Home
  •  

Windows Server 2016 és 1709+-os DNS – Létezéstagadás figyelőtípusa

Microsoft.Windows.DNSServer.2016.DNSSEC.DenialOfExistence.MonitorType (UnitMonitorType)

Ez a figyelő nyomon követi, hogy az aláírt zónában engedélyezve van-e az NSEC3, vagy egyszerű NSEC-et használ a létezéstagadásra. Ha csak NSEC használatával történik a létezés biztonságos tagadása, az zónaszámbavételt okozhat.

Element properties:

RunAsDefault
AccessibilityInternal
Support Monitor RecalculateFalse

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.DNSServer.2016.DNSSEC.DenialOfExistence.DS Default
NSEC.CD ConditionDetection System.ExpressionFilter Default
Unsