DSCResources/DSC_DnsServerSetting/en-US/about_DnsServerSetting.help.txt
|
.NAME
DnsServerSetting .DESCRIPTION The DnsServerSetting DSC resource manages the Domain Name System (DNS) server settings and properties. If the parameter DnsServer is set to 'localhost' then the resource can normally use the default credentials (SYSTEM) to configure the DNS server settings. If using any other value for the parameter DnsServer make sure that the credential the resource is run as have the correct permissions at the target node and the necessary network traffic is permitted (WsMan protocol). It is possible to run the resource with specific credentials using the built-in parameter PsDscRunAsCredential. Please see https://docs.microsoft.com/en-us/previous-versions/windows/desktop/dnsserverpsprov/dnsserversetting for more information around the properties this resource supports. ## Requirements - Target machine must be running Windows Server 2012 or later. - Properties RootTrustAnchorsURL and ZoneWritebackInterval is not supported by Windows Server 2012. - Properties IgnoreServerLevelPolicies, IgnoreAllPolicies, ScopeOptionValue, and VirtualizationInstanceOptionValue are not supported by Windows Server 2012 and Windows Server 2012 R2. .PARAMETER DnsServer Key - String Specifies the DNS server to connect to, or use 'localhost' for the current node. .PARAMETER AddressAnswerLimit Write - UInt32 Specifies the maximum number of A (host IP address) resource records that the DNS server can insert in the answer section of a response to an A record query (a query for an IP address). The value of this entry also influences the setting of the truncation bit. If the value of this entry can be between 5 and 28, or 0. The truncation bit is not set on the response, even when the packet space is exceeded. .PARAMETER AllowUpdate Write - Boolean Specifies whether the DNS Server accepts dynamic update requests. $true to allow any DNS update operation; otherwise, $false. .PARAMETER AutoCacheUpdate Write - Boolean Specifies whether the DNS Server attempts to update its cache entries using data from root servers. $true to cache delegation information; otherwise, $false. .PARAMETER AutoConfigFileZones Write - UInt32 Specifies the type of zones for which SOA and NS records will be automatically configured with the DNS server's local host name as the primary DNS server for the zone when the zone is loaded from file. .PARAMETER BindSecondaries Write - Boolean Specifies whether the server will permit send DNS zone transfer response messages with more than one record in each response if the zone transfer request did not have the characters MS appended to it. If set to $true, the DNS server will include only one record in each response if the zone transfer request did not have the characters MS appended to it. .PARAMETER BootMethod Write - UInt32 Specifies the boot method used by the DNS server. .PARAMETER DisableAutoReverseZone Write - Boolean Specifies whether the DNS Server automatically creates standard reverse look up zones. $true to disables automatic reverse zones; otherwise, $false. .PARAMETER EnableDirectoryPartitions Write - Boolean Specifies whether the DNS server will support application directory partitions. .PARAMETER EnableDnsSec Write - Boolean Specifies whether the DNS Server includes DNSSEC-specific RRs, KEY, SIG, and NXT in a response. $true to enable DNSSEC validation on the DNS server; otherwise, $false. .PARAMETER ForwardDelegations Write - Boolean Specifies how the DNS server will handle forwarding and delegations. If set to $true, the DNS server MUST use forwarders instead of a cached delegation when both are available. Otherwise, the DNS server MUST use a cached delegation instead of forwarders when both are available. .PARAMETER ListeningIPAddress Write - StringArray Specifies the listening IP addresses of the DNS server. The list of IP addresses on which the DNS Server can receive queries. .PARAMETER LocalNetPriority Write - Boolean Specifies whether the DNS Server gives priority to the local net address when returning A records. $true to return A records in order of their similarity to the IP address of the querying client.; otherwise, $false. .PARAMETER LooseWildcarding Write - Boolean Specifies he type of algorithm that the DNS server will use to locate a wildcard node when using a DNS wildcard record RFC1034 to answer a query. If true, the DNS server will use the first node it encounters with a record of the same type as the query type. Otherwise, the DNS server will use the first node it encounters that has records of any type. .PARAMETER NameCheckFlag Write - UInt32 Specifies the level of domain name checking and validation on the DNS server, the set of eligible characters to be used in DNS names. .PARAMETER RoundRobin Write - Boolean Specifies whether the DNS Server round robins multiple A records. $true to enable Round-robin DNS on the DNS server; otherwise, $false. .PARAMETER RpcProtocol Write - UInt32 Specifies the DNSRPCPROTOCOLS section 2.2.1.1.2 value corresponding to the RPC protocols to which the DNS server will respond. If this value is set to 0x00000000, the DNS server MUST NOT respond to RPC requests for any protocol. .PARAMETER SendPort Write - UInt32 Specifies the port number to use as the source port when sending UDP queries to a remote DNS server. If set to zero, the DNS server allow the stack to select a random port. .PARAMETER StrictFileParsing Write - Boolean Specifies whether the DNS server will treat errors encountered while reading zones from a file as fatal. .PARAMETER UpdateOptions Write - UInt32 Specifies the DNS update options used by the DNS server. .PARAMETER WriteAuthorityNS Write - Boolean Specifies whether the DNS server will include NS records for the root of a zone in DNS responses that are answered using authoritative zone data. .PARAMETER XfrConnectTimeout Write - UInt32 Specifies the time span, in seconds, in which a primary DNS server waits for a transfer response from its secondary server. The default value is 30. After the time-out value expires, the connection is terminated. .PARAMETER EnableIPv6 Write - Boolean Specifies whether IPv6 should be enabled on the DNS Server. $true to enable IPv6 on the DNS server; otherwise, $false. .PARAMETER EnableOnlineSigning Write - Boolean Specifies whether online signing should be enabled on the DNS Server. $true to enable online signing; otherwise, $false. .PARAMETER EnableDuplicateQuerySuppression Write - Boolean Specifies whether the DNS server will not send remote queries when there is already a remote query with the same name and query type outstanding. .PARAMETER AllowCnameAtNs Write - Boolean Specifies whether the server will permit the target domain names of NS records to resolve to CNAME records. If $true, this pattern of DNS records will be allowed; otherwise, the DNS server will return errors when encountering this pattern of DNS records while resolving queries. .PARAMETER EnableRsoForRodc Write - Boolean Specifies whether the DNS server will attempt to replicate single updated DNS objects from remote directory servers ahead of normally scheduled replication when operating on a directory server that does not support write operations. .PARAMETER OpenAclOnProxyUpdates Write - Boolean Specifies whether the DNS server allows sharing of DNS records with the DnsUpdateProxy group when processing updates in secure zones that are stored in the directory service. .PARAMETER NoUpdateDelegations Write - Boolean Specifies whether the DNS server will accept DNS updates to delegation records of type NS. .PARAMETER EnableUpdateForwarding Write - Boolean Specifies whether the DNS server will forward updates received for secondary zones to the primary DNS server for the zone. .PARAMETER EnableWinsR Write - Boolean Specifies whether the DNS server will perform NetBIOS name resolution in order to map IP addresses to machine names while processing queries in zones where WINS-R information has been configured. .PARAMETER DeleteOutsideGlue Write - Boolean Specifies whether the DNS server will delete DNS glue records found outside a delegated subzone when reading records from persistent storage. .PARAMETER AppendMsZoneTransferTag Write - Boolean Specifies whether the DNS server will indicate to the remote DNS servers that it supports multiple DNS records in each zone transfer response message by appending the characters MS at the end of zone transfer requests. The value SHOULD be limited to 0x00000000 and 0x0000000, but it MAY be any value. .PARAMETER AllowReadOnlyZoneTransfer Write - Boolean Specifies whether the DNS server will allow zone transfers for zones that are stored in the directory server when the directory server does not support write operations. .PARAMETER EnableSendErrorSuppression Write - Boolean Specifies whether the DNS server will attempt to suppress large volumes of DNS error responses sent to remote IP addresses that may be attempting to attack the DNS server. .PARAMETER SilentlyIgnoreCnameUpdateConflicts Write - Boolean Specifies whether the DNS server will ignore CNAME conflicts during DNS update processing. .PARAMETER EnableIQueryResponseGeneration Write - Boolean Specifies whether the DNS server will fabricate