win_dns_record (#51925)

* win_dns: Initial work * win_dns: initial commit * Renaming win_dns -> win_dns_record * win_dns_record: Fix record leakage in output * win_dns_record: Fix erroneous minimums enforcement It is apparently completely legitimate to specify a TTL that is below minimum; it will just get ignored in favor of the server's minimum. * win_dns_record: Fix new-host changes reported incorrectly * win_dns_record: Fix TTL changes reported incorrectly * win_dns_record: Fix existing records not recognized * win_dns_record: Remove obsolete object * Refactorize check mode * Add computer_name parameter * Refactorize diff and changed to read DNS end state * Fix pslint tests PSUseDeclaredVarsMoreThanAssignments and PSAvoidUsingCmdletAliases * Minor fix, misnamed variable. * win_dns_record: Fix "changed" state in check mode * win_dns_record: cleanups * win_dns_record: fix TTL update not changed regression * Add initial integration tests * win_dns_record: integration tests * win_dns_record: Reverted 9cf5f2d8e6 The approach from that commit breaks check mode. * win_dns_record: de-scope some records These are either esoteric (meaning limited realworld testing) or require additional thought to do properly (eg MX, which has its "priority" level). * win_dns_records tests: Ensure DNS services are installed * Update lib/ansible/modules/windows/win_dns_record.py Co-Authored-By: johnboy2 * Update lib/ansible/modules/windows/win_dns_record.py Co-Authored-By: johnboy2 * Aggregated suggestions from dagwieers * Fix bad powershell test argument * win_dns_record partially converted to new Powershell module interface win_dns_record converted to new Powershell module interface, except diff and required_if * win_dns_record: convert diff support * win_dns_record: convert diff support to after-before style * Don't test for Add-WindowsFeature * win_dns_record: Fix diff When check mode is used diff changes must be simulated. * Style consistency/clean-ups * Fix integration test typos * Improve readability of diff output The original intention of the diff output was to resemble zone file records (except that the zone-name is added onto each record). In that light, the missing *record class* information (always "IN" in our case) was an oversight. This just makes the diff output more "instantly readable" for DNS gurus. * win_dns_record: Add diff tests * Fix ansible-test sanity check fails * Apply suggestions from code review Added suggestions from dagwieers Co-Authored-By: johnboy2 <john@jnelson.ca> * win_dns_record: Skip 2008 and friends * Reword error messages so they start capitalized. * Fix sanity error * win_dns_record: Document ttl range * win_dns_record: Additional supportability barriers in tests * win_dns_record: Typo * win_dns_record: Sanity fix * win_dns_record: Use OS-test only for compat checking
6 years ago · 38346d0337
parent 9744ef80a0
commit 38346d0337
12 changed files with 1111 additions and 0 deletions
--- a/lib/ansible/modules/windows/win_dns_record.ps1
+++ b/lib/ansible/modules/windows/win_dns_record.ps1
@ -0,0 +1,149 @@
+#!powershell
+
+# Copyright: (c) 2019, Hitachi ID Systems, Inc.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+#AnsibleRequires -CSharpUtil Ansible.Basic
+
+$spec = @{
+    options = @{
+        name = @{ type = "str"; required = $true }
+        state = @{ type = "str"; choices = "absent", "present"; default = "present" }
+        ttl = @{ type = "int"; default = "3600" }
+        type = @{ type = "str"; choices = "A","AAAA","CNAME","PTR"; required = $true }
+        value = @{ type = "list"; elements = "str"; default = @() ; aliases=@( 'values' )}
+        zone = @{ type = "str"; required = $true }
+        computer_name = @{ type = "str" }
+    }
+    supports_check_mode = $true
+}
+
+$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec)
+
+$name = $module.Params.name
+$state = $module.Params.state
+$ttl = $module.Params.ttl
+$type = $module.Params.type
+$values = $module.Params.value
+$zone = $module.Params.zone
+$dns_computer_name = $module.Params.computer_name
+
+
+$extra_args = @{}
+if ($null -ne $dns_computer_name) {
+    $extra_args.ComputerName = $dns_computer_name
+}
+
+if ($state -eq 'present') {
+    if ($values.Count -eq 0) {
+        $module.FailJson("Parameter 'values' must be non-empty when state='present'")
+    }
+} else {
+    if ($values.Count -ne 0) {
+        $module.FailJson("Parameter 'values' must be undefined or empty when state='absent'")
+    }
+}
+
+
+# TODO: add warning for forest minTTL override -- see https://docs.microsoft.com/en-us/windows/desktop/ad/configuration-of-ttl-limits
