DNSCMD will not work in Perl script

velocitygirl13 has asked for the wisdom of the Perl Monks concerning the following question:

Hello. I'm working on a Windows 2008 Server. I have a Perl script that is programmed to automatically add entries to my Windows DNS server which is on the same box that I'm running the script on. How it works is, I have a web form that I fill out and when I click Submit, it runs the .pl script and calls the .pm file which contains the dnscmd lines. For some reason, I get an error for each dnscmd line which says:

Cmd : dnscmd NS1.mynameserver.com /zoneadd test.com
/Primary /file test.com.dns,
Result : ,
Errorcode : 1280

I have no idea what error code 1280 means. I have researched it, but can't find anything that I feel would apply to my situation. Also, this script worked flawlessly on my Windows 2003 server. Since we moved our DNS to a Windows 2008 server, I need to run the script directly on the 2008 server which has the new DNS setup because the dnscmd won't work to add entries coming from a 2003 going to a 2008 (Windows security policy etc...)

My thoughts about this is that it's not working because dnscmd needs to be ran as an administrator on the 2008 server in order for it to add entries to the DNS server. I say this because when I take one of the lines of my script and run it from an elevated command line, it works and adds the entries. I may be completely off-base with my thoughts about this, but that's what i gather from my observation.

Here are a few of the dnscmd lines from my script for your reference if you need them:

$cmd = "dnscmd $PRIMARYDNSHOSTNAME /zoneadd $ZONENAME /Primary /file $ZONENAME.dns"; $returncode = ExecAndReturn($cmd);

$cmd = "dnscmd $PRIMARYDNSHOSTNAME /recorddelete $ZONENAME @ NS $PRIMARYDNSHOSTNAME. /f"; $returncode = ExecAndReturn($cmd);

$cmd = "dnscmd $PRIMARYDNSHOSTNAME /recordadd $ZONENAME @ SOA $PRIMARYDNSNAME.$HOSTINGDOMAIN. webmaster.$HOSTINGDOMAIN $SOASN 3600 600 1209600 3600"; $returncode = ExecAndReturn($cmd);

$cmd = "dnscmd $PRIMARYDNSHOSTNAME /recordadd $ZONENAME @ NS $PRIMARYDNSNAME.$HOSTINGDOMAIN."; $returncode = ExecAndReturn($cmd);

$cmd = "dnscmd $PRIMARYDNSHOSTNAME /recordadd $ZONENAME @ A $WEBIP"; $returncode = ExecAndReturn($cmd);

$cmd = "dnscmd $PRIMARYDNSHOSTNAME /recordadd $ZONENAME @ NS $SECONDARYDNSNAME.$HOSTINGDOMAIN."; $returncode = ExecAndReturn($cmd);

Please let me know if you need anything else from me. I'm using ActivePerl 5.8.8 build 822. This is the exact same version and configuration that I use on my Windows 2003 server.

Thanks in advance.

Comment on DNSCMD will not work in Perl script

Replies are listed 'Best First'.
Re: DNSCMD will not work in Perl script by dasgar (Priest) on Feb 28, 2014 at 17:05 UTC
How it works is, I have a web form that I fill out and when I click Submit, it runs the .pl script and calls the .pm file which contains the dnscmd lines. ...when I take one of the lines of my script and run it from an elevated command line, it works and adds the entries I could be wrong, but I believe the statements of yours listed above point to a permissions issue. With the first statement, it sounds like you're running this as a script via a web server. Most web servers are running server side scripts with a restricted user account. Probably the web server's user account for responding to web requests does not have permissions to run the dnscmd.exe utility. Even if you were to make that web server user account a member of the administrator user group (which I don't recommend you doing), your second statement points to another issue. Even with administrator level rights, you're having to use a command prompt with elevated permissions (i.e. a command prompt opened with "Run as Administrator"). Off hand, I'm not sure of how to accomplish this. This sounds a lot like the issue in someone else's recent post (Cannot execute external process). Don't necessarily have answers for you, but thought this might help point you in the right direction.	[reply]
Re: DNSCMD will not work in Perl script by SuicideJunkie (Vicar) on Feb 28, 2014 at 16:49 UTC
Well, first thing that caught my eye is that "ExecAndReturn" function. You don't show the code, but it sounds like an oxymoron, since `exec` doesn't return by definition. If you haven't already, you should try running that command as the user that your webserver is using to clinch the issue. If you really do have to be admin to do it, then your problem is clear.	[reply] [d/l]
Re: DNSCMD will not work in Perl script by karlgoethebier (Abbot) on Feb 28, 2014 at 16:55 UTC
System Error Codes? I guessed, OK.:-( Regards, Karl «The Crux of the Biscuit is the Apostrophe»	[reply]
Re: DNSCMD will not work in Perl script by karlgoethebier (Abbot) on Feb 28, 2014 at 19:54 UTC
I guess again: When you invoke `dnscmd [params]` that means you really say `cmd.exe dnscmd [params]`, as fare as i remember. Perhaps the user that your webserver is using has not the permissions to run `cmd.exe`? A System Policy or whatever this is called? I blandly remember that invoking `cmd.exe` must explicitly be allowed for the IIS UID... Best regards, Karl Edit: added missing word «The Crux of the Biscuit is the Apostrophe»	[reply] [d/l] [select]
Re^2: DNSCMD will not work in Perl script by velocitygirl13 (Novice) on Feb 28, 2014 at 20:56 UTC
Thanks to everyone for all of the tips and information. I have tried everything you have suggested and it still will not work. I'm extremely frustrated at this point. I have been working on this for weeks and nothing I do works. It's aggravating because it works perfectly on my Windows 2003 server. I just can't use it over there because my DNS server is now on a remote 2008 server. I'm lost for a solution and it's driving me nuts.	[reply]
Re^3: DNSCMD will not work in Perl script by graff (Chancellor) on Mar 01, 2014 at 10:00 UTC
I'm not a windows guy, so what I say here may be nonsense, but… It might actually be a Good Thing™ that the 2008 server has better security than the 2003 model. The fact that it gets in the way of doing what you need to do is sad, but it might be even sadder if, by allowing needful things to be easier for you, it also allowed bad things to be easier for bad people. If the "web-server-userid" vs. "admin-user-id" conflict is the problem, I wonder if there might be a way to run a daemon process on the 2008 server (under the admin account) that, say, monitors a directory, and if anything gets placed in that directory, it reads it as a set of dnscmd instructions and runs them. If you promise to be very careful about setting up that directory, and configuring the web-server process that could place files into that directory, then you might be able to do what needs to be done without completely defeating the "enhanced security" of the 2008 system. (Update: you would of course also need to be very careful about setting up the admin daemon process - basically, you want to make sure that both processes are very rigorously scrupulous about what can be placed into that directory and what kinds of actions can be taken as a result. Every conceivable safeguard is needed, and the lingering problem is the set of exploits that someone else could conceive before you do.) Again, I'm not a windows guy - and I'm quite poorly informed about DNS security issues in general. Please keep looking for advice from a "higher authority." (Not just perl hackers, but also real sysadmins with windows 2008 experience.)	[reply]
Re^3: DNSCMD will not work in Perl script by karlgoethebier (Abbot) on Feb 28, 2014 at 22:01 UTC
Don't give up. See this. Karl «The Crux of the Biscuit is the Apostrophe»	[reply]