環境は以下の通りです。
- windows server 2012R2
- ADDS + DNS がインストール済みのドメインコントローラ
上記サイトによると dnscmd
というのを使うと簡単とのことなので試してみます。
PS C:\Users\Administrator> dnscmd /?
使用法: DnsCmd <サーバー> /ZoneInfo <ゾーン名> [<プロパティ>]
<プロパティ> -- 表示するゾーン プロパティ
例:
AllowUpdate
DsIntegrated
Aging
RefreshInterval
NoRefreshInterval
IsSigned
Keymaster
IsKeymaster
SignWithNSEC3
NSEC3HashAlgorithm
NSEC3Iterations
NSEC3RandomSaltLength
NSEC3UserSalt
NSEC3CurrentSalt
NSEC3OptOut
MaintainTrustAnchor
SignatureInceptionOffset
DNSKEYRecordSetTTL
DSRecordSetTTL
SecureDelegationPollingPeriod
DsRecordAlgorithms
RFC5011KeyRollovers
SigningKeyDescriptors
PropagationTime
ParentHasSecureDelegation
今後のバージョンの Windows では、dnscmd.exe が削除される可能性があります。
現在 dnscmd.exe を使用して DNS サーバーを構成および管理している場合は、
Windows PowerShell に移行することをお勧めします。
DNS サーバー管理のコマンドの一覧を表示するには、Windows PowerShell プロンプト
で、「Get-Command -Module DnsServer」と入力します。DNS の Windows PowerShell
コマンドの詳細については、
http://go.microsoft.com/fwlink/?LinkId=217627 を参照してください。
使うなと言われたのと、dnscmd
は結果をオブジェクトとして扱えないので DnsServer
モジュールを使ってみることにします。
PS C:\Users\Administrator> get-command -module dnsserver
CommandType Name ModuleName
----------- ---- ----------
Alias Export-DnsServerTrustAnchor dnsserver
Function Add-DnsServerConditionalForwarderZone dnsserver
Function Add-DnsServerDirectoryPartition dnsserver
Function Add-DnsServerForwarder dnsserver
Function Add-DnsServerPrimaryZone dnsserver
Function Add-DnsServerResourceRecord dnsserver
Function Add-DnsServerResourceRecordA dnsserver
Function Add-DnsServerResourceRecordAAAA dnsserver
Function Add-DnsServerResourceRecordCName dnsserver
Function Add-DnsServerResourceRecordDnsKey dnsserver
Function Add-DnsServerResourceRecordDS dnsserver
Function Add-DnsServerResourceRecordMX dnsserver
Function Add-DnsServerResourceRecordPtr dnsserver
Function Add-DnsServerRootHint dnsserver
Function Add-DnsServerSecondaryZone dnsserver
Function Add-DnsServerSigningKey dnsserver
Function Add-DnsServerStubZone dnsserver
Function Add-DnsServerTrustAnchor dnsserver
Function Add-DnsServerZoneDelegation dnsserver
Function Clear-DnsServerCache dnsserver
Function Clear-DnsServerStatistics dnsserver
Function ConvertTo-DnsServerPrimaryZone dnsserver
Function ConvertTo-DnsServerSecondaryZone dnsserver
Function Disable-DnsServerSigningKeyRollover dnsserver
Function Enable-DnsServerSigningKeyRollover dnsserver
Function Export-DnsServerDnsSecPublicKey dnsserver
Function Export-DnsServerZone dnsserver
Function Get-DnsServer dnsserver
Function Get-DnsServerCache dnsserver
Function Get-DnsServerDiagnostics dnsserver
Function Get-DnsServerDirectoryPartition dnsserver
Function Get-DnsServerDnsSecZoneSetting dnsserver
Function Get-DnsServerDsSetting dnsserver
Function Get-DnsServerEDns dnsserver
Function Get-DnsServerForwarder dnsserver
Function Get-DnsServerGlobalNameZone dnsserver
Function Get-DnsServerGlobalQueryBlockList dnsserver
Function Get-DnsServerRecursion dnsserver
Function Get-DnsServerResourceRecord dnsserver
Function Get-DnsServerRootHint dnsserver
Function Get-DnsServerScavenging dnsserver
Function Get-DnsServerSetting dnsserver
Function Get-DnsServerSigningKey dnsserver
Function Get-DnsServerStatistics dnsserver
Function Get-DnsServerTrustAnchor dnsserver
Function Get-DnsServerTrustPoint dnsserver
Function Get-DnsServerZone dnsserver
Function Get-DnsServerZoneAging dnsserver