IQUERY responses. If set to $true, the DNS server MUST fabricate IQUERY responses when it receives queries of type IQUERY. Otherwise, the DNS server will return an error when such queries are received. .PARAMETER AdminConfigured Write - Boolean Specifies whether the server has been configured by an administrator. .PARAMETER PublishAutoNet Write - Boolean Specifies whether the DNS server will publish local IPv4 addresses in the 169.254.x.x subnet as IPv4 addresses for the local machine's domain name. .PARAMETER ReloadException Write - Boolean Specifies whether the DNS server will perform an internal restart if an unexpected fatal error is encountered. .PARAMETER IgnoreServerLevelPolicies Write - Boolean Specifies whether to ignore the server level policies on the DNS server. $true to ignore the server level policies on the DNS server; otherwise, $false. .PARAMETER IgnoreAllPolicies Write - Boolean Specifies whether to ignore all policies on the DNS server. $true to ignore all policies on the DNS server; otherwise, $false. .PARAMETER EnableVersionQuery Write - UInt32 Specifies what version information the DNS server will respond with when a DNS query with class set to CHAOS and type set to TXT is received. .PARAMETER AutoCreateDelegation Write - UInt32 Specifies possible settings for automatic delegation creation for new zones on the DNS server. The value SHOULD be limited to the range from 0x00000000 to 0x00000002, inclusive, but it MAY be any value. .PARAMETER RemoteIPv4RankBoost Write - UInt32 Specifies the value to add to all IPv4 addresses for remote DNS servers when selecting between IPv4 and IPv6 remote DNS server addresses. The value MUST be limited to the range from 0x00000000 to 0x0000000A, inclusive. .PARAMETER RemoteIPv6RankBoost Write - UInt32 Specifies the value to add to all IPv6 addresses for remote DNS servers when selecting between IPv4 and IPv6 remote DNS server addresses. The value MUST be limited to the range from 0x00000000 to 0x0000000A, inclusive. .PARAMETER MaximumRodcRsoQueueLength Write - UInt32 Specifies the maximum number of single object replication operations that may be queued at any given time by the DNS server. The value MUST be limited to the range from 0x00000000 to 0x000F4240, inclusive. If the value is 0x00000000 the DNS server MUST NOT enforce an upper bound on the number of single object replication operations queued at any given time. .PARAMETER MaximumRodcRsoAttemptsPerCycle Write - UInt32 Specifies the maximum number of queued single object replication operations that should be attempted during each five minute interval of DNS server operation. The value MUST be limited to the range from 0x00000001 to 0x000F4240, inclusive. .PARAMETER MaxResourceRecordsInNonSecureUpdate Write - UInt32 Specifies the maximum number of resource records that the DNS server will accept in a single DNS update request. The value SHOULD be limited to the range from 0x0000000A to 0x00000078, inclusive, but it MAY be any value. .PARAMETER LocalNetPriorityMask Write - UInt32 Specifies the value which specifies the network mask the DNS server will use to sort IPv4 addresses. A value of 0xFFFFFFFF indicates that the DNS server MUST use traditional IPv4 network mask for the address. Any other value is a network mask, in host byte order that the DNS server MUST use to retrieve network masks from IP addresses for sorting purposes. .PARAMETER TcpReceivePacketSize Write - UInt32 Specifies the maximum TCP packet size, in bytes, that the DNS server can accept. The value MUST be limited to the range from 0x00004000 to 0x00010000, inclusive. .PARAMETER SelfTest Write - UInt32 Specifies the mask value indicating whether data consistency checking should be performed once, each time the service starts. If the check fails, the server posts an event log warning. If the least significant bit (regardless of other bits) of this value is one, the DNS server will verify for each active and update-allowing primary zone, that the IP address records are present in the zone for the zone's SOA record's master server. If the least significant bit (regardless of other bits) of this value is zero, no data consistency checking will be performed. .PARAMETER XfrThrottleMultiplier Write - UInt32 Specifies the multiple used to determine how long the DNS server should refuse zone transfer requests after a successful zone transfer has been completed. The total time for which a zone will refuse another zone transfer request at the end of a successful zone transfer is computed as this value multiplied by the number of seconds required for the zone transfer that just completed. The server SHOULD refuse zone transfer requests for no more than ten minutes. The value SHOULD be limited to the range from 0x00000000 to 0x00000064, inclusive, but it MAY be any value. .PARAMETER SocketPoolSize Write - UInt32 Specifies the number of UDP sockets per address family that the DNS server will use for sending remote queries. .PARAMETER QuietRecvFaultInterval Write - UInt32 Specifies the minimum time interval, in seconds, starting when the server begins waiting for the query to arrive on the network, after which the server MAY log a debug message indicating that the server is to stop running. If the value is zero or is less than the value of QuietRecvLogInterval, then the value of QuietRecvLogInterval MUST be used. If the value is greater than or equal to the value of QuietRecvLogInterval, then the literal value of QuietRecvFaultInterval* MUST be used. Used to debug reception of UDP traffic for a recursive query. .PARAMETER QuietRecvLogInterval Write - UInt32 Specifies the minimum time interval, in seconds, starting when the server begins waiting for the query to arrive on the network, or when the server logs an eponymous debug message for the query, after which the server MUST log a debug message indicating that the server is still waiting to receive network traffic. If the value is zero, logging associated with the two QuietRecv properties MUST be disabled, and the QuietRecvFaultInterval property MUST be ignored. If the value is non-zero, logging associated with the two QuietRecv properties MUST be enabled, and the QuietRecvFaultInterval property MUST NOT be ignored. Used to debug reception of UDP traffic for a recursive query. .PARAMETER SyncDsZoneSerial Write - UInt32 Specifies the conditions under which the DNS server should immediately commit uncommitted zone serial numbers to persistent storage. The value SHOULD be limited to the range from 0x00000000 to 0x00000004, inclusive, but it MAY be any value. .PARAMETER ScopeOptionValue Write - UInt32 Specifies the extension mechanism for the DNS (ENDS0) scope setting on the DNS server. .PARAMETER VirtualizationInstanceOptionValue Write - UInt32 Specifies the virtualization instance option to be sent in ENDS0. .PARAMETER ServerLevelPluginDll Write - String Specifies the path of a custom plug-in. When DllPath specifies the fully qualified path name of a valid DNS server plug-in, the DNS server calls functions in the plug-in to resolve name queries that are outside the scope of all locally hosted zones. If a queried name is out of the scope of the plug-in, the DNS server performs name resolution using forwarding or recursion, as configured. If DllPath is not specified, the DNS server ceases to use a custom plug-in if a custom plug-in was previously configured. .PARAMETER RootTrustAnchorsURL Write - String Specifies the URL of the root trust anchor on the DNS server. .PARAMETER SocketPoolExcludedPortRanges Write - StringArray Specifies the port ranges that should be excluded. .PARAMETER LameDelegationTTL Write - String Specifies the time span that must elapse before the DNS server will re-query DNS servers of the parent zone when a lame delegation is encountered. The value SHOULD be limited to the range from 0x00000000 to 0x00278D00 30 days, inclusive, but it MAY be any value. .PARAMETER MaximumSignatureScanPeriod Write - String Specifies the maximum period between zone scans to update DnsSec signatures for resource records. .PARAMETER MaximumTrustAnchorActiveRefreshInterval Write - String Specifies the maximum value for the active refresh interval for a trust anchor. Must not be higher than 15 days. .PARAMETER ZoneWritebackInterval Write - String Specifies the zone write back interval for file backed zones. .PARAMETER DsAvailable Read - Boolean Returns $true if the DNS server has Active Directory integrated DNS enabled; otherwise, $false. .PARAMETER MajorVersion Read - UInt32 Returns the major version of the OS of the DNS server. .PARAMETER MinorVersion Read - UInt32 Returns the minor version of the OS of the DNS server. .PARAMETER BuildNumber Read - UInt32 Returns the The build version of the OS of the DNS server. .PARAMETER IsReadOnlyDC Read - Boolean Returns $true if write operations are enabled on the directory server; otherwise, $false. .PARAMETER AllIPAddress Read - StringArray Returns all of the IP addresses managed by the DNS server. .PARAMETER ForestDirectoryPartitionBaseName Read - String Returns the application directory partition for the forest the DNS server belongs to. Applicable only for active directory integrated DNS server. .PARAMETER DomainDirectoryPartitionBaseName Read - String Returns the application directory partition for the domain the DNS server belongs to. Applicable only for active directory integrated DNS server. .PARAMETER MaximumUdpPacketSize Read - UInt32 Returns the maximum UDP packet size, in bytes, that the DNS server can accept. .EXAMPLE 1 This configuration will manage the DNS server settings on the current node. Configuration DnsServerSetting_CurrentNode_Config { Import-DscResource -ModuleName 'DnsServerDsc' Node localhost { DnsServerSetting 'DnsServerProperties' { DnsServer = 'localhost' LocalNetPriority = $true RoundRobin = $true RpcProtocol = 0 NameCheckFlag = 2 AutoConfigFileZones = 1 AddressAnswerLimit = 0 UpdateOptions = 783 DisableAutoReverseZone = $false StrictFileParsing = $false EnableDirectoryPartitions = $false XfrConnectTimeout = 30 BootMethod = 3 AllowUpdate = $true LooseWildcarding = $false BindSecondaries = $false AutoCacheUpdate = $false EnableDnsSec = $true SendPort = 0 WriteAuthorityNS = $false ListeningIPAddress = @('192.168.1.10', '192.168.2.10') ForwardDelegations = $false EnableIPv6 = $true EnableOnlineSigning = $true EnableDuplicateQuerySuppression = $true AllowCnameAtNs = $true EnableRsoForRodc = $true OpenAclOnProxyUpdates = $true NoUpdateDelegations = $false EnableUpdateForwarding = $false EnableWinsR = $true DeleteOutsideGlue = $false AppendMsZoneTransferTag = $false AllowReadOnlyZoneTransfer = $false EnableSendErrorSuppression = $true SilentlyIgnoreCnameUpdateConflicts = $false EnableIQueryResponseGeneration = $false AdminConfigured = $true PublishAutoNet = $false ReloadException = $false IgnoreServerLevelPolicies = $false IgnoreAllPolicies = $false EnableVersionQuery = 0 AutoCreateDelegation = 2 RemoteIPv4RankBoost = 5 RemoteIPv6RankBoost = 0 MaximumRodcRsoQueueLength = 300 MaximumRodcRsoAttemptsPerCycle = 100 MaxResourceRecordsInNonSecureUpdate = 30 LocalNetPriorityMask = 255 TcpReceivePacketSize = 65536 SelfTest = 4294967295 XfrThrottleMultiplier = 10 SocketPoolSize = 2500 QuietRecvFaultInterval = 0 QuietRecvLogInterval = 0 SyncDsZoneSerial = 2 ScopeOptionValue = 0 VirtualizationInstanceOptionValue = 0 ServerLevelPluginDll = 'C:\dns\plugin.dll' RootTrustAnchorsURL = 'https://data.iana.org/root-anchors/oroot-anchors.xml' SocketPoolExcludedPortRanges = @() LameDelegationTTL = '00:00:00' MaximumSignatureScanPeriod = '2.00:00:00' MaximumTrustAnchorActiveRefreshInterval = '15.00:00:00' ZoneWritebackInterval = '00:01:00' } } } .EXAMPLE 2 This configuration will manage the DNS server settings on the current node. Configuration DnsServerSetting_RemoteNode_Config { Import-DscResource -ModuleName 'DnsServerDsc' Node localhost { DnsServerSetting 'DnsServerProperties' { DnsServer = 'dns1.company.local' LocalNetPriority = $true RoundRobin = $true RpcProtocol = 0 NameCheckFlag = 2 AutoConfigFileZones = 1 AddressAnswerLimit = 0 UpdateOptions = 783 DisableAutoReverseZone = $false StrictFileParsing = $false EnableDirectoryPartitions = $false XfrConnectTimeout = 30 BootMethod = 3 AllowUpdate = $true LooseWildcarding = $false BindSecondaries = $false AutoCacheUpdate = $false EnableDnsSec = $true SendPort = 0 WriteAuthorityNS = $false ListeningIPAddress = @('192.168.1.10', '192.168.2.10') ForwardDelegations = $false EnableIPv6 = $true EnableOnlineSigning = $true EnableDuplicateQuerySuppression = $true AllowCnameAtNs = $true EnableRsoForRodc = $true OpenAclOnProxyUpdates = $true NoUpdateDelegations = $false EnableUpdateForwarding = $false EnableWinsR = $true DeleteOutsideGlue = $false AppendMsZoneTransferTag = $false AllowReadOnlyZoneTransfer = $false EnableSendErrorSuppression = $true SilentlyIgnoreCnameUpdateConflicts = $false EnableIQueryResponseGeneration = $false AdminConfigured = $true PublishAutoNet = $false ReloadException = $false IgnoreServerLevelPolicies = $false IgnoreAllPolicies = $false EnableVersionQuery = 0 AutoCreateDelegation = 2 RemoteIPv4RankBoost = 5 RemoteIPv6RankBoost = 0 MaximumRodcRsoQueueLength = 300 MaximumRodcRsoAttemptsPerCycle = 100 MaxResourceRecordsInNonSecureUpdate = 30 LocalNetPriorityMask = 255 TcpReceivePacketSize = 65536 SelfTest = 4294967295 XfrThrottleMultiplier = 10 SocketPoolSize = 2500 QuietRecvFaultInterval = 0 QuietRecvLogInterval = 0 SyncDsZoneSerial = 2 ScopeOptionValue = 0 VirtualizationInstanceOptionValue = 0 ServerLevelPluginDll = 'C:\dns\plugin.dll' RootTrustAnchorsURL = 'https://data.iana.org/root-anchors/oroot-anchors.xml' SocketPoolExcludedPortRanges = @() LameDelegationTTL = '00:00:00' MaximumSignatureScanPeriod = '2.00:00:00' MaximumTrustAnchorActiveRefreshInterval = '15.00:00:00' ZoneWritebackInterval = '00:01:00' } } } |