I run BIND9 DNS servers and allow Dynamic DNS updates from my customers by using a TSIG key.
One of my customers uses only a Windows environment, and therefore PowerShell to run scripts. He wants to use PowerShell to send dynamic updates to my servers.
Doing this from a Linux shell for testing is easy: use nsupdate.
from: https://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
Client
For nsupdate from bind-utils package you have to either use option -y algorithm:keyname:keyvalue or -k keyfilename option. E.g.
$ nsupdate -y hmac-sha512:keyname:keyvalue
or
$ nsupdate -k Kkeyname.+165+0316.private
then do your update:
from https://linux.die.net/man/8/nsupdate:
# nsupdate > update delete oldhost.example.com A > update add newhost.example.com 86400 A 172.16.1.1 > send
To do an update from Powershell without TSIG is ... kinda easy... I think?: use a cmdlet (for example) Add-DnsServerResourceRecordA
Add-DnsServerResourceRecordA -Name "host23" -ZoneName "contoso.com" - AllowUpdateAny -IPv4Address "172.18.99.23" -TimeToLive 01:00:00
After scouring the documentation, I don't see any references to Transaction Signatures or somehow using a TSIG key.
How do I send a dynamic update using a TISG key to a BIND9 server from Powershell?
This is frustratingly hard to find an example of. Most examples I can find are using PowerShell to send updates via an API which then (probably) does some kind of deploy or dynamic update inside a black box. I want to just build a DDNS update and send it off using PowerShell.
They will have to download nsupdate from BIND (https://www.isc.org/downloads/). It is possible to call nsupdate from a PowerShell host.
Here is a script that will create and submit DDNS requests if a tsig file is provided. Ensure NTFS permissions are set to prevent unauthorized users (including other admins) from accessing this file.
This does assume that you have installed nsupdate.exe and the associated dll's in C:\windows\system32 but it can be modified for other paths.
I welcome any pull requests. https://github.com/ACiDGRiM/UsefulScripts/blob/master/Update-DNS.ps1
Solution for those Who don't have Static IP Address and Need to Update IP Dynamically for DNS zone and reverse DNS PTR records too