zone on a server based on an existing (perhaps restored) zone file dnscmd /zoneadd zonename /primary /file filename /load dnscmd /zoneadd bigfirm.com /primary /file bigfirm.com.dns /load
Delete a zone from a server dnscmd /zonedelete zonename [/f] dnscmd /zonedelete bigfirm.com /f (without the /f, dnscmd asks you if you really want to delete the zone)
Show all of the zones on a DNS server dnscmd /enumzones dnscmd /enumzones
Dump (almost) all of the records in a zone dnscmd /zoneprint zonename dnscmd /zoneprint bigfirm.com Doesn’t show glue records.
Add an A record to a zone dnscmd /recordadd zonename hostname A ipaddress dnscmd /recordadd bigfirm.com mypc A 192.168.1.33
Add an NS record to a zone dnscmd /recordadd zonename @ NS servername dnscmd /recordadd bigfirm.com @ A dns3.bigfirm.com
Delegate a new child domain, naming its first DNS server dnscmd /recordadd zonename childname NS dnsservername dnscmd /recordadd bigfirm.com test NS main.bigfirm.com This would create the “test.bigfirm.com” DNS child domain unter the bigfirm.com DNS domain
Add an MX record to a zone dnscmd /recordadd zonename @ MX priority servername dnscmd /recordadd bigfirm.com @ MX 10 mail.bigfirm.com
Add a PTR record to a reverse lookup zone dnscmd /recordadd zonename lowIP PTR FQDN dnscmd /recordadd 1.168.192.in-addr.arpa 3 A pc1.bigfirm.com This is the PTR record for a system with IP address 192.168.1.3
Modify a zone’s SOA record dnscmd /recordadd zonename @ SOA primaryDNSservername responsibleemailipaddress serialnumber refreshinterval retryinterval expireinterval defaultTTL dnscmd /recordadd bigfirm.com @ SOA winserver.bigfirm.com mark.bigfirm.com 41 1800 60 2592000 7200 Ignores the serial number if it’s not greater than the current serial number
Delete a resource record dnscmd /recorddelete zonename recordinfo [/f] dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f Again, “/f” means “don’t annoy me with a confirmation request, just do it.”
Create a resource record and incorporate a nonstandard TTL dnscmd /recordadd zonename leftmostpartofrecord TTL restofrecord dnscmd /recordadd bigfirm.com pc34 3200 A 192.168.1.4
Reload a zone from its zone file in \windows\system32\dns dnscmd /zonereload zonename dnscmd /zonereload bigfirm.com Really only useful on primary DNS servers
Force DNS server to flush DNS data to zone file dnscmd /zonewriteback zonename dnscmd /zonewriteback bigfirm.com
Tell a primary whom to allow zone transfers to dnscmd /zoneresetsecondaries zonename /nonsecure|securens dnscmd /zoneresetsecondaries bigfirm.com /nonsecure That example says to allow anyone who asks to get a zone transfer
Enable/disable DNS NOTIFY dnscmd /zoneresetsecondaries zonename /notify|/nonotify dnscmd /zoneresetsecondaries bigfirm.com /nonotify Example disables DNS notification, which is contrary to the default settings.
Tell a secondary DNS server to request any updates from the primary dnscmd /zonerefresh zonename dnscmd /zonerefresh bigfirm.com
Enable or disable dynamic DNS on a zone dnscmd /config zonename /allowupdate 1|0 1 enables, 0 disables, 0 is default
Stop the DNS service Either net stop dns or sc stop dns (No dnscmd command for this)
Start the DNS service Either net start dns or sc start dns (No dnscmd command for this)
Install the DNS service on a 2008 full install system servermanagercmd -install dns
Install the DNS service on a 2008 Server Core system ocsetup DNS-Server-Core-Role Case matters — ocsetup dns-server-core-role would fail
Uninstall the DNS service on a 2008 Server full install system servermanagercmd -remove dns
Uninstall the DNS service on a 2008 Server Core system ocsetup /uninstall DNS-Server-Core-Role

Credits to the source of this excellent list:
Mark’s Windows 2008 DNS Server Command Line Cheat Sheet.