Содержание

DNS Resource Record Management
Resource record management overview
Create DNS records for Microsoft using Windows-based DNS
Find your DNS records in Windows-based DNS
Add MX record
Add CNAME records
Add two CNAME records for Mobile Device Management (MDM) for Microsoft
Add a TXT record for SPF to help prevent email spam
Add SRV records
Add a record to verify that you own the domain, if you haven’t already
Non-routable email address used as a UPN in your on-prem Active Directory
question
How to find all possible DNS records for a server
4 Answers

DNS Resource Record Management

Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016

This topic provides information about managing DNS resource records by using IPAM.

In addition to this topic, the following DNS resource record management topics are available in this section.

Resource record management overview

When you deploy IPAM in Windows Server 2016, you can perform server discovery to add DHCP and DNS servers to the IPAM server management console. The IPAM server then dynamically collects DNS data every six hours from the DNS servers that it is configured to manage. IPAM maintains a local database where it stores this DNS data. IPAM provides you with notification of the day and time that the server data was collected, as well as telling you the next day and time when data collection from DNS servers will occur.

The yellow status bar in the following illustration shows the user interface location of IPAM notifications.

The DNS data that is collected includes DNS zone and resource record information. You can configure IPAM to collect zone information from your preferred DNS server. IPAM collects both file-based and Active Directory zones.

IPAM collects data solely from domain-joined Microsoft DNS servers. Third party DNS servers and non-domain joined servers are not supported by IPAM.

Following is a list of DNS resource record types that are collected by IPAM.

Create DNS records for Microsoft using Windows-based DNS

Check the Domains FAQ if you don’t find what you’re looking for.

If you host your own DNS records using Windows-based DNS, follow the steps in this article to set up your records for email, Skype for Business Online, and so on.

To get started, you need to find your DNS records in Windows-based DNS so you can update them. Also, if you’re planning to synchronize your on-premises Active Directory with Microsoft, see Non-routable email address used as a UPN in your on-prem Active Directory.

Trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Find your DNS records in Windows-based DNS

Go to the page that has the DNS records for your domain. If you’re working in Windows Server 2008, go to Start > Run. If you’re working in Windows Server 2012, press the Windows key and r. Type dnsmgmnt.msc, and then select OK. In DNS Manager, expand > Forward Lookup Zones. Select your domain. You’re now ready to create the DNS records.

Add MX record

Add an MX record so email for your domain will come to Microsoft.

The MX record you’ll add includes a value (the Points to address value) that looks something like this: .mail.protection.outlook.com, where is a value like MSxxxxxxx.
From the MX row in the Exchange Online section of the Add DNS records page in Microsoft, copy the value listed under Points to address. You’ll use this value in the record you’re creating in this task.
On the DNS Manager page for the domain, go to Action >Mail Exchanger (MX). To find this page for the domain, see Find your DNS records in Windows-based DNS.
In the New Resource Record dialog box, make sure that the fields are set to precisely the following values:
- Host Name:
- @Address: Paste the Points to address value that you just copied from Microsoft here.
- Pref:
Select Save Changes.
Remove any obsolete MX records. If you have any old MX records for this domain that route email somewhere else, select the check box next to each old record, and then select Delete >OK.

Add CNAME records

Add the CNAME records that are required for Microsoft. If additional CNAME records are listed in Microsoft, add those following the same general steps shown here.

If you have Mobile Device Management (MDM) for Microsoft, then you must create two additional CNAME records. Follow the procedure that you used for the other four CNAME records, but supply the values from the following table. (If you do not have MDM, you can skip this step.)

On the DNS Manager page for the domain, go to Action >CNAME (CNAME).
In the New Resource Record dialog box, make sure that the fields are set to precisely the following values:
- Host Name: autodiscover
- Type:
- CNAMEAddress: autodiscover.outlook.com
Select OK.

Add the SIP CNAME record.

On the DNS Manager page for the domain, go to Action >CNAME (CNAME).
In the New Resource Record dialog box, make sure that the fields are set to precisely the following values:
- Host Name: sip
- Type: CNAME
- Address: sipdir.online.lync.com
Select OK.

Add the Skype for Business Online Autodiscover CNAME record.

On the DNS Manager page for the domain, go to Action >CNAME (CNAME). In the New Resource Record dialog box, make sure that the fields are set to precisely the following values:
- Host Name: lyncdiscover
- Type: CNAME
- Address: webdir.online.lync.com
Select OK.

Add two CNAME records for Mobile Device Management (MDM) for Microsoft

Add the MDM Enterpriseregistration CNAME record.

On the DNS Manager page for the domain, go to Action >CNAME (CNAME).
In the New Resource Record dialog box, make sure that the fields are set to precisely the following values:
Host Name: enterpriseregistration
Type: CNAME
Address: enterpriseregistration.windows.net
Select OK.

Add the MDM Enterpriseenrollment CNAME record.

On the DNS Manager page for the domain, go to Action >CNAME (CNAME).
In the New Resource Record dialog box, make sure that the fields are set to precisely the following values:
- Host Name: enterpriseenrollment
- Type: CNAME
- Address: enterpriseenrollment-s.manage.microsoft.com
Select OK.

Add a TXT record for SPF to help prevent email spam

You cannot have more than one TXT record for SPF for a domain. If your domain has more than one SPF record, you’ll get email errors, as well as delivery and spam classification issues. If you already have an SPF record for your domain, don’t create a new one for Microsoft. Instead, add the required Microsoft values to the current record so that you have a single SPF record that includes both sets of values.

Add the SPF TXT record for your domain to help prevent email spam.

