How to Use the Neverfail Heartbeat Utility DNSUpdate.exe (DNS)

Follow

Summary

This Knowledgebase article describes how to use the Neverfail Heartbeat DNSUpdate.exe tool. The DNSUpdate tool replaces the DNSScripter component used in all versions of Neverfail Heartbeat pre V4.4.

There is a sister article ( Knowledgebase article #908 - 'Versions of the DNSUpdate Utility'), which lists all the versions of DNSUpdate. DNSUpdate is available stand-alone or as part of the Heartbeat kit.

Note: The latest version of DNSUpdate is available from this location

https://extranet.neverfailgroup.com/solutions/utilities.asp


More Information

DNSUpdate automates the change of IP addresses in a WAN environment, where different subnets are used for the Primary and Secondary servers. When the Secondary server becomes active, DNS is updated to change the forward and reverse lookup addresses from the Primary IP to Secondary IP address.

DNSUpdate runs each time a switchover or failover occurs. The DNSUpdate tool operates by first going to Active-Directory to get a list of all the DNS servers and then attempts to update the records for the protected server based on the command line arguments.

The main steps performed by DNSUpdate are:

  1. Self-test (check that Neverfail Heartbeat is installed and the 3rd party tools are compatible).
  2. Get machine and environment identities.
  3. Get the list of Name Servers from Active Directory (if the “-ns” option is not used).
  4. For each Name Server check that it is contactable.
  5. For each contactable Name Server identify if it’s a Primary or Secondary (Slave) DNS.
  6. For each contactable Primary DNS extract the list of zones.
  7. For each IP Addresses that is to be removed:
    1. For each contactable Primary DNS that has a forward zone for the machine domain attempt to remove the Forward record.
    2. For each contactable Primary DNS that has a reverse zone for the machine domain attempt to remove the Reverse record.
  8. For each IP Addresses that is to be added:
    1. For each contactable Primary DNS that has a forward zone for the machine domain attempt to add a Forward record.
    2. For each contactable Primary DNS that has a reverse zone for the machine domain attempt to add a Reverse record.
  9. Update Secondary Servers.
    1. For each contactable Secondary DNS request a Zone Refresh.
  10. Tidy up temporary storage.

The utility removes the A and PTR records for the protected server and replaces them with records for the new IP addresses. When it is run on a server, it will check the registry for the identity of the server. If it is running on the Primary server it will remove the Secondary addresses, identified by “-s” switch and add the Primary addresses identified by the “-p” switch. When run on the Neverfail Heartbeat Secondary Server it will do the reverse.

User Account Requirements

Neverfail's DNSUpdate.exe utility requires a minimum of user's membership in the Administrators or Server Operators group on the DNS server. Both the user account and the server computer must be members of the same domain or reside within trusted domains. For more information, please see http://technet.microsoft.com/en-us/library/cc778513.aspx .

Enhanced Features

  1. The DNSUpdate tool can be run after initial install, as it will handle DNS configurations that have changed since then.
  2. Multiple IP addresses can be handled at the same time using multiple “-s” and/or “-p”.
  3. The DNSUpdate.exe handles failures and continues to attempt to update the DNS servers even when a server is unavailable or when a specific zone update fails.
  4. It has a self-test feature that checks that the system tools that it uses are compatible.
  5. It can specify name servers (if required) rather than query Active Directory.
  6. Starting with v01.06.02.01, DNSUpdate supports updating DNS 2008 Servers without requiring changes to DNS Servers security permissions.

Procedure

Usage of V01.06.02.01

Supported Versions: Neverfail Heartbeat v6.5.2 and earlier.

This version of DNSUpdate replaces DNSCMD with NFDNSCMD and requires that Application Framework .Net 2.0 is installed (also a requirement for Neverfail Heartbeat v6.5.2 and earlier).

Note: To display the NFDNSCMD i/f version, use the "-?" switch, for example: NCDNSCMD -?
To display the version of NFDNSCMD.exe, right-click the file, select properties, and view the version information.

DNSUpdate [-h] [-v] [-d] [-ci] [[-selftest] | [[-cc appName Domain Destination] -r ipaddress -a ipaddress [-ns ipaddress] [-t time] -p ipaddress -s ipaddress [-name compname] [-domain domain] [-auto] -pri ipaddress -sec ipaddress -ter ipaddress [-dcretrycount count] [-dcretrysleep sleep]]

If no parameters are passed, a self-test will run.

