| Both sides previous revisionPrevious revision | |
| en:other:opennicdocs [2024/04/10 14:41] – [8A. Working with root hints in PowerShell] Webmaster VitaNetworks | en:other:opennicdocs [2024/04/10 14:41] (current) – Webmaster VitaNetworks |
|---|
| <WRAP important>None of our servers track visitors, logs are ephemeral and analyzed only in the event of failure, not as a business model.</WRAP> | <WRAP important>None of our servers track visitors, logs are ephemeral and analyzed only in the event of failure, not as a business model.</WRAP> |
| |
| <WRAP tip> Alternatively, you could do //**conditional forwarding**// , but that's not covered here. </WRAP> | <WRAP tip> Alternatively, you could do //**conditional forwarding**// , but that's not covered here. </WRAP> |
| |
| ---- | ---- |
| <WRAP info> If you are using the built in local Administrator account, any PowerShell window launches administratively. Unless the system's policies are modified, other admin accounts lack this privilege by default. </WRAP> <WRAP info> This is a server-level operation. | <WRAP info> If you are using the built in local Administrator account, any PowerShell window launches administratively. Unless the system's policies are modified, other admin accounts lack this privilege by default. </WRAP> <WRAP info> This is a server-level operation. |
| |
| You have to repeat it in as many servers as you have. Active Directory's multi-master-ultra-resilient-automatic-everything zones only work if they're Active Directory-integrated zones. On the plus side, they do not have to be related to the Active Directory domain, forest or any aspect of the infrastructure at all to be a zone backed by Active Directory (or "Active Directory-Integrated"). However, the chances of OpenNIC running Domain Controllers and just casually letting people join them, are slim. </WRAP> <WRAP tip> Though **cmdlets** are spelled in **mixed case**. PowerShell itself isn't case sensitive and the same is true for DNS zone names. You can use all upper or lowercase letters if you want. Always try <key>⇥</key>-complete cmdlets to reduce spelling errors. When you do that, they will change their spelling to [[wp>en.wikipedia.org/wiki/Camel_case|mixed case]]. </WRAP> <WRAP todo> If you remote from macOS, you need to disable the reversal of the <key>⌘</key> and <key>⌥</key> modifier keys which is enabled by default. While **Microsoft Remote Desktop Connection** is in focus, press <key>⌘</key>+<key>,</key> to open the app's settings then uncheck the appropriate box((the legend on it changes frequently with version)) : {{ other:rdp-modifiers-unfix.png }}</WRAP> | You have to repeat it in as many servers as you have. Active Directory's multi-master-ultra-resilient-automatic-everything zones only work if they're Active Directory-integrated zones. On the plus side, they do not have to be related to the Active Directory domain, forest or any aspect of the infrastructure at all to be a zone backed by Active Directory (or "Active Directory-Integrated"). However, the chances of OpenNIC running Domain Controllers and just casually letting people join them, are slim. </WRAP> <WRAP tip> Though **cmdlets** are spelled in **mixed case**. PowerShell itself isn't case sensitive and the same is true for DNS zone names. You can use all upper or lowercase letters if you want. Always try <key>⇥</key>-complete cmdlets to reduce spelling errors. When you do that, they will change their spelling to [[wp>en.wikipedia.org/wiki/Camel_case|mixed case]]. </WRAP> <WRAP todo> If you remote from macOS, you need to disable the reversal of the <key>⌘</key> and <key>⌥</key> modifier keys which is enabled by default. While **Microsoft Remote Desktop Connection** is in focus, press <key>⌘</key>+<key>,</key> to open the app's settings then uncheck the appropriate box((the legend on it changes frequently with version)) : {{ :other:rdp-modifiers-unfix.png }}</WRAP> |
| |