You might already have other strings in the TXT value for this record (such as strings for marketing email), which is fine. Leave those strings in place and add this one, placing double-quotes around each string to separate them.
On the DNS Manager page for your domain, go to Action >Text (TXT).
In the New Resource Record dialog box, make sure that the fields are set to precisely the following values.

In some versions of Windows DNS Manager, the domain may have been set up so that when you create a txt record, the home name defaults to the parent domain. In this situation, when adding a TXT record, set the host name to blank (no value) instead of setting it to @ or the domain name.

Record Type: TXT

Address: v=spf1 include:spf.protection.outlook.com -all

Select OK.

Add SRV records

Add the two SRV records that are required for Microsoft.

Add the SIP SRV record for Skype for Business Online web conferencing.

On the DNS Manager page for your domain, go to Action >Other New Records.
In the Resource Record Type window, select Service Location (SRV), and then select Create Record.
In the New Resource Record dialog box, make sure that the fields are set to precisely the following values:
- Service: _sip
- Protocol: _tls
- Priority: 100
- Weight: 1
- Port: 443
- Target (Hostname): sipdir.online.lync.com
Select OK.

Add the SIP SRV record for Skype for Business Online federation.

On the DNS Manager page for your domain, go to Action >Other New Records.
In the Resource Record Type window, select Service Location (SRV), and then select Create Record.
In the New Resource Record dialog box, make sure that the fields are set to precisely the following values:
- Service: _sipfederationtls
- Protocol: _tcp
- Priority: 100
- Weight: 1
- Port: 5061
- Target (Hostname): sipfed.online.lync.com
Select OK.

Add a record to verify that you own the domain, if you haven’t already

Before you add the DNS records to set up your Microsoft services, Microsoft has to confirm that you own the domain you’re adding. To do this, you add a record, following the steps below.

This record is used only to verify that you own your domain; it doesn’t affect anything else.

Gather information from Microsoft.
In the admin center, go to the Settings >Domains page.
On the Domains page, in the Actions column for the domain that you are verifying, select Start setup.
On the Add a domain to Microsoft page, select Start step 1.
On the Confirm that you own your domain page, in the See instructions for performing this step with drop-down list, choose General instructions.
From the table, copy the Destination or Points to Address value. You’ll need it for the next step. We recommend copying and pasting this value, so that all of the spacing stays correct.

Add a TXT record.

On the DNS Manager page for your domain, go to Action >Text (TXT).
In the New Resource Record dialog box, select Edit.
In the Custom Host Names area of the New Resource Record dialog box, make sure that the fields are set to precisely the following values.

Host Name: @
Type: TXT
Address: Paste the Destination or Points to Address value that you just copied from Microsoft here.
Select OK >Done.

Verify your domain in Microsoft.

Wait about 15 minutes before you do this, so the record you just created can update across the Internet.

Go back to Microsoft and follow the steps below to request a verification check. The check looks for the TXT record you added in the previous step. When it finds the correct TXT record, the domain is verified.

In the admin center, go to the Setup >Domains page.
On the Domains page, in the Action column for the domain you are verifying, select Start setup.
On the Confirm that you own your domain page, select done, verify now, and then in the confirmation dialog box, select Finish.

Typically it takes about 15 minutes for DNS changes to take effect. However, it can occasionally take longer for a change you’ve made to update across the Internet’s DNS system. If you’re having trouble with mail flow or other issues after adding DNS records, see Troubleshoot issues after changing your domain name or DNS records.

Non-routable email address used as a UPN in your on-prem Active Directory

If you’re planning to synchronize your on-premises Active Directory with Microsoft, you’ll want to make sure that the Active Directory user principal name (UPN) suffix is a valid domain suffix, and not an unsupported domain suffix such as @contoso.local. If you need to change your UPN suffix, see How to prepare a non-routable domain for directory synchronization.

question

How to find all possible DNS records for a server

I have decommissioned a Windows 2012 domain controller naming USDC-01.

I want to find out each and every possible records (any records) for USDC-01 from all the forward, reverse lookup zones or conditional forwarder so that I can delete them.

Currently I have 18 forward lookup zones, one reverse lookup zone for that IP range and 11 conditional forwarding.

Is there any command to get that?

4 Answers

For searching records in DNS you could use 2 tools — nslookup and Resove-DNSName (newer). Look at A, PTR and SRV records relating to former domain controller.

For DNS Forwarders try to get all records (in all zones) using Get-DnsServerForwarder

You may find the need to check the status of your domains DNS records, or check the Name Servers to see which records the servers are pulling.

Launch Windows Command Prompt by navigating to Start > Command Prompt or via Run > CMD.

Type NSLOOKUP and hit Enter. The default Server is set to your local DNS, the Address will be your local IP.

Set the DNS Record type you wish to lookup by typing set type=## where ## is the record type, then hit Enter. You may use ANY, A, AAAA, A+AAAA, CNAME, MX, NS, PTR, SOA, or SRV as the record type.

Now enter the domain name you wish to query then hit Enter.. In this example, we will use Managed.com.

NSLOOKUP will now return the record entries for the domain you entered.

You can also change the Name Servers which you are querying. This is useful if you are checking the records before DNS has fully propagated. To change the Name Server type server [name server]. Replace [name server] with the Name Servers you wish to use. In this example, we will set these as NSA.managed.com.

Once changed, change the query type (Step 3) if needed then enter new a new domain (Step 4.)

1) Check DNS Records Using Dig Command Dig stands for domain information groper is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

2) Check DNS Records Using NSlookup Command Nslookup is a program to query Internet domain name servers. Nslookup has two modes interactive and non-interactive.

Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain.

Non-interactive mode is used to print just the name and requested information for a host or domain. It’s network administration tool which will help them to check and troubleshoot DNS related issues.

3) Check DNS Records Using Host Command host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments and options.

Dns records windows server