Tuesday, October 13, 2009

Get authoritative DNS entry in Powershell

This is a small script I worked up to find the authoritative NS for a host and ask it for the IP.  It will take a host to check, do a whois from the www.trynt.com web service and ask each of the authoritative name servers for an IP. 

For my purposes, I didn’t need to worry about foreign hostnames (bbc.co.uk) so I cheated a bit on splitting up the host from domain name.  I am just taking the last two strings (split by “.”) as the domain name.  so host.net.company.com and www.company.com will do a whois for company.com (correct) but www.bbc.co.uk will do a whois for co.uk (incorrect).

This relies on my library for the out-log function.  This was detailed here.  The line below . ./ejlib.ps1 should be the path to wherever you saved your out-log function.  If you don't want to use the out-log function, just comment out all the out-log lines, they are only for logging.  (ie put an # in front of each line that begins w/ out-log (or just remove out-log and any number after the string and it will print to the console).

To use it just pass -host "host.company.com" to the function or script.  If you save the below as get-authdns.ps1 in the local directory you would call:
./get-authdns.ps1 -host "www.microsoft.com"
optionally add "-v 3" to see debugging messages.

#does a whois to get a auth DNS server and gets the ip address for that host.
      $verbosity = 0

#load library
. ./ejlib.ps1
out-log "Libraries Loaded"

#pull off hostname for whois.  does not work w/ foreign (.co.uk, type) domains
$arrHostToCheck = $hostToCheck.split(".")
$strDomainForWhois = "$($arrHostToCheck[$arrHostToCheck.count-2]).$($arrHostToCheck[$arrHostToCheck.count-1])"

#crediting TryNT for their whois web gateway <a href="http://www.trynt.com/" title="TRYNT Web Services">TRYNT Web Services</a> Powered
$uri="http://www.trynt.com/whois-api/v1/?h=" + $strDomainForWhois + "&f=1"
out-log "Contacting Whois.  URL: $uri"
$resp=[xml](New-Object -TypeName System.Net.WebClient).Downloadstring($uri)

out-log "Selecting XML from WHOIS" 2
$colNSIPs = $resp.SelectNodes("descendant::Trynt/Whois/regrinfo/domain/name-server/ip")

#we will iterate through our collection of NS IPs until we get an answer.

if (-not ($colNSIPs.item(0).data.count -gt 1)) { # we didn't get a response from TryNT
      out-log "ERROR: No response from WHOIS"  0
} else {
      out-log "We received a legible response from WHOIS containing $($colNSIPs.item(0).data.Count) IPs"
      foreach ($ip in $colNSIPs.item(0).data) { # try to get an IP
            out-log "Checking NS: $IP" 2
            $strIP = $(& "c:\windows\system32\nslookup" $HostToCheck $IP)[4].Split()[2]
            #check that we did find an IP
            if ($strIP -match ("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")) {
                  out-log "Found $strIP for $HostToCheck from NS: $ip"

return $strIP

No comments:

Post a Comment