How to Use the Neverfail Utility DNSUpdate.exe

How to Use the Neverfail Utility DNSUpdate.exe

Summary

This Knowledgebase article describes how to use the Neverfail DNSUpdate.exe tool.

More Information

DNSUpdate automates the change of IP addresses in a WAN environment, where different subnets are used for the Primary and Secondary servers. When the Secondary server becomes active, DNS is updated to change the forward and reverse lookup addresses from the Primary IP to Secondary IP address.  

DNSUpdate runs each time a switchover or failover occurs. The DNSUpdate tool operates by first going to Active-Directory to get a list of all the DNS servers and then attempts to update the records for the protected server based on the command line arguments.
The main steps performed by DNSUpdate are:

  1. Self-test (check that Neverfail Engine is installed and the 3rd party tools are compatible).
  2. Get machine and environment identities.
  3. Get the list of Name Servers from Active Directory (if the “-ns” option is not used).
  4. For each Name Server check that it is contactable.
  5. For each contactable Name Server identify if it’s a Primary or Secondary (Slave) DNS.
  6. For each contactable Primary DNS extract the list of zones.
  7. For each IP Addresses that is to be removed:
    1. For each contactable Primary DNS that has a forward zone for the machine domain attempt to remove the Forward record.
    2. For each contactable Primary DNS that has a reverse zone for the machine domain attempt to remove the Reverse record.
  8. For each IP Addresses that is to be added:
    1. For each contactable Primary DNS that has a forward zone for the machine domain attempt to add a Forward record.
    2. For each contactable Primary DNS that has a reverse zone for the machine domain attempt to add a Reverse record.
  9. Update Secondary Servers.
    1. For each contactable Secondary DNS request a Zone Refresh.
  10. Tidy up temporary storage.

The utility removes the A and PTR records for the protected server and replaces them with records for the new IP addresses. When it is run on a server, it will check the registry for the identity of the server. If it is running on the Primary server it will remove the Secondary addresses, identified by “-s” switch and add the Primary addresses identified by the “-p” switch. When run on the Neverfail Engine Secondary Server it will do the reverse.

User Account Requirements

Neverfail's DNSUpdate.exe utility requires a minimum of user's membership in the DNSAdminis or Server Operators group on the DNS server. Both the user account and the server computer must be members of the same domain or reside within trusted domains. For more information, please see the following article: DNSUpdate - Granting Necessary Permission For The User Account

Enhanced Features

  1. The DNSUpdate tool can be run after initial install, as it will handle DNS configurations that have changed since then.
  2. Multiple IP addresses can be handled at the same time using multiple “-s” and/or “-p”. 
  3. The DNSUpdate.exe handles failures and continues to attempt to update the DNS servers even when a server is unavailable or when a specific zone update fails.
  4. It has a self-test feature that checks that the system tools that it uses are compatible.
  5. It can specify name servers (if required) rather than query Active Directory.