+if ($ttl -lt 1 -or $ttl -gt 31557600) {
+    $module.FailJson("Parameter 'ttl' must be between 1 and 31557600")
+}
+$ttl = New-TimeSpan -Seconds $ttl
+
+
+if (($type -eq 'CNAME' -or $type -eq 'PTR') -and $null -ne $values -and $values.Count -gt 0 -and $zone[-1] -ne '.') {
+    # CNAMEs and PTRs should be '.'-terminated, or record matching will fail
+    $values = $values | ForEach-Object {
+        if ($_ -Like "*.") { $_ } else { "$_." }
+    }
+}
+
+
+$record_argument_name = @{
+    A = "IPv4Address";
+    AAAA = "IPv6Address";
+    CNAME = "HostNameAlias";
+    # MX = "MailExchange";
+    # NS = "NameServer";
+    PTR = "PtrDomainName";
+    # TXT = "DescriptiveText"
+}[$type]
+
+
+$changes = @{
+    before = "";
+    after = ""
+}
+
+
+$records = Get-DnsServerResourceRecord -ZoneName $zone -Name $name -RRType $type -Node -ErrorAction:Ignore @extra_args | Sort-Object
+if ($null -ne $records) {
+    # We use [Hashtable]$required_values below as a set rather than a map.
+    # It provides quick lookup to test existing DNS record against. By removing
+    # items as each is processed, whatever remains at the end is missing
+    # content (that needs to be added).
+    $required_values = @{}
+    foreach ($value in $values) {
+        $required_values[$value.ToString()] = $null
+    }
+
+    foreach ($record in $records) {
+        $record_value = $record.RecordData.$record_argument_name.ToString()
+
+        if ($required_values.ContainsKey($record_value)) {
+            # This record matches one of the values; but does it match the TTL?
+            if ($record.TimeToLive -ne $ttl) {
+                $new_record = $record.Clone()
+                $new_record.TimeToLive = $ttl
+                Set-DnsServerResourceRecord -ZoneName $zone -OldInputObject $record -NewInputObject $new_record -WhatIf:$module.CheckMode @extra_args
+
+                $changes.before += "[$zone] $($record.HostName) $($record.TimeToLive.TotalSeconds) IN $type $record_value`n"
+                $changes.after += "[$zone] $($record.HostName) $($ttl.TotalSeconds) IN $type $record_value`n"
+                $module.Result.changed = $true
+            }
+
+            # Cross this one off the list, so we don't try adding it later
+            $required_values.Remove($record_value)
+        } else {
+            # This record doesn't match any of the values, and must be removed
+            $record | Remove-DnsServerResourceRecord -ZoneName $zone -Force -WhatIf:$module.CheckMode @extra_args
+
+            $changes.before += "[$zone] $($record.HostName) $($record.TimeToLive.TotalSeconds) IN $type $record_value`n"
+            $module.Result.changed = $true
+        }
+    }
+
+    # Whatever is left in $required_values needs to be added
+    $values = $required_values.Keys
+}
+
+
+if ($null -ne $values -and $values.Count -gt 0) {
+    foreach ($value in $values) {
+        $splat_args = @{ $type = $true; $record_argument_name = $value }
+        $module.Result.debug_splat_args = $splat_args
+        try {
+            Add-DnsServerResourceRecord -ZoneName $zone -Name $name -AllowUpdateAny -TimeToLive $ttl @splat_args -WhatIf:$module.CheckMode @extra_args
+        } catch {
+            $module.FailJson("Error adding DNS $type resource $name in zone $zone with value $value", $_)
+        }
+        $changes.after += "[$zone] $name $($ttl.TotalSeconds) IN $type $value`n"
+    }
+
+    $module.Result.changed = $true
+}
+
+if ($module.CheckMode) {
+    # Simulated changes
+    $module.Diff.before = $changes.before
+    $module.Diff.after = $changes.after
+} else {
+    # Real changes
+    $records_end = Get-DnsServerResourceRecord -ZoneName $zone -Name $name -RRType $type -Node -ErrorAction:Ignore @extra_args | Sort-Object
+
+    $module.Diff.before = @($records | ForEach-Object { "[$zone] $($_.HostName) $($_.TimeToLive.TotalSeconds) IN $type $($_.RecordData.$record_argument_name.ToString())`n" }) -join ''
+    $module.Diff.after = @($records_end | ForEach-Object { "[$zone] $($_.HostName) $($_.TimeToLive.TotalSeconds) IN $type $($_.RecordData.$record_argument_name.ToString())`n" }) -join ''
+}
+
+$module.ExitJson()
--- a/lib/ansible/modules/windows/win_dns_record.py
+++ b/lib/ansible/modules/windows/win_dns_record.py
@ -0,0 +1,88 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2019, Hitachi ID Systems, Inc.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# This is a windows documentation stub. The actual code lives in the .ps1
+# file of the same name.
