trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add code to section "Excluding NAT interface from DNS"

Browse Source 
Hi!
I want  you to add code to subj section. 
Here my qwuick and dirty example of a code
Here the list what it proposed to do.
1. remove NAT adapters IP Resource records in DNS Server.
2. Uncheck option "Register this connection's addresses in dns"
3. Remove all RR from NAT if already registered. (unnessesary, if NAT adapter RR not exist)
4. restart DNS server service.
This commit is contained in:
Dmitry
2018-09-04 15:28:44 +07:00
committed by GitHub
parent 98de0cd20d
commit 4d21d2e885
1 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
Vagrant/scripts/create-domain.ps1
View File

@@ -4,6 +4,8 @@ param ([String] $ip)
$subnet = $ip -replace "\.\d+$", "" $subnet = $ip -replace "\.\d+$", ""
$domain= "windomain.local"
if ((gwmi win32_computersystem).partofdomain -eq $false) { if ((gwmi win32_computersystem).partofdomain -eq $false) {
Write-Host 'Installing RSAT tools' Write-Host 'Installing RSAT tools'
@@ -34,7 +36,7 @@ if ((gwmi win32_computersystem).partofdomain -eq $false) {
-CreateDnsDelegation:$false ` -CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" ` -DatabasePath "C:\Windows\NTDS" `
-DomainMode "7" ` -DomainMode "7" `
-DomainName "windomain.local" ` -DomainName $domain `
-DomainNetbiosName "WINDOMAIN" ` -DomainNetbiosName "WINDOMAIN" `
-ForestMode "7" ` -ForestMode "7" `
-InstallDns:$true ` -InstallDns:$true `
@@ -51,5 +53,32 @@ if ((gwmi win32_computersystem).partofdomain -eq $false) {
} }
Write-Host "Setting timezone to UTC" Write-Host "Setting timezone to UTC"
c:\windows\system32\tzutil.exe /s "UTC" c:\windows\system32\tzutil.exe /s "UTC"
Write-Host "Excluding NAT interface from DNS" Write-Host "Excluding NAT interface from DNS"
$nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "172.25.*" }
$dnslistenip=$nics.IPAddress
$dnslistenip
dnscmd /ResetListenAddresses $dnslistenip
$nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "10.*" }
foreach($nic in $nics)
{
$nic.DomainDNSRegistrationEnabled = $false
$nic.SetDynamicDNSRegistration($false) |Out-Null
}
#Get-DnsServerResourceRecord -ZoneName $domain -type 1 -Name "@" |Select-Object HostName,RecordType -ExpandProperty RecordData |Where-Object {$_.IPv4Address -ilike "10.*"}|Remove-DnsServerResourceRecord
$RRs= Get-DnsServerResourceRecord -ZoneName $domain -type 1 -Name "@"
foreach($RR in $RRs)
{
if ( (Select-Object -InputObject $RR HostName,RecordType -ExpandProperty RecordData).IPv4Address -ilike "10.*")
{
Remove-DnsServerResourceRecord -ZoneName $domain -RRType A -Name "@" -RecordData $RR.RecordData.IPv4Address -Confirm
}
}
Restart-Service DNS
} }