General Parameters:

-h : Displays this usage information

-v : Displays the version of this program

-selftest : Self tests the program

-d : Debug (traces the program)

-ci : Case insensitive Zone matching

-t time : Number of Seconds that the Address can be held

-r ipaddress : Remove this ipaddress

-a ipaddress : Add this ipaddress

-ns ipaddress : Update this Domain Name Server

-cc appName Domain Output : Run as if NFDNSScripter for the given App and Domain and put the script in Output

-p ipaddress : This is a Primary ipaddress

-s ipaddress : This is a Secondary ipaddress

-pri ipaddress : This is a Primary ipaddress

-sec ipaddress : This is a Secondary ipaddress

-ter ipaddress : This is a Tertiary ipaddress. Which address is removed/added is dependant on if the machine is the Primary, Secondary or Tertiary

-auto : Extract the IP addresses from Heartbeat (only valid with Heartbeat versions V6.0 and later)

-name compname : Name of the server

-domain domain : Domain Name

-dcretrycount count : The number of times that contact with the DC is attempted. The default is 60.

-dcretrysleep sleep : The time in milliseconds that each attempt will wait before retrying.  The default is 2000.

Return Codes:

0: Success

1: Incorrect Usage

2: Invalid Parameters

3: Self Test error

4: Fatal Windows error

6: Incompatible DNSCMD.exe

7: Heartbeat not correctly installed

8: Invalid IP Address

9: Ran out of memory

10: No normal Zones on any DNS have had IP Address's added

11 : Domain Controller cannot be contacted

Parameter Notes:

  • “-auto” This is used to instruct DNSUpdate to use the IP addresses in the registry.  With Heartbeat version V6.0 a new registry structure has been introduced that holds all the Public IP addresses, this can be used to avoid having to specify them.
  • “-cc” This is used to generate a file that is the same as the one generated by the replaced NFDNSScripter utility.  The “-cc” option will not update the DNS’s, the functionality is present for two purposes; for regression testing and to enable a visual check of what NFDNSCMD instructions would be performed.
  • “-ns” This is used to specify the IP Addresses of the DNS’s that are to be updated.  The “-ns” option will replace the list of Name Servers that are extracted from Active Directory.  There is no limitation as to how many times “-ns” can be specified, however 9 instances have been tested.
  • “-p” This parameter is used to specify the Public IP Address of the Primary.  Up to 9 instances of this parameter have been tested.
  • “-s” This parameter is used to specify the Public IP Address of the Secondary.  Up to 9 instances of this parameter have been tested.
  • “-p” & “-s” These parameters are used in different ways depending on if the tool is run on the Primary or the Secondary.  When the tool is run on the primary it will remove the “-s” IP Address’s and add the “-p”, when the tool is run on the secondary it will remove the “-p” IP Address’s and add the “-s”.
  • “-pri” An alternative for “-p”.
  • “-sec” An alternative for “-s”.
  • “-ter” This parameter is used to specify the Public IP Address of the Tertiary.
  • “-t” This parameter is used to define the TTL (Time-To-Live) for any added records, the default value is 45 seconds.  This is used by other servers to time limit their cache of the record.
  • “-ci” This parameter is used to allow zone/domain matching when the case is different e.g. “WAN1.qa” will normally NOT match “wan1.qa” this parameter will allow them to match.
  • “-name” This is used to override the server name that is extracted from the Domain Controller.
  • “-domain” This is used to override the Domain that is extracted from the Domain Controller.
  • “-dcretrycount” This is used to control the number of attempts to contact the Domain Controller.  The default is 60
  • -dcretrysleep” This is used to control the duration (in milliseconds) of the wait between each attempt to contact the Domain Controller.  The default is 2000 milliseconds (2 seconds).

Return Code Notes:

  • “0” Success : This will be returned if there have not been any errors that will cause DNSUpdate to be unable to complete its calls of NFDNSCMD.  If any of the NFDNSCMD calls fail or if there are no contactable Name Servers the Success return code will be returned.  This is intentional to allow the known situations where the DNS topology is inconsistent and/or flawed.
  • “10” Fail : This will be returned when there has been no successful attempt to update a zone (not reverse zones).
  • “11” Fail : This will be returned if the Domain Controller cannot be contacted after all the retries have been attempted.

