Automating DNS with Scripting

Use this script to set up a new Web site


I regularly receive reader mail that presents some interesting problems and solutions. Many articles, and consequently scripts, focus on automating the setup and configuration of Microsoft Internet Information Services (IIS) 5.0 Web sites. I've written many such articles and scripts and even shown readers how to use Windows Management Instrumentation (WMI) to set up and configure IIS 5.0 remotely. (The WMI Web-exclusive article and code are available at, InstantDoc ID 9100.)

Reader Adam Smith recently emailed me regarding a related challenge—how to automate the process of setting up and configuring DNS when you create a new Web site. When Adam asked me whether one could write such a script, I replied, "Everything in Microsoft has open APIs, so there must be a way to do it ... but, because it hasn't been done yet, I'm guessing it's not for the faint of heart." Based on our communication, Adam quickly realized that he'd be writing code to accomplish a task that no one had reportedly done before with VBScript. So he started the lengthy process of figuring out how to use each function needed for the automation. Naturally, Adam encountered some hurdles along the way, but he managed to work through each headache.

By creating a script to automate the DNS setup and configuration, Adam has saved himself a lot of time in the routine process of creating new Web sites. Let's look at the inner workings of the script so that you can use it in your own shop. You can download the code from, InstantDoc ID 37719. For an alternative approach that uses WMI, see the sidebar "Using WMI to Automatically Configure DNS," page 2.

Deconstructing DNS
To learn the DNS structure, Adam used the Microsoft Management Console (MMC) ADSI Edit snap-in from the Microsoft Internet Information Server Resource Kit. ADSI Edit lets you view all the attributes for each DNS object and, in turn, look up each DNS object on the Microsoft Developer Network (MSDN). For example, you can find the Dns-Node attributes listed at url=/library/en-us/adschema/ad/win2k_c_dnsnode.asp. (Dns-Nodes are the Active Directory—AD—components that store the DNS resource records for each host.) After Adam identified the DNS structure, all he had to do was look at the values for each attribute and determine how to write the new values. However, determining the new values isn't as simple as it might seem.

Microsoft stores all DNS data in Octet-string format, which might be a "hangover" from UNIX because no other data in the Microsoft platform is persisted in structured storage in Octet format. Using Active Directory Service Interfaces (ADSI) to query the data is simple, but the data is virtually unreadable in Octet format. Fortunately, a COM component known as ArrayConvert, which is available at, lets you convert Octet data to hexadecimal data and vice versa. After the data is in hex format, converting it to decimal is a simple process.

Ads.dll, the library file containing the ArrayConvert function, is easy to install. You must first download the executable that contains the COM component and run the file to extract the necessary files to a specified location. To use the functions within the COM component from VBScript, you register the ads.dll COM component by clicking Start, Run and typing

Regsvr32 <path>/Ads.dll

where path is the location in which you saved the extracted files.

After Adam converted the DNS data from Octet format to hex format and then converted the hex format to decimal format, the data was readable and, consequently, easier to work with. Most DNS zones have a host (A) record that adds the www prefix to the domain. The only coded information in the data for this type of entry is the IP address and the serial number. The name of the record provides the www prefix. So, for example, the DNS zone for has a host (A) record named www that maps to the IP address This mapping lets a user type into a browser. If the name of the host (A) record were different (e.g., www3), the user would need to type to return the mapped IP address.

The rest of the data contains values that remain the same on different servers and different domains, so the decimals wouldn't change. Rather, they appear to identify the record as a host (A) record. For Adam's purposes, the DNS zone also required an MX record, which tells querying computers where to look for that domain's mail. The data for these records was stored in Octet format, but the values were much longer than the host (A) records' and took more time and patience to figure out.

Many of the decimals were related to the mail server's name: Some were the ASCII representation of its letters, others represented the number of characters in each segment (not including the decimals because they segment the name), and one represented the overall length of the mail server's name. Other decimals stood for the serial number, the mail server priority, and the IP address, and some decimals never change. Adam identified all the decimals by comparing different hex strings and through simple trial and error. He simplified the entire process by adding a section of variables at the top of the script that you can easily modify to meet your needs.

Adam identified the final piece of the puzzle when he realized that AD stores all records that read (same as parent folder) in one attribute as an array. An example of this type of record would be the Start of Authority (SOA), which AD automatically creates and, therefore, didn't need to be scripted. After decoding all the DNS information, Adam just needed to write the math to determine all the decimal values.

The dns.vbs script opens a connection directly into Microsoft DNS and creates all the information necessary for a new Web site, including a new DNS forward lookup zone, an MX record, and four hosts. Each host links a name to an IP address. The script defaults to setting up a parent host named, a WWW host named, a MAIL host named, a WEBMAIL host named, and an FTP host named (You can customize each host name and IP address in the script.)

Dns.vbs starts by dimensioning variables. Next, as the code at callout A in Listing 1 shows, the script gives you an "opt out" choice with a message box so that you don't accidentally run the script. The script then instantiates ads.dll, the MSDN conversion utility. After completing this process, the script assigns values (i.e., names and IP addresses) to variables for later use. This part of the script is the only section you need to edit for your needs. The code at callout B contains several sample values and descriptions.

At this point, the script uses the user-defined DNS variables to do calculations, string manipulations, and parsing and converts some of the data to hex format. After the initial calculations are complete, the script connects to AD and creates DNS objects. As the code at callout C shows, the script creates the objects for the DNS zone first. Notice that the script releases COM objects from memory by setting them to Nothing. Because COM components consume large amounts of memory, cleaning up after them is good programming practice.

Next, the script creates the MX record and parent host after performing some complicated computations. Because these two values are saved in the same attribute, the script creates an array and saves the values, as the code at callout D shows.

After creating the MX record and parent host (A) record, the script creates the remaining hosts: WWW, MAIL, and WEBMAIL. The code at callout E shows how the WWW record is created. Finally, if you set FTP to "YES" in the variables section at the beginning of the script, the script creates the FTP host (A) record, as the code at callout F shows.

To run the script, use cscript.exe. From the command line, navigate to the folder in which you placed the dns.vbs script, then type

Cscript dns.vbs

You must log on with domain administrator permissions to run the script. Figure 1 shows dns.vbs running. Notice that appropriate screen I/O appears onscreen to alert the user where the dns.vbs script is in the process of running. The script runs quickly (i.e., in a few seconds), depending on your network configuration.

After the script finishes running, you can check the resulting configurations in DNS. Launch the MMC DNS server snap-in (go to Start, Programs, Administrative Tools, then select DNS). Expand the Forward Lookup Zones folder to see the DNS configuration you've automated. Figure 2 shows the resulting DNS configuration of that the script created using the sample values provided.

A Time-Saver
Because Adam's company creates multiple IIS Web sites every week, Adam now saves a lot of time by automating the DNS configuration on each new site. Dns.vbs demonstrates the power of scripting and proves that even the most abstract administration tools can be easily built.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.