I would like to remove all public IPv6 addresses from our DNS server, e.g. 2000:a61:10e3:8f01:: or 2003:d8:8bd7:c000:: but leave all link-local or site-local addresses e.g. fd00:: untouched.
I figured how to get a list of all AAAA records:
$DNSServer = "dns.domain.net"
$ZoneName = "domain.net"
$NodeDNS = $null
$NodeDNS = Get-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -RRType AAAA -ErrorAction SilentlyContinue
Now the question is how to filter all those "public" records before invoking the Remove-DNSServerResourceRecord command?
Remove-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -InputObject $NodeDNS -Force
would remove all AAAA records.
You can use this filter:
Get-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -RRType AAAA -ErrorAction SilentlyContinue |
Where-Object {$_.RecordData.IPv6Address.IPAddressToString -match '2000:a61:10e3:8f01' -or `
$_.RecordData.IPv6Address.IPAddressToString -match '2003:d8:8bd7:c000' -and `
$_.RecordData.IPv6Address.IPAddressToString -notmatch '^fd00'
} | Remove-DnsServerResourceRecord -ZoneName $ZoneName -WhatIf
The Sample uses Where-Object to filter returned data with specific string -match -and and -notmatch for further explanation see Get-Help about_Comparison_Operators
I've added the -WhatIf Parameter which show what it does before actually make the change, just to make sure you get the right results before deleting, if it's ok, remove the -WhatIf