Usage of V01.05.07

Note: With V01.05.07 the requirement to have a Domain Controller is lifted, a Domain Controller is not required if the Server (host) Name, Domain and the Name Servers are passed in the command line.

DNSUpdate [-h] [-v] [-d] [-ci] [[-selftest] | [[-cc appName Domain Destination] -r ipaddress -a ipaddress [-ns ipaddress] -p ipdaddress -s ipaddress [ -name compname] [ -domain domain]]

If no parameters are passed, a self-test will run.

General Parameters:

-h : Displays this usage information

-v : Displays the version of this program

-selftest : Self tests the program

-d : Debug (traces the program)

-t time : Number of Seconds that the Address can be held

-r ipaddress : Remove this ipaddress

-a ipaddress : Add this ipaddress

-cc appName Domain Output : Run as if NFDNSScripter for the given App and Domain and put the script in Output

-p ipaddress : This is a Primary ipaddress

-s ipaddress : This is a Secondary ipaddress which address is removed/added is dependant on if the machine is the Primary or Secondary

-ns : Specify the IP Addresses of the DNS’s that are to be updated.

Note: If multiple Name Servers are to be specified, repeat the -ns <NameServerIP> entry.

-ci : This parameter is used to allow zone/domain matching when the case is different e.g., “WAN1.qa” will normally NOT match “wan1.qa” this parameter will allow them to match.

-name compname : Name of the server

-domain domain : Domain Name

-dcretrycount : Used to override the default setting of 60

-dcretrysleep : Used to override the default setting of 2000

Return Codes:

0: Success : This will be returned if there have not been any errors that will cause DNSUpdate to be unable to complete its calls of DNSCMD. If any of the DNSCMD calls fail or if there are no contactable Name Servers, the Success return code will be returned. This is intentional to allow the known situations where the DNS topology is inconsistent and/or flawed.

1: Incorrect Usage

2: Invalid Parameters

3: Self-test error

4: Fatal Windows error

6: Incompatible DNSCMD.exe

7: Heartbeat not correctly installed

8: Invalid IP Address

9: Ran out of memory

10: No normal Zones on any DNS have had IP Address's added. This will be returned when there has been no successful attempt to update a zone (not reverse zones).

11: Domain Controller cannot be contacted

Usage of V01.05.05

Note: With V01.05.05 the requirement to have a Domain Controller is lifted, a Domain Controller is not required if the Server (host) Name, Domain and the Name Servers are passed in the command line.

DNSUpdate [-h] [-v] [-d] [-ci] [[-selftest] | [[-cc appName Domain Destination] -r ipaddress -a ipaddress [-ns ipaddress] -p ipdaddress -s ipaddress [ -name compname] [ -domain domain]]

If no parameters are passed, a self-test will run.

General Parameters:

-h : Displays this usage information

-v : Displays the version of this program

-selftest : Self tests the program

-d : Debug (traces the program)

-t time : Number of Seconds that the Address can be held

-r ipaddress : Remove this ipaddress

-a ipaddress : Add this ipaddress

-cc appName Domain Output : Run as if NFDNSScripter for the given App and Domain and put the script in Output

-p ipaddress : This is a Primary ipaddress

-s ipaddress : This is a Secondary ipaddress which address is removed/added is dependant on if the machine is the Primary or Secondary

-ns : Specify the IP Addresses of the DNS’s that are to be updated.

Note: If multiple Name Servers are to be specified, repeat the -ns <NameServerIP> entry.

-ci : This parameter is used to allow zone/domain matching when the case is different e.g., “WAN1.qa” will normally NOT match “wan1.qa” this parameter will allow them to match.

-name compname : Name of the server

-domain domain : Domain Name

Return Codes:

0: Success : This will be returned if there have not been any errors that will cause DNSUpdate to be unable to complete its calls of DNSCMD. If any of the DNSCMD calls fail or if there are no contactable Name Servers, the Success return code will be returned. This is intentional to allow the known situations where the DNS topology is inconsistent and/or flawed.