Usage

DNSUpdate [-h] [-v] [-d] [-ci] [[-selftest] | [[-cc appName Domain Destination] -r ipaddress -a ipaddress [-ns ipaddress] [-t time] -p ipaddress -s ipaddress [-name compname] [-domain domain] [-auto] -pri ipaddress -sec ipaddress -ter ipaddress [-dcretrycount count] [-dcretrysleep sleep]]
If no parameters are passed, a self-test will run.
General Parameters:
-h : Displays this usage information
-v : Displays the version of this program
-selftest : Self tests the program
-d : Debug (traces the program)
-ci : Case insensitive Zone matching
-t time : Number of Seconds that the Address can be held
-r ipaddress : Remove this ipaddress
-a ipaddress : Add this ipaddress
-ns ipaddress : Update this Domain Name Server
-cc appName Domain Output : Run as if NFDNSScripter for the given App and Domain and put the script in Output
-p ipaddress : This is a Primary ipaddress
-s ipaddress : This is a Secondary ipaddress
-pri ipaddress : This is a Primary ipaddress
-sec ipaddress : This is a Secondary ipaddress
-ter ipaddress : This is a Tertiary ipaddress. Which address is removed/added is dependant on if the machine is the Primary, Secondary or Tertiary
-auto : Extract the IP addresses from Engine (only valid with Engine versions V8.0 and later)
-name compname : Name of the server
-domain domain : Domain Name
-dcretrycount count : The number of times that contact with the DC is attempted. The default is 60.
-dcretrysleep sleep : The time in milliseconds that each attempt will wait before retrying.  The default is 2000.
Return Codes:
0: Success
1: Incorrect Usage
2: Invalid Parameters
3: Self Test error
4: Fatal Windows error
6: Incompatible DNSCMD.exe
7: Engine not correctly installed
8: Invalid IP Address
9: Ran out of memory
10: No normal Zones on any DNS have had IP Address's added
11 : Domain Controller cannot be contacted
Parameter Notes:
  • “-auto” This is used to instruct DNSUpdate to use the IP addresses in the registry.  With Engine V8.0 a new registry structure has been introduced that holds all the Public IP addresses, this can be used to avoid having to specify them.
  • “-cc” This is used to generate a file that is the same as the one generated by the replaced NFDNSScripter utility.  The “-cc” option will not update the DNS’s, the functionality is present for two purposes; for regression testing and to enable a visual check of what NFDNSCMD instructions would be performed.
  • “-ns” This is used to specify the IP Addresses of the DNS’s that are to be updated.  The “-ns” option will replace the list of Name Servers that are extracted from Active Directory.  There is no limitation as to how many times “-ns” can be specified, however 9 instances have been tested.
  • “-p” This parameter is used to specify the Public IP Address of the Primary.  Up to 9 instances of this parameter have been tested.
  • “-s” This parameter is used to specify the Public IP Address of the Secondary.  Up to 9 instances of this parameter have been tested.
  • “-p” & “-s” These parameters are used in different ways depending on if the tool is run on the Primary or the Secondary.  When the tool is run on the primary it will remove the “-s” IP Address’s and add the “-p”, when the tool is run on the secondary it will remove the “-p” IP Address’s and add the “-s”.
  • “-pri” An alternative for “-p”.
  • “-sec” An alternative for “-s”.
  • “-ter” This parameter is used to specify the Public IP Address of the Tertiary.
  • “-t” This parameter is used to define the TTL (Time-To-Live) for any added records, the default value is 45 seconds.  This is used by other servers to time limit their cache of the record.
  • “-ci” This parameter is used to allow zone/domain matching when the case is different e.g. “WAN1.qa” will normally NOT match “wan1.qa” this parameter will allow them to match.
  • “-name” This is used to override the server name that is extracted from the Domain Controller.
  • “-domain” This is used to override the Domain that is extracted from the Domain Controller.
  • “-dcretrycount” This is used to control the number of attempts to contact the Domain Controller.  The default is 60
  • -dcretrysleep” This is used to control the duration (in milliseconds) of the wait between each attempt to contact the Domain Controller.  The default is 2000 milliseconds (2 seconds).
Return Codes:
0: Success : This will be returned if there have not been any errors that will cause DNSUpdate to be unable to complete its calls of DNSCMD. If any of the DNSCMD calls fail or if there are no contactable Name Servers, the Success return code will be returned. This is intentional to allow the known situations where the DNS topology is inconsistent and/or flawed.
1: Incorrect Usage
2: Invalid Parameters
3: Self-test error
4: Fatal Windows error
6: Incompatible DNSCMD.exe
7: Engine not correctly installed
8: Invalid IP Address
9: Ran out of memory
10: No normal Zones on any DNS have had IP Address's added. This will be returned when there has been no successful attempt to update a zone (not reverse zones).
11: Domain Controller cannot be contacted  

With Neverfail Engine  V8.0 and Later

How to check whether there are secondary DNS servers in the infrastructure. 
When Neverfail Engine V8.0 and later is configured for a WAN during installation, Neverfail automatically creates the required DNSUpdate tasks under the 'Tasks' tab of the Neverfail Engine Advanced Management Client. If Neverfail is initially installed in a LAN and later stretched to WAN or problems are encountered when DNSUpdate executes, the DNSUpdate tasks must be created manually. 
  1. Determine detected Secondary servers using the DNSUpdate -d switch (the -d switch enables the debug mode) and look in the output for the below section:

