How To Safely Change DNS Client Settings

DNS Client Settings PowerShell

Picture the following scenario:

  • You have introduced a couple of new DNS server, perhaps as part of a domain controller upgrade
  • You want to decommission the old DNS servers
  • All you servers have static IP configuration

How do you SAFELY and EASILY change the DNS settings of all your servers?

PowerShell Automation

The answer to this question is of course PowerShell. If you have a large number of servers you’ll want to automate this process.

However, things can quickly go bad if you’re not careful with this. Messing up your server DNS settings can practically blow up your environment.

Working with a client facing exactly this challenge we came up with the following script:

$HostNames = Import-Csv "DNS_Clients_HostNames.txt" -Delimiter ";"
$OldDNS = ('10.45.1.5', '10.45.1.6')
$NewDNS = ('10.45.1.10', '10.45.1.11')
$ScriptBlockRead = {Get-NetAdapter | Get-DnsClientServerAddress | ? {$_.ServerAddresses -like $OldDNS[0] -OR $_.ServerAddresses -like $OldDNS[1]}}
$ScriptBlockWrite = {Get-NetAdapter | Get-DnsClientServerAddress | ? {$_.ServerAddresses -like $OldDNS[0] -OR $_.ServerAddresses -like $OldDNS[1]} | Set-DnsClientServerAddress -ServerAddresses $NewDNS}
ForEach ($HostName in $HostNames){
    $Adapter = Invoke-Command -ComputerName $HostName.Hostname -ScriptBlock $ScriptBlockRead -ErrorAction SilentlyContinue
    If ($Adapter){
        $Output = $HostName.HostName + ";" + $Adapter.InterfaceAlias + ";" + $Adapter.InterfaceIndex + ";" + $Adapter.ServerAddresses
        Write-Host $Output
        #Invoke-Command -ComputerName $HostName.Hostname -ScriptBlock $ScriptBlockWrite
    }
    Else {
        Write-Host Skipping $HostName.HostName
    }
}

The script takes an input file named “DNS_Clients_HostNames.txt”. The input files should have a header (first line) named “Hostname”, similar to this:

Hostname
FILESRV01.domain.local
FILESRV02.domain.local
FILESRV03.domain.local
WEBSRV01.domain.local
WEBSRV02.domain.local

One thing to notice about the script is that line 11 is commented out – this is the line that actually changes the DNS settings of the server.

This is done as an extra precaution to allow you to evaluate the script output before making any live changes.

Once you’ve tested the output of the script you can un-comment line 11 to allow the script to perform the actual changes on your servers DNS client settings.

Another safety measure would be to limit your input file to only a few servers. Check the servers manually after running the script. If all looks fine you can extend the input file to your full list of servers.

When you have run the script and changed all your servers, you can use the same script to check that all servers are now being skipped by the script. This indicates that DNS client settings has changed, since no adapter is now found with the old DNS server settings.

Hope you can use the script, perhaps as inspiration to your own approach. Use at own risk 😉