DnsServerRecursion: New resource proposal

[johlju]

Description

Suggest adding a new resource that changes DNS server recursion settings. Using the commands Get-DnsServerRecursion and Set-DnsServerRecursion.

Proposed properties

• DnsServer <Key, String> - The host name of the DNS server to change, or use 'localhost' for the current node.
• AdditionalTimeout <Write, UInt32> - Specifies the time interval, in seconds, that a DNS server waits as it uses recursion to get resource records from a remote DNS server. We recommend that you limit the value to the range 0x00000000 to 0x0000000F (0 seconds to 15 seconds), inclusive. However, you can use any value. We recommend that you set the default value to 4.
• Enable <Write, Boolean> - Specifies whether the server enables recursion.
• RetryInterval <Write, UInt32> - Specifies elapsed seconds before a DNS server retries a recursive lookup. If the parameter is undefined or zero, the DNS server retries after three seconds. Valid values are in the range of 1 second to 15 seconds. We recommend that in general, you do not change the value of this parameter. However, under a few circumstances you should consider changing the parameter value. For example, if a DNS server contacts a remote DNS server over a slow link and retries the lookup before it gets a response, you can raise the retry interval to be slightly longer than the observed response time.
• SecureResponse <Write, Boolean> - Indicates whether a DNS server screens DNS records against the zone of authority for the remote server, to prevent cache pollution. If you set this to $True, the DNS server caches only those records that are in the zone of authority for the queried remote server. Otherwise, the server caches all records in the remote server cache.
• Timeout <Write, UInt32> - Specifies the number of seconds that a DNS server waits before it stops trying to contact a remote server. The valid value is in the range of 0x1 to 0xFFFFFFFF (1 second to 15 seconds). The default setting is 0xF (15 seconds). We recommend that you increase this value when recursion occurs over a slow link.

Special considerations or limitations

The default zone '.' that is set with Set-DnsServerRecursionScope is the same scope that is set with this resource. So in a future resource DnsServerRecursionScope it should prevent from changing the property EnableRecursion for the default scope ('.') and instead refer to use this resource.

The parameters Enable, RetryInterval, Timeout, and SecureResponse replaces the properties NoRecursion, RecursionRetry, RecursionTimeout, and SecureResponse respectively in the resource xDnsServerSetting, To avoid ping-pong behavior those properties should be removed from the resource xDnsServerSetting once this issue is resolved.

[Sudman1]

Using the commands Get-DnsServerCache and Set-DnsServerCache.

I believe you meant Get-DnsServerRecursionScope and Set-DnsServerRecursionScope instead of the cache cmdlets.

[johlju]

@Sudman1 good catch. Copy paste mistake, it was meant to be Get-DnsServerRecursion and Set-DnsServerRecursion. Updated now. The ones you mentioned is tracked in PR #199.

[johlju]

The propertySecureResponse changes the same value as EnablePollutionProtection in DnsServerCache does. I think we should leave this property out of this resource and document that the resource DnsServerCache should be used to enforce pollution protection.