         
         Update secondary DNS servers
  2. If you see /zonerefresh commands on various DNS servers, you will then need to add 'Network Configuration' tasks to both servers manually. 
How to create a network configuration task that runs DNSUpdate in environments without secondary DNS servers.
To create DNSUpdate tasks manually, follow these steps:
  1. Launch the Neverfail Engine Advanced Management Client.
  2. Click on the Application button.
  3. Select the Tasks tab.
  4. Click on the User Accounts button.
  5. Click the Add button.
  6. Enter the credentials for an account with rights to update the DNS (a member of the Administrators or Server Operators group on the DNS server).
  7. Click Ok, and then Close.
  8. Click the Add button to add a new task.
  9. Provide a descriptive name for the 'Task' (i.e. DNSUpdate).
  10. Select 'Network Configuration' for Task type.
  11. Select either Primary or Secondary for the server the task should run on as appropriate.
  12. In the Command field, enter the "dnscmd" with appropriate flags as shown below in the example.
  13. In the 'Run As' field select the user appropriate user account from the drop down and then click Ok.
Note: The DNSUpdate tool will detect if it’s being run on Primary or Secondary server by checking the registry as described previously. 
Example: Dnsupdate -p <primary public IP address> -s secondary public IP address> 
How to create a network configuration task that runs DNSUpdate in environments with secondary DNS servers.  
To create DNSUpdate tasks manually, follow these steps:
  1. Launch the Neverfail Engine Advanced Management Client.
  2. Click on the Application button.
  3. Select the Tasks tab.
  4. Click on the User Accounts button.
  5. Click the Add button.
  6. Enter the credentials for an account with rights to update the DNS (a member of the Administrators or Server Operators group on the DNS server).
  7. Click Ok, and then Close.
  8. Click the Add button to add a new task.
  9. Provide a descriptive name for the 'Task' (i.e. DNSUpdate).
  10. Select 'Network Configuration' for Task type.
  11. Select either Primary or Secondary for the server the task should run on as appropriate.
  12. In the Command field, enter the "dnscmd" with appropriate flags as shown below in the example.
  13. In the 'Run As' field select the user appropriate user account from the drop down and then click Ok.
Note: To simplify the DNS update process, a batch file can be created to include all dnscmd instances and then a single network configuration task can be configured to run newly created batch file.

Example: Add the following 4 commands as separate Network Configuration tasks in the sequence listed below for each detected Secondary DNS server replacing {…} with the appropriate value:
dnscmd {DNS server IP} /RecordDelete {fqdn} {netbios machine name} A {machine IP to remove} /f
dnscmd {DNS server IP} /RecordDelete {reverse zone name} {server IP truncated} PTR {fully qualified machine name} /f
dnscmd {DNS server IP} /RecordAdd {fqdn} {netbios machine name} {TTL} A {machine IP to add}
dnscmd {DNS server IP} /RecordAdd {reverse zone name} {server IP truncated} {TTL} PTR {fully qualified machine name} 

DNSCMD Calls

/RecordAdd - Used to add both Forward (A) and Reverse (PTR) records.
/RecordDelete - Used to remove both Forward (A) and Reverse (PTR) records.
/Zonerefresh - Used to instruct a Secondary (Slave) DNS to refresh its zones.
-? Used to extract the usage of DNSCMD so that its compatibility can be determined.
/EnumZones - Used to retrieve the list of zones.
/Info IsSlave - Used to identify Secondary (Slave) DNS’s.

Applies To

All Versions

    • Related Articles

    • DNSUpdate Utility v2.0.16 - Release Notes

      Summary This Knowledgebase article provides release and usage information about this specific version of DNSUpdate Utility v2.0.16 which is bundled with Neverfail Continuity Engine v8.5. More Information New Features Added new option ...
    • When to Use Neverfail Patch Management Options

      The challenges associated with patching passive nodes with Engine's true clone based architecture Neverfail Continuity Engine employs a clone-based architecture in order to create exact copies of production servers and incrementally synchronize ...
    • Troubleshooting DNSUpdate Events

      Summary This Knowledgebase article provides information for troubleshooting the Neverfail DNSUpdate.exe utility events.  More Information If problems are encountered when running DNSUpdate.exe tool, the following options can be used to assist in ...
    • Neverfail Continuity Engine Recloning limitations when static routes are configured

      Summary This Knowledgebase article provides details about the supported use cases of Recloning feature when persistent static routes are configured on the Neverfail Continuity Engine cluster. It also offers details about the known limitations and ...
    • Neverfail Continuity Engine disables Automatic DNS Registration on the Protected Server

        Summary This Knowledge base article provides information about the configuration of Automatic DNS registration on a server protected by Neverfail Continuity Engine.   More Information When Installing or Upgrading Neverfail Continuity Engine ...