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = r'''
+---
+module: win_dns_record
+version_added: "2.8"
+short_description: Manage Windows Server DNS records
+description:
+- Manage DNS records within an existing Windows Server DNS zone.
+author: John Nelson (@johnboy2)
+requirements:
+  - This module requires Windows 8, Server 2012, or newer.
+options:
+  name:
+    description:
+    - The name of the record.
+    required: yes
+    type: str
+  state:
+    description:
+    - Whether the record should exist or not.
+    choices: [ absent, present ]
+    default: present
+    type: str
+  ttl:
+    description:
+    - The "time to live" of the record, in seconds.
+    - Ignored when C(state=absent).
+    - Valid range is 1 - 31557600.
+    - Note that an Active Directory forest can specify a minimum TTL, and will
+      dynamically "round up" other values to that minimum.
+    default: 3600
+    type: int
+  type:
+    description:
+    - The type of DNS record to manage.
+    choices: [ A, AAAA, CNAME, PTR ]
+    required: yes
+    type: str
+  value:
+    description:
+    - The value(s) to specify. Required when C(state=present).
+    aliases: [ values ]
+    type: list
+  zone:
+    description:
+    - The name of the zone to manage (eg C(example.com)).
+    - The zone must already exist.
+    required: yes
+    type: str
+  computer_name:
+    description:
+      - Specifies a DNS server.
+      - You can specify an IP address or any value that resolves to an IP
+        address, such as a fully qualified domain name (FQDN), host name, or
+        NETBIOS name.
+    type: str
+'''
+
+EXAMPLES = r'''
+- name: Create database server alias
+  win_dns_record:
+    name: db1
+    type: CNAME
+    value: cgyl1404p.amer.example.com
+    zone: amer.example.com
+
+- name: Remove static record
+  win_dns_record:
+    name: db1
+    type: A
+    state: absent
+    zone: amer.example.com
+'''
+
+RETURN = r'''
+'''
--- a/test/integration/targets/win_dns_record/aliases
+++ b/test/integration/targets/win_dns_record/aliases
@ -0,0 +1,3 @@
+shippable/windows/group2
+skip/windows/2008
+skip/windows/2008-R2
--- a/test/integration/targets/win_dns_record/defaults/main.yml
+++ b/test/integration/targets/win_dns_record/defaults/main.yml
@ -0,0 +1,3 @@
+win_dns_record_zone: test.ansible.local
+win_dns_record_revzone: 0.0.255.in-addr.arpa
+win_dns_record_revzone_network: 255.0.0.0/24
--- a/test/integration/targets/win_dns_record/tasks/clean.yml
+++ b/test/integration/targets/win_dns_record/tasks/clean.yml
@ -0,0 +1,17 @@
+- name: Remove test zone, if present
+  win_shell: |
+    $zone = '{{ item }}'
+    $fail_on_missing = '{{ fail_on_missing | default(true) }}'
+
+    Trap { If (-not $fail_on_missing) { continue } }
+    Remove-DnsServerZone -Name $zone -Force
+    
+    # win_file could also do this, but it would need to know where the
+    # SystemRoot is located via fact gathering, which we cannot assume.