1: Incorrect Usage

2: Invalid Parameters

3: Self-test error

4: Fatal Windows error

6: Incompatible DNSCMD.exe

7: Heartbeat not correctly installed

8: Invalid IP Address

9: Ran out of memory

10: No normal Zones on any DNS have had IP Address's added. This will be returned when there has been no successful attempt to update a zone (not reverse zones).

11: Domain Controller cannot be contacted

Usage of V01.05.04 and Earlier

DNSUpdate [-h] [-v] [-d] [-ci] [[-selftest] | [[-cc appName Domain Destination] -r ipaddress -a ipaddress [-ns ipaddress]

If no parameters are passed, a self-test will run.

General Parameters:

-h : Displays this usage information

-v : Displays the version of this program

-selftest : Self tests the program

-d : Debug (traces the program)

-t time : Number of Seconds that the Address can be held

-r ipaddress : Remove this ipaddress

-a ipaddress : Add this ipaddress

-cc appName Domain Output : Run as if NFDNSScripter for the given App and Domain and put the script in Output

-p ipaddress : This is a Primary ipaddress

-s ipaddress : This is a Secondary ipaddress which address is removed/added is dependant on if the machine is the Primary or Secondary

-ns : Specify the IP Addresses of the DNS’s that are to be updated.

Note: If multiple Name Servers are to be specified, repeat the -ns <NameServerIP> entry.

-ci : This parameter is used to allow zone/domain matching when the case is different e.g., “WAN1.qa” will normally NOT match “wan1.qa” this parameter will allow them to match.

Return Codes:

0: Success : This will be returned if there have not been any errors that will cause DNSUpdate to be unable to complete its calls of DNSCMD. If any of the DNSCMD calls fail or if there are no contactable Name Servers, the Success return code will be returned. This is intentional to allow the known situations where the DNS topology is inconsistent and/or flawed.

1: Incorrect Usage

2: Invalid Parameters

3: Self-test error

4: Fatal Windows error

6: Incompatible DNSCMD.exe

7: Heartbeat not correctly installed

8: Invalid IP Address

9: Ran out of memory

10: No normal Zones on any DNS have had IP Address's added. This will be returned when there has been no successful attempt to update a zone (not reverse zones).

With Neverfail Heartbeat V5.2.2 and Prior

There are two ways in which you can run the tool directly from the Start script found on each server in the folder “C:\Neverfail\R2\Scripts\\” in order to update the DNS entries:

Note: If the user name or domain name of a user account in the Neverfail Heartbeat Management Client -> Application -> Configuration is changed post install, and this information is also used in any of the protected application scripts, then these scripts must be manually edited to reflect these changes. Additionally, the commands shown below must be entered in a single line format and are case sensitive. The username used with the DNSupdate.exe entry must be added as a user in the Neverfail Heartbeat Management Client prior to executing the Start script with the DNSupdate.exe.

  1. Echo NFCMD doExecuteAsUser <domain admin name> <domain name> "DNSUpdate -p <primary public IP address> -s <secondary public IP address>" <protected application name> start

    Note: This command will be the same in the Start scripts on both servers as the DNSUpdate tool will detect if it’s run on Primary or Secondary by checking the registry as described above.
  2. Echo NFCMD doExecuteAsUser <domain admin name> <domain name> “Dnsupdate -a <primary public IP address> -r secondary public IP address>” <protected application name> start

Or

Echo NFCMD doExecuteAsUser <domain admin name> <domain name> “Dnsupdate -a <secondary public IP address> -r <primary public IP address>” <protected application name> start

Note: This command will be different in each Start script depending on the identity of the servers (e.g. Primary or Secondary) since it will specifically add or remove the IP given after the -a or -r parameters.

To use the -ns option (Specify the IP Addresses of the DNS’s that are to be updated) the Start script entry should look like this

Echo NFCMD doExecuteAsUser <domain admin name> <domain name> “Dnsupdate -p <Primary IP address> -s <Secondary IP address> -ns <DNS Server IP Address>” This will update the DNS at address <DNS Server IP Address>.

For more information regarding usage in the Start scripts, please contact Neverfail Support.

With Neverfail Heartbeat V5.3.0 and Later

How to check whether there are secondary DNS servers in the infrastructure.

