Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DnsServerRecursion: New resource proposal #198

Closed
johlju opened this issue Mar 1, 2021 · 3 comments · Fixed by #245
Closed

DnsServerRecursion: New resource proposal #198

johlju opened this issue Mar 1, 2021 · 3 comments · Fixed by #245
Labels
resource proposal The issue is proposing a new resource in the resource module.
Milestone
v3.0.0

Comments

@johlju
Copy link
Member

johlju commented Mar 1, 2021
edited
Loading

Description

Suggest adding a new resource that changes DNS server recursion settings. Using the commands Get-DnsServerRecursion and Set-DnsServerRecursion.

Proposed properties

  • DnsServer <Key, String> - The host name of the DNS server to change, or use 'localhost' for the current node.
  • AdditionalTimeout <Write, UInt32> - Specifies the time interval, in seconds, that a DNS server waits as it uses recursion to get resource records from a remote DNS server. We recommend that you limit the value to the range 0x00000000 to 0x0000000F (0 seconds to 15 seconds), inclusive. However, you can use any value. We recommend that you set the default value to 4.
  • Enable <Write, Boolean> - Specifies whether the server enables recursion.
  • RetryInterval <Write, UInt32> - Specifies elapsed seconds before a DNS server retries a recursive lookup. If the parameter is undefined or zero, the DNS server retries after three seconds. Valid values are in the range of 1 second to 15 seconds. We recommend that in general, you do not change the value of this parameter. However, under a few circumstances you should consider changing the parameter value. For example, if a DNS server contacts a remote DNS server over a slow link and retries the lookup before it gets a response, you can raise the retry interval to be slightly longer than the observed response time.
  • SecureResponse <Write, Boolean> - Indicates whether a DNS server screens DNS records against the zone of authority for the remote server, to prevent cache pollution. If you set this to $True, the DNS server caches only those records that are in the zone of authority for the queried remote server. Otherwise, the server caches all records in the remote server cache.
  • Timeout <Write, UInt32> - Specifies the number of seconds that a DNS server waits before it stops trying to contact a remote server. The valid value is in the range of 0x1 to 0xFFFFFFFF (1 second to 15 seconds). The default setting is 0xF (15 seconds). We recommend that you increase this value when recursion occurs over a slow link.

Special considerations or limitations

The default zone '.' that is set with Set-DnsServerRecursionScope is the same scope that is set with this resource. So in a future resource DnsServerRecursionScope it should prevent from changing the property EnableRecursion for the default scope ('.') and instead refer to use this resource.

The parameters Enable, RetryInterval, Timeout, and SecureResponse replaces the properties NoRecursion, RecursionRetry, RecursionTimeout, and SecureResponse respectively in the resource xDnsServerSetting, To avoid ping-pong behavior those properties should be removed from the resource xDnsServerSetting once this issue is resolved.
@johlju johlju added help wanted The issue is up for grabs for anyone in the community. resource proposal The issue is proposing a new resource in the resource module. labels Mar 1, 2021
This was referenced Mar 1, 2021
Open
Closed
@Sudman1
Copy link
Contributor

Sudman1 commented Mar 6, 2021

Using the commands Get-DnsServerCache and Set-DnsServerCache.

I believe you meant Get-DnsServerRecursionScope and Set-DnsServerRecursionScope instead of the cache cmdlets.

@johlju
Copy link
Member Author

johlju commented Mar 7, 2021
edited
Loading

@Sudman1 good catch. Copy paste mistake, it was meant to be Get-DnsServerRecursion and Set-DnsServerRecursion. Updated now. The ones you mentioned is tracked in PR #199.

@johlju johlju mentioned this issue Mar 7, 2021
Closed
@johlju
Copy link
Member Author

johlju commented Mar 28, 2021

The propertySecureResponse changes the same value as EnablePollutionProtection in DnsServerCache does. I think we should leave this property out of this resource and document that the resource DnsServerCache should be used to enforce pollution protection.

@johlju johlju added in progress The issue is being actively worked on by someone. and removed help wanted The issue is up for grabs for anyone in the community. labels Mar 28, 2021
@johlju johlju mentioned this issue Mar 28, 2021
Merged
9 tasks
@johlju johlju added this to the v3.0.0 milestone Mar 31, 2021
johlju added a commit that referenced this issue Apr 5, 2021
@johlju
DnsServerRecursion: New resource proposal (#245)
a2eedd1 
- DnsServerDsc
  - Added new resource
    - _DnsServerRecursion_ - resource to enforce recursion settings (issue #198).
- ResourceBase
  - Moved more logic from the resources into the base class for the method
    `Test()`, `Get()`, and `Set()`. The base class now have three methods
    `AssertProperties()`, `Modify()`, and `GetCurrentState()` where the
    two latter ones must be overridden by a resource if calling the base
    methods `Set()` and `Get()`.
@johlju johlju removed the in progress The issue is being actively worked on by someone. label Apr 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
resource proposal The issue is proposing a new resource in the resource module.
Projects
None yet
Milestone
v3.0.0
Development

Successfully merging a pull request may close this issue.

DnsServerRecursion: New resource proposal johlju/DnsServerDsc
2 participants
@johlju @Sudman1