+    Trap { If (-not $fail_on_missing) { continue } }
+    Remove-Item -Path $env:SystemRoot\system32\dns\$zone.dns
+
+    $true  # so pipeline exits cleanly if an error was ignored above
+  loop:
+    - '{{ win_dns_record_zone }}'
+    - '{{ win_dns_record_revzone }}'
--- a/test/integration/targets/win_dns_record/tasks/main.yml
+++ b/test/integration/targets/win_dns_record/tasks/main.yml
@ -0,0 +1,12 @@
+# We do an explicit OS version check here *INSTEAD OF* the usual test for
+# cmdlet existence. That's because a cmdlet test here won't work without first
+# installing the DNS feature, but we don't want to install the feature on OS'
+# that can't be supported anyway. Hence this fallback to an explicit OS version
+# test.
+- name: check OS version is supported
+  win_shell: 'if ([Environment]::OSVersion.Version -ge [Version]"6.2") { $true } else { $false }'
+  register: os_supported
+
+- name: run tests on supported hosts
+  include: tests.yml
+  when: os_supported.stdout | trim | bool
--- a/test/integration/targets/win_dns_record/tasks/tests-A.yml
+++ b/test/integration/targets/win_dns_record/tasks/tests-A.yml
@ -0,0 +1,186 @@
+- name: 'TYPE=A - creation (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 1.2.3.4, type: A}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=A - creation get results (check mode)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - creation check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'absent\r\n'
+
+- name: 'TYPE=A - creation'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 1.2.3.4, type: A}
+  register: cmd_result
+
+- name: 'TYPE=A - creation get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv4Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - creation check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '1.2.3.4\r\n'
+
+- name: 'TYPE=A - creation (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 1.2.3.4, type: A}
+  register: cmd_result
+
+- name: 'TYPE=A - creation get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv4Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - creation check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == '1.2.3.4\r\n'
+
+
+- name: 'TYPE=A - update address (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 5.6.7.8, type: A}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=A - update address get results (check mode)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv4Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - update address check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '1.2.3.4\r\n'
+
+- name: 'TYPE=A - update address'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 5.6.7.8, type: A}
+  register: cmd_result
+
+- name: 'TYPE=A - update address get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv4Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - update address check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '5.6.7.8\r\n'
+
+- name: 'TYPE=A - update address (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 5.6.7.8, type: A}
+  register: cmd_result
+
+- name: 'TYPE=A - update address get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv4Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - update address check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == '5.6.7.8\r\n'
+
+
+- name: 'TYPE=A - update TTL (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 5.6.7.8, ttl: 7200, type: A}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=A - update TTL get results (check mode)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - update TTL check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '3600\r\n'
+
+- name: 'TYPE=A - update TTL'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 5.6.7.8, ttl: 7200, type: A}
+  register: cmd_result
+
+- name: 'TYPE=A - update TTL get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - update TTL check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '7200\r\n'
+
+- name: 'TYPE=A - update TTL (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: 5.6.7.8, ttl: 7200, type: A}
+  register: cmd_result
+
+- name: 'TYPE=A - update TTL get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - update TTL check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == '7200\r\n'
+
+
+- name: 'TYPE=A - remove record (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: A, state: absent}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=A - remove record get results (check mode)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - remove record check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'exists\r\n'
+
+- name: 'TYPE=A - remove record'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: A, state: absent}
+  register: cmd_result
+
+- name: 'TYPE=A - remove record get results'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - remove record check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'absent\r\n'
+
+- name: 'TYPE=A - remove record (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: A, state: absent}
+  register: cmd_result
+
+- name: 'TYPE=A - remove record get results (idempotent)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType A -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=A - remove record check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == 'absent\r\n'
--- a/test/integration/targets/win_dns_record/tasks/tests-AAAA.yml
+++ b/test/integration/targets/win_dns_record/tasks/tests-AAAA.yml
@ -0,0 +1,186 @@
+- name: 'TYPE=AAAA - creation (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::1', type: AAAA}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=AAAA - creation get results (check mode)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - creation check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'absent\r\n'
+
+- name: 'TYPE=AAAA - creation'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::1', type: AAAA}
+  register: cmd_result
+
+- name: 'TYPE=AAAA - creation get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv6Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - creation check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '2001:db8::1\r\n'
+
+- name: 'TYPE=AAAA - creation (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::1', type: AAAA}
+  register: cmd_result
+
+- name: 'TYPE=AAAA - creation get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv6Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - creation check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == '2001:db8::1\r\n'
+
+
+- name: 'TYPE=AAAA - update address (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::2', type: AAAA}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=AAAA - update address get results (check mode)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv6Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - update address check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '2001:db8::1\r\n'
+
+- name: 'TYPE=AAAA - update address'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::2', type: AAAA}
+  register: cmd_result
+
+- name: 'TYPE=AAAA - update address get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv6Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - update address check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '2001:db8::2\r\n'
+
+- name: 'TYPE=AAAA - update address (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::2', type: AAAA}
+  register: cmd_result
+
+- name: 'TYPE=AAAA - update address get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty IPv6Address | Select -ExpandProperty IPAddressToString"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - update address check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == '2001:db8::2\r\n'
+
+
+- name: 'TYPE=AAAA - update TTL (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::2', ttl: 7200, type: AAAA}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=AAAA - update TTL get results (check mode)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - update TTL check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '3600\r\n'
+
+- name: 'TYPE=AAAA - update TTL'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::2', ttl: 7200, type: AAAA}
+  register: cmd_result
+
+- name: 'TYPE=AAAA - update TTL get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - update TTL check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '7200\r\n'
+
+- name: 'TYPE=AAAA - update address (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: '2001:db8::2', ttl: 7200, type: AAAA}
+  register: cmd_result
+
+- name: 'TYPE=AAAA - update address get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - update address check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == '7200\r\n'
+
+
+- name: 'TYPE=AAAA - remove record (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: AAAA, state: absent}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=AAAA - remove record get results (check mode)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - remove record check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'exists\r\n'
+
+- name: 'TYPE=AAAA - remove record'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: AAAA, state: absent}
+  register: cmd_result
+
+- name: 'TYPE=AAAA - remove record get results'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - remove record check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'absent\r\n'
+
+- name: 'TYPE=AAAA - remove record (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: AAAA, state: absent}
+  register: cmd_result
+
+- name: 'TYPE=AAAA - remove record get results (idempotent)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType AAAA -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=AAAA - remove record check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == 'absent\r\n'
--- a/test/integration/targets/win_dns_record/tasks/tests-CNAME.yml
+++ b/test/integration/targets/win_dns_record/tasks/tests-CNAME.yml
@ -0,0 +1,186 @@
+- name: 'TYPE=CNAME - creation (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: www.ansible.com, type: CNAME}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=CNAME - creation get results (check mode)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - creation check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'absent\r\n'
+
+- name: 'TYPE=CNAME - creation'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: www.ansible.com, type: CNAME}
+  register: cmd_result
+
+- name: 'TYPE=CNAME - creation get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty HostNameAlias"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - creation check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'www.ansible.com.\r\n'
+
+- name: 'TYPE=CNAME - creation (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: www.ansible.com, type: CNAME}
+  register: cmd_result
+
+- name: 'TYPE=CNAME - creation get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty HostNameAlias"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - creation check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == 'www.ansible.com.\r\n'
+
+
+- name: 'TYPE=CNAME - update address (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: docs.ansible.com, type: CNAME}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=CNAME - update address get results (check mode)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty HostNameAlias"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - update address check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'www.ansible.com.\r\n'
+
+- name: 'TYPE=CNAME - update address'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: docs.ansible.com, type: CNAME}
+  register: cmd_result
+
+- name: 'TYPE=CNAME - update address get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty HostNameAlias"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - update address check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'docs.ansible.com.\r\n'
+
+- name: 'TYPE=CNAME - update address (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: docs.ansible.com, type: CNAME}
+  register: cmd_result
+
+- name: 'TYPE=CNAME - update address get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty HostNameAlias"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - update address check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == 'docs.ansible.com.\r\n'
+
+
+- name: 'TYPE=CNAME - update TTL (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: docs.ansible.com, ttl: 7200, type: CNAME}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=CNAME - update TTL get results (check mode)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - update TTL check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '3600\r\n'
+
+- name: 'TYPE=CNAME - update TTL'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: docs.ansible.com, ttl: 7200, type: CNAME}
+  register: cmd_result
+
+- name: 'TYPE=CNAME - update TTL get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - update TTL check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '7200\r\n'
+
+- name: 'TYPE=CNAME - update TTL (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, value: docs.ansible.com, ttl: 7200, type: CNAME}
+  register: cmd_result
+
+- name: 'TYPE=CNAME - update TTL get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - update TTL check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == '7200\r\n'
+
+