| Once in PowerShell, install the DNS role and its supporting administration tools with the following cmdlet below. The ''-Restart'' option will make the system restart immediately if needed. The DNS role itself rarely needs a restart but some of the RSATs do((Remote Server Administration Tools: the modules for the Microsoft Management Console (AKA mmc.exe ) and a few more system panels)) ); it's a quick installation, you might not have enough time to save and close open files so it's best to do it beforehand. | Once in PowerShell, install the DNS role and its supporting administration tools with the following cmdlet below. The ''-Restart'' option will make the system restart immediately if needed. The DNS role itself rarely needs a restart but some of the RSATs do((Remote Server Administration Tools: the modules for the Microsoft Management Console (AKA mmc.exe ) and a few more system panels)) ); it's a quick installation, you might not have enough time to save and close open files so it's best to do it beforehand. |
| |
| <code powershell> | <code powershell> |
| Install-WindowsFeature -Name DNS -IncludeAllSubfeature -IncludeManagementTools -Restart | Install-WindowsFeature -Name DNS -IncludeAllSubfeature -IncludeManagementTools -Restart |
| | |
| |
| </code> | </code> |
| <code powershell> | <code powershell> |
| Get-WindowsFeature *dns* | Install-WindowsFeature -IncludeAllSubfeature -IncludeManagementTools -Restart | Get-WindowsFeature *dns* | Install-WindowsFeature -IncludeAllSubfeature -IncludeManagementTools -Restart |
| | |
| |
| </code> | </code> |
| <code powershell> | <code powershell> |
| dnsmgmt.msc | dnsmgmt.msc |
| | |
| |
| </code> | </code> |
| |
| Note: the management tools are put on the Start menu in a directory named "Windows Administrative Tools". You can install them all in the same cmdlet listing them after DNS, comma+space-separated, e.g; ''-Name DNS, RSAT''. In older Windows, installing the .NET Framework 3.5 (which is part of the RSATs) needs you to insert the original installation media for Windows((not the actual media, just the files, but the version should match)) . You can also just mount an ISO from the network. What it's actually required is a file . Add somewhere in the s ''-Source [[zx0\Microsoft\Windows-Server\WindowsServer\ws2016\sources\sxs|]]'' or ''-Source D:\sources\sxs'' | Note: the management tools are put on the Start menu in a directory named "Windows Administrative Tools". You can install them all in the same cmdlet listing them after DNS, comma+space-separated, e.g; ''-Name DNS, RSAT''. In older Windows, installing the .NET Framework 3.5 (which is part of the RSATs) needs you to insert the original installation media for Windows((not the actual media, just the files, but the version should match)) . You can also just mount an ISO from the network. What it's actually required is a file . Add somewhere in the s ''-Source [[.:zx0-microsoft-windows-server-windowsserver-ws2016-sources-sxs|zx0\Microsoft\Windows-Server\WindowsServer\ws2016\sources\sxs]]'' or ''-Source D:\sources\sxs'' |
| |
| Continue to step 8. | Continue to step 8. |
| It's a single cmdlet (sort of); after completing this, you may skip to step 12 in the original guide, //testing//. | It's a single cmdlet (sort of); after completing this, you may skip to step 12 in the original guide, //testing//. |
| |
| * **8A.1**//Get// and //pipe// the list of the current root hints to the //remove// cmdlet, confirm one by one. | * **8A.1**//Get// and //pipe// the list of the current root hints to the //remove// cmdlet, confirm one by one. |
| * **8A.2** ";" queues up commands similar to Bash. | * **8A.2** ";" queues up commands similar to Bash. |
| * **8A.3** Use the address of one of the tier 1 servers to get the list of the root hints. | * **8A.3** Use the address of one of the tier 1 servers to get the list of the root hints. |
| <code powershell> | <code powershell> |
| Get-DnsServerRootHint | Remove-DnsServerRootHint ; Import-DnsServerRootHint -NameServer "163.172.168.171" -PassThru | Get-DnsServerRootHint | Remove-DnsServerRootHint ; Import-DnsServerRootHint -NameServer "163.172.168.171" -PassThru |