When Neverfail Heartbeat V5.3.0 and later is configured for a WAN during installation, Neverfail automatically creates the required DNSUpdate tasks under the 'Tasks' tab of the Neverfail Heartbeat Management Client. If Neverfail is initially installed in a LAN and later stretched to WAN or problems are encountered when DNSUpdate executes, the DNSUpdate tasks must be created manually.

  1. Determine detected Secondary servers using the DNSUpdate -d switch (the -d switch enables the debug mode) and look in the output for the below section:

    updateSecondaries

    Update secondary DNS servers
  2. If you see /zonerefresh commands on various DNS servers, you will then need to add 'Network Configuration' tasks to both servers manually.

How to create a network configuration task that runs DNSUpdate in environments without secondary DNS servers.

To create DNSUpdate tasks manually, follow these steps:

  1. Launch the Neverfail Heartbeat Management Client.
  2. Click on the Application button.
  3. Select the Tasks tab.
  4. Click on the User Accounts button.
  5. Click the Add button.
  6. Enter the credentials for an account with rights to update the DNS (a member of the Administrators or Server Operators group on the DNS server).
  7. Click Ok , and then Close .
  8. Click the Add button to add a new task.
  9. Provide a descriptive name for the 'Task' (i.e. DNSUpdate).
  10. Select 'Network Configuration' for Task type.
  11. Select either Primary or Secondary for the server the task should run on as appropriate.
  12. In the Command field, enter the "dnscmd" with appropriate flags as shown below in the example.
  13. In the 'Run As' field select the user appropriate user account from the drop down and then click Ok .

Note: The DNSUpdate tool will detect if it’s being run on Primary or Secondary server by checking the registry as described previously.

Example: Dnsupdate -p <primary public IP address> -s secondary public IP address>

How to create a network configuration task that runs DNSUpdate in environments with secondary DNS servers.

To create DNSUpdate tasks manually, follow these steps:

  1. Launch the Neverfail Heartbeat Management Client.
  2. Click on the Application button.
  3. Select the Tasks tab.
  4. Click on the User Accounts button.
  5. Click the Add button.
  6. Enter the credentials for an account with rights to update the DNS (a member of the Administrators or Server Operators group on the DNS server).
  7. Click Ok , and then Close .
  8. Click the Add button to add a new task.
  9. Provide a descriptive name for the 'Task' (i.e. DNSUpdate).
  10. Select 'Network Configuration' for Task type.
  11. Select either Primary or Secondary for the server the task should run on as appropriate.
  12. In the Command field, enter the "dnscmd" with appropriate flags as shown below in the example.
  13. In the 'Run As' field select the user appropriate user account from the drop down and then click Ok .

Note: To simplify the DNS update process, a batch file can be created to include all dnscmd instances and then a single network configuration task can be configured to run newly created batch file.

Example: Add the following 4 commands as separate Network Configuration tasks in the sequence listed below for each detected Secondary DNS server replacing {…} with the appropriate value:

dnscmd {DNS server IP} /RecordDelete {fqdn} {netbios machine name} A {machine IP to remove} /f

dnscmd {DNS server IP} /RecordDelete {reverse zone name} {server IP truncated} PTR {fully qualified machine name} /f

dnscmd {DNS server IP} /RecordAdd {fqdn} {netbios machine name} {TTL} A {machine IP to add}

dnscmd {DNS server IP} /RecordAdd {reverse zone name} {server IP truncated} {TTL} PTR {fully qualified machine name}

DNSCMD Calls

/RecordAdd - Used to add both Forward (A) and Reverse (PTR) records.
/RecordDelete - Used to remove both Forward (A) and Reverse (PTR) records.
/Zonerefresh - Used to instruct a Secondary (Slave) DNS to refresh its zones.
-? Used to extract the usage of DNSCMD so that its compatibility can be determined.
/EnumZones - Used to retrieve the list of zones.
/Info IsSlave - Used to identify Secondary (Slave) DNS’s.


Applies To

All Versions


Related Information

Knowledgebase article #814 - 'How to Configure DNS with Neverfail Heartbeat V5.2.2 and Prior in a WAN Environment'
Knowledgebase article #1425 - 'How to Configure DNS with Neverfail Heartbeat V5.3.0 and Later in a WAN Environment'

Knowledgebase article #2500 - 'Granting User the Rights to Run the DNSUpdate Tasks'

KBID-389

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.