+- name: 'TYPE=CNAME - remove record (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: CNAME, state: absent}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=CNAME - remove record get results (check mode)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - remove record check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'exists\r\n'
+
+- name: 'TYPE=CNAME - remove record'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: CNAME, state: absent}
+  register: cmd_result
+
+- name: 'TYPE=CNAME - remove record get results'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - remove record check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'absent\r\n'
+
+- name: 'TYPE=CNAME - remove record (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: test1, type: CNAME, state: absent}
+  register: cmd_result
+
+- name: 'TYPE=CNAME - remove record get results (idempotent)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_zone }}' -Name 'test1' -RRType CNAME -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=CNAME - remove record check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == 'absent\r\n'
--- a/test/integration/targets/win_dns_record/tasks/tests-PTR.yml
+++ b/test/integration/targets/win_dns_record/tasks/tests-PTR.yml
@ -0,0 +1,186 @@
+- name: 'TYPE=PTR - creation (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-mirror.example.com, type: PTR}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=PTR - creation get results (check mode)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - creation check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'absent\r\n'
+
+- name: 'TYPE=PTR - creation'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-mirror.example.com, type: PTR}
+  register: cmd_result
+
+- name: 'TYPE=PTR - creation get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty PtrDomainName"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - creation check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'ansible-mirror.example.com.\r\n'
+
+- name: 'TYPE=PTR - creation (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-mirror.example.com, type: PTR}
+  register: cmd_result
+
+- name: 'TYPE=PTR - creation get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty PtrDomainName"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - creation check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == 'ansible-mirror.example.com.\r\n'
+
+
+- name: 'TYPE=PTR - update address (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-altmirror.example.com, type: PTR}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=PTR - update address get results (check mode)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty PtrDomainName"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - update address check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'ansible-mirror.example.com.\r\n'
+
+- name: 'TYPE=PTR - update address'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-altmirror.example.com, type: PTR}
+  register: cmd_result
+
+- name: 'TYPE=PTR - update address get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty PtrDomainName"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - update address check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'ansible-altmirror.example.com.\r\n'
+
+- name: 'TYPE=PTR - update address (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-altmirror.example.com, type: PTR}
+  register: cmd_result
+
+- name: 'TYPE=PTR - update address get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore | Select -ExpandProperty RecordData | Select -ExpandProperty PtrDomainName"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - update address check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == 'ansible-altmirror.example.com.\r\n'
+
+
+- name: 'TYPE=PTR - update TTL (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-altmirror.example.com, ttl: 7200, type: PTR}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=PTR - update TTL get results (check mode)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - update TTL check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '3600\r\n'
+
+- name: 'TYPE=PTR - update TTL'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-altmirror.example.com, ttl: 7200, type: PTR}
+  register: cmd_result
+
+- name: 'TYPE=PTR - update TTL get results'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - update TTL check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == '7200\r\n'
+
+- name: 'TYPE=PTR - update TTL (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, value: ansible-altmirror.example.com, ttl: 7200, type: PTR}
+  register: cmd_result
+
+- name: 'TYPE=PTR - update TTL get results (idempotent)'
+  win_command: powershell.exe "Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore | Select -ExpandProperty TimeToLive | Select -ExpandProperty TotalSeconds"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - update TTL check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == '7200\r\n'
+
+
+- name: 'TYPE=PTR - remove record (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, type: PTR, state: absent}
+  register: cmd_result
+  check_mode: yes
+
+- name: 'TYPE=PTR - remove record get results (check mode)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - remove record check results (check mode)'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'exists\r\n'
+
+- name: 'TYPE=PTR - remove record'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, type: PTR, state: absent}
+  register: cmd_result
+
+- name: 'TYPE=PTR - remove record get results'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - remove record check results'
+  assert:
+    that:
+      - cmd_result is changed
+      - cmd_result_actual.stdout == 'absent\r\n'
+
+- name: 'TYPE=PTR - remove record (idempotent)'
+  win_dns_record: {zone: '{{ win_dns_record_revzone }}', name: 7, type: PTR, state: absent}
+  register: cmd_result
+
+- name: 'TYPE=PTR - remove record get results (idempotent)'
+  win_command: powershell.exe "If (Get-DnsServerResourceRecord -ZoneName '{{ win_dns_record_revzone }}' -Name '7' -RRType PTR -Node -ErrorAction:Ignore) { 'exists' } else { 'absent' }"
+  register: cmd_result_actual
+  changed_when: false
+
+- name: 'TYPE=PTR - remove record check results (idempotent)'
+  assert:
+    that:
+      - cmd_result is not changed
+      - cmd_result_actual.stdout == 'absent\r\n'
--- a/test/integration/targets/win_dns_record/tasks/tests-diff.yml
+++ b/test/integration/targets/win_dns_record/tasks/tests-diff.yml
@ -0,0 +1,63 @@
+# Diff tests are present because those records have to be created MANUALLY by
+# the win_dns_record module when in check mode, as there is otherwise no way in
+# Windows DNS to *simulate* a record or change.
