I run BIND9 DNS servers and allow Dynamic DNS updates from my customers by using a TSIG key.
One of my customers uses only a Windows environment, and therefore PowerShell to run scripts. He wants to use PowerShell to send dynamic updates to my servers.
Doing this from a Linux shell for testing is easy: use nsupdate.
from: https://www.freeipa.org/page/Howto/DNS_updates_and_zone_transfers_with_TSIG
Client
For nsupdate from bind-utils package you have to either use
option -y algorithm:keyname:keyvalue or -k keyfilename option. E.g.
$ nsupdate -y hmac-sha512:keyname:keyvalueor
$ nsupdate -k Kkeyname.+165+0316.private
then do your update:
from https://linux.die.net/man/8/nsupdate:
# nsupdate > update delete oldhost.example.com A > update add newhost.example.com 86400 A 172.16.1.1 > send
To do an update from Powershell without TSIG is … kinda easy… I think?: use a cmdlet (for example) Add-DnsServerResourceRecordA
Add-DnsServerResourceRecordA -Name "host23" -ZoneName "contoso.com" - AllowUpdateAny -IPv4Address "172.18.99.23" -TimeToLive 01:00:00
After scouring the documentation, I don't see any references to Transaction Signatures or somehow using a TSIG key.
How do I send a dynamic update using a TISG key to a BIND9 server from Powershell?
This is frustratingly hard to find an example of. Most examples I can find are using PowerShell to send updates via an API which then (probably) does some kind of deploy or dynamic update inside a black box. I want to just build a DDNS update and send it off using PowerShell.
Best Answer
They will have to download nsupdate from BIND (https://www.isc.org/downloads/). It is possible to call nsupdate from a PowerShell host.