| | |
| |
| </code> | </code> |
| - ''Get-DnsServerRootHint'' gets all the root hints which are piped/passed (''|'') to the ''Remove-DnsServerRootHint'' cmdlet, this in turn removes the objects received. You will be asked to confirm each one by pressing <key>y</key> on the keyboard. | - ''Get-DnsServerRootHint'' gets all the root hints which are piped/passed (''|'') to the ''Remove-DnsServerRootHint'' cmdlet, this in turn removes the objects received. You will be asked to confirm each one by pressing <key>y</key> on the keyboard. |
| - ''Import-DnsServerRootHint'' copies the root hints from ''-NameServer "163.172.168.171"'', ''-PassThru'' is just a required option, just think of it as Microsoft's baseline nonsense. | - ''Import-DnsServerRootHint'' copies the root hints from ''-NameServer "163.172.168.171"'', ''-PassThru'' is just a required option, just think of it as Microsoft's baseline nonsense. |
| |
| |
| ==== 8B. Working with root hints in the GUI ==== | ==== 8B. Working with root hints in the GUI ==== |
| |
| * **8B.1** Removing root hints: | * **8B.1** Removing root hints: |
| {{ other:root-hints-editting.jpg }} | {{ :other:root-hints-editting.jpg |root-hints-editting.jpg}} |
| |
| * **8B.2** Adding root hints: | * **8B.2** Adding root hints: |
| {{ other:add-hints-gui.png }} | {{ :other:add-hints-gui.png }} |
| |
| === Tier 1 servers === | === Tier 1 servers === |
| |
| This was the status of the **tier 1** servers on **''20230307T 14:24:00 GMT-7'' ** | This was the status of the **tier 1** servers on **''20230307T 14:24:00 GMT-7'' ** |
| <file> | <file> |
| |
| * Enter ''nslookup'' in interactive mode (just enter the command alone) | * Enter ''nslookup'' in interactive mode (just enter the command alone) |
| * Set the server e.g; ''server 10.11.11.36'' | * Set the server e.g; ''server 10.11.11.36'' |
| * Enter your query e.g; ''be.libre.'' ((In Windows, nslookup needs for FQDNs to be correctly specified (they must have the trailing period) e.g; wikipedia.org.)) | * Enter your query e.g; ''be.libre.'' ((In Windows, nslookup needs for FQDNs to be correctly specified (they must have the trailing period) e.g; wikipedia.org.)) |
| * Non-interactive | * Non-interactive |
| * Use the syntax __command__ +__host__ +__nameserver__ e.g; ''nslookup be.libre. 10.11.11.36'' | * Use the syntax __command__ +__host__ +__nameserver__ e.g; ''nslookup be.libre. 10.11.11.36'' |
| * **12.2** With the ''Resolve-DnsName'' PowerShell cmdlet | * **12.2** With the ''Resolve-DnsName'' PowerShell cmdlet |
| * The ''-Name'' option is inferred from whatever text that is **__not__** following an option of its own, e.g; ''Resolve-DnsName -Server 10.11.11.36 be.libre.''. | * The ''-Name'' option is inferred from whatever text that is **__not__** following an option of its own, e.g; ''Resolve-DnsName -Server 10.11.11.36 be.libre.''. |
| * Use the ''-Type'' option to specify record type e.g; ''Resolve-DnsName -Server 10.11.11.36 -Type NS -Name be.libre.''. | * Use the ''-Type'' option to specify record type e.g; ''Resolve-DnsName -Server 10.11.11.36 -Type NS -Name be.libre.''. |
| |
| {{ other:screen_shot_2023-03-06_at_21_13_29_pm.png }} | {{ :other:screen_shot_2023-03-06_at_21_13_29_pm.png }} |
| |
| ===== Creating secondary zones ===== | ===== Creating secondary zones ===== |
| Add-DnsServerSecondaryZone -Name "parody" -ZoneFile "parody.dns" -MasterServers 168.119.153.26, 195.201.99.61, 2a01:4f8:c17:fa94::, 2a01:4f8:c2c:e789:: | Add-DnsServerSecondaryZone -Name "parody" -ZoneFile "parody.dns" -MasterServers 168.119.153.26, 195.201.99.61, 2a01:4f8:c17:fa94::, 2a01:4f8:c2c:e789:: |
| Add-DnsServerSecondaryZone -Name "pirate" -ZoneFile "pirate.dns" -MasterServers 168.119.153.26, 195.201.99.61, 2a01:4f8:c17:fa94::, 2a01:4f8:c2c:e789:: | Add-DnsServerSecondaryZone -Name "pirate" -ZoneFile "pirate.dns" -MasterServers 168.119.153.26, 195.201.99.61, 2a01:4f8:c17:fa94::, 2a01:4f8:c2c:e789:: |
| | |
| |
| </code> | </code> |
| |
| '' | '' |
| |
| '''' | |
| |
| |