+
+
+- name: 'Diff test - creation (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: diff_host, value: 1.2.3.4, type: A}
+  register: create_check
+  check_mode: yes
+  diff: yes
+
+- name: 'Diff test - creation'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: diff_host, value: 1.2.3.4, type: A}
+  register: create_do
+  diff: yes
+
+- name: 'Diff test - creation check results'
+  assert:
+    that:
+      - create_check.diff.before == create_do.diff.before
+      - create_check.diff.before == ''
+      - create_check.diff.after == create_do.diff.after
+      - create_check.diff.after == "[{{ win_dns_record_zone }}] diff_host 3600 IN A 1.2.3.4\n"
+
+
+- name: 'Diff test - update TTL (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: diff_host, value: 1.2.3.4, type: A, ttl: 7200}
+  register: update_check
+  check_mode: yes
+  diff: yes
+
+- name: 'Diff test - update TTL'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: diff_host, value: 1.2.3.4, type: A, ttl: 7200}
+  register: update_do
+  diff: yes
+
+- name: 'Diff test - update TTL check results'
+  assert:
+    that:
+      - update_check.diff.before == update_do.diff.before
+      - update_check.diff.before == "[{{ win_dns_record_zone }}] diff_host 3600 IN A 1.2.3.4\n"
+      - update_check.diff.after == update_do.diff.after
+      - update_check.diff.after == "[{{ win_dns_record_zone }}] diff_host 7200 IN A 1.2.3.4\n"
+
+
+- name: 'Diff test - deletion (check mode)'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: diff_host, type: A, state: absent}
+  register: delete_check
+  check_mode: yes
+  diff: yes
+
+- name: 'Diff test - deletion'
+  win_dns_record: {zone: '{{ win_dns_record_zone }}', name: diff_host, type: A, state: absent}
+  register: delete_do
+  diff: yes
+
+- name: 'Diff test - deletion check results'
+  assert:
+    that:
+      - delete_check.diff.before == delete_do.diff.before
+      - delete_check.diff.before == "[{{ win_dns_record_zone }}] diff_host 7200 IN A 1.2.3.4\n"
+      - delete_check.diff.after == delete_do.diff.after
+      - delete_check.diff.after == ''
--- a/test/integration/targets/win_dns_record/tasks/tests.yml
+++ b/test/integration/targets/win_dns_record/tasks/tests.yml
@ -0,0 +1,32 @@
+- name: ensure DNS services are installed
+  win_feature:
+    name: DNS
+    state: present
+  register: dns_install
+
+- name: reboot server if needed
+  win_reboot:
+  when: dns_install.reboot_required
+
+- name: Clean slate
+  import_tasks: clean.yml
+  vars:
+    fail_on_missing: false
+
+- block:
+   - name: Create the forward zone
+     win_shell: Add-DnsServerPrimaryZone -Name '{{ win_dns_record_zone }}' -ZoneFile '{{ win_dns_record_zone}}.dns'
+   - name: Create the reverse zone
+     win_shell: Add-DnsServerPrimaryZone -NetworkID '{{ win_dns_record_revzone_network }}' -ZoneFile '{{ win_dns_record_revzone}}.dns'
+
+   - import_tasks: tests-A.yml
+   - import_tasks: tests-AAAA.yml
+   - import_tasks: tests-CNAME.yml
+   - import_tasks: tests-PTR.yml
+   - import_tasks: tests-diff.yml
+
+  always:
+   - name: Clean slate
+     import_tasks: clean.yml
+     vars:
+       fail_on_missing: true