Function Get-DnsServerZoneDelegation dnsserver
Function Import-DnsServerResourceRecordDS dnsserver
Function Import-DnsServerRootHint dnsserver
Function Import-DnsServerTrustAnchor dnsserver
Function Invoke-DnsServerSigningKeyRollover dnsserver
Function Invoke-DnsServerZoneSign dnsserver
Function Invoke-DnsServerZoneUnsign dnsserver
Function Register-DnsServerDirectoryPartition dnsserver
Function Remove-DnsServerDirectoryPartition dnsserver
Function Remove-DnsServerForwarder dnsserver
Function Remove-DnsServerResourceRecord dnsserver
Function Remove-DnsServerRootHint dnsserver
Function Remove-DnsServerSigningKey dnsserver
Function Remove-DnsServerTrustAnchor dnsserver
Function Remove-DnsServerZone dnsserver
Function Remove-DnsServerZoneDelegation dnsserver
Function Reset-DnsServerZoneKeyMasterRole dnsserver
Function Restore-DnsServerPrimaryZone dnsserver
Function Restore-DnsServerSecondaryZone dnsserver
Function Resume-DnsServerZone dnsserver
Function Set-DnsServer dnsserver
Function Set-DnsServerCache dnsserver
Function Set-DnsServerConditionalForwarderZone dnsserver
Function Set-DnsServerDiagnostics dnsserver
Function Set-DnsServerDnsSecZoneSetting dnsserver
Function Set-DnsServerDsSetting dnsserver
Function Set-DnsServerEDns dnsserver
Function Set-DnsServerForwarder dnsserver
Function Set-DnsServerGlobalNameZone dnsserver
Function Set-DnsServerGlobalQueryBlockList dnsserver
Function Set-DnsServerPrimaryZone dnsserver
Function Set-DnsServerRecursion dnsserver
Function Set-DnsServerResourceRecord dnsserver
Function Set-DnsServerResourceRecordAging dnsserver
Function Set-DnsServerRootHint dnsserver
Function Set-DnsServerScavenging dnsserver
Function Set-DnsServerSecondaryZone dnsserver
Function Set-DnsServerSetting dnsserver
Function Set-DnsServerSigningKey dnsserver
Function Set-DnsServerStubZone dnsserver
Function Set-DnsServerZoneAging dnsserver
Function Set-DnsServerZoneDelegation dnsserver
Function Show-DnsServerCache dnsserver
Function Show-DnsServerKeyStorageProvider dnsserver
Function Start-DnsServerScavenging dnsserver
Function Start-DnsServerZoneTransfer dnsserver
Function Step-DnsServerSigningKeyRollover dnsserver
Function Suspend-DnsServerZone dnsserver
Function Sync-DnsServerZone dnsserver
Function Test-DnsServer dnsserver
Function Test-DnsServerDnsSecZoneSetting dnsserver
Function Unregister-DnsServerDirectoryPartition dnsserver
Function Update-DnsServerTrustPoint dnsserver
DnsShell
はインストールが必要なようなので、インストール不要なこちらを利用することにします。
条件付きフォワーダの設定は Add-DnsServerConditionalForwarderZone
を使えばよさそうです。
今回は Active Directory 環境の DNS サーバなので、以下の様に設定してみました。
Add-DnsServerConditionalForwarderZone `
-Name "hogehoge.com" `
-MasterServers 10.0.0.2,10.0.0.3 `
-ReplicationScope "Forest"
これでフォレスト内のDNSサーバ間でレプリケーションもされます。
また、確認は Get-DnsServerZone
を使うとよさそうです。ZoneType が Forwarder になっています。
PS C:\Users\Administrator> Get-DnsServerZone
ZoneName ZoneType IsAutoCreated IsDsIntegrated IsReverseLookupZone IsSigned
-------- -------- ------------- -------------- ------------------- --------
_msdcs.example.local Primary False True False False
0.in-addr.arpa Primary True False True False
127.in-addr.arpa Primary True False True False
255.in-addr.arpa Primary True False True False
hogehoge.com Forwarder False True False
example.local Primary False True False False
TrustAnchors Primary False True False False
dnsmgmt.msc でも追加されていることが確認できました。