Closed johlju closed 3 years ago
Using the commands
Get-DnsServerCache
andSet-DnsServerCache
.
I believe you meant Get-DnsServerRecursionScope
and Set-DnsServerRecursionScope
instead of the cache cmdlets.
@Sudman1 good catch. Copy paste mistake, it was meant to be Get-DnsServerRecursion
and Set-DnsServerRecursion
. Updated now. The ones you mentioned is tracked in PR #199.
The propertySecureResponse
changes the same value as EnablePollutionProtection
in DnsServerCache does. I think we should leave this property out of this resource and document that the resource DnsServerCache should be used to enforce pollution protection.
Description
Suggest adding a new resource that changes DNS server recursion settings. Using the commands
Get-DnsServerRecursion
andSet-DnsServerRecursion
.Proposed properties
DnsServer
<Key, String> - The host name of the DNS server to change, or use'localhost'
for the current node.AdditionalTimeout
<Write, UInt32> - Specifies the time interval, in seconds, that a DNS server waits as it uses recursion to get resource records from a remote DNS server. We recommend that you limit the value to the range 0x00000000 to 0x0000000F (0 seconds to 15 seconds), inclusive. However, you can use any value. We recommend that you set the default value to 4.Enable
<Write, Boolean> - Specifies whether the server enables recursion.RetryInterval
<Write, UInt32> - Specifies elapsed seconds before a DNS server retries a recursive lookup. If the parameter is undefined or zero, the DNS server retries after three seconds. Valid values are in the range of 1 second to 15 seconds. We recommend that in general, you do not change the value of this parameter. However, under a few circumstances you should consider changing the parameter value. For example, if a DNS server contacts a remote DNS server over a slow link and retries the lookup before it gets a response, you can raise the retry interval to be slightly longer than the observed response time.SecureResponse
<Write, Boolean> - Indicates whether a DNS server screens DNS records against the zone of authority for the remote server, to prevent cache pollution. If you set this to $True, the DNS server caches only those records that are in the zone of authority for the queried remote server. Otherwise, the server caches all records in the remote server cache.Timeout
<Write, UInt32> - Specifies the number of seconds that a DNS server waits before it stops trying to contact a remote server. The valid value is in the range of 0x1 to 0xFFFFFFFF (1 second to 15 seconds). The default setting is 0xF (15 seconds). We recommend that you increase this value when recursion occurs over a slow link.Special considerations or limitations
The default zone
'.'
that is set withSet-DnsServerRecursionScope
is the same scope that is set with this resource. So in a future resourceDnsServerRecursionScope
it should prevent from changing the propertyEnableRecursion
for the default scope ('.'
) and instead refer to use this resource.The parameters
Enable
,RetryInterval
,Timeout
, andSecureResponse
replaces the propertiesNoRecursion
,RecursionRetry
,RecursionTimeout
, andSecureResponse
respectively in the resource xDnsServerSetting, To avoid ping-pong behavior those properties should be removed from the resource xDnsServerSetting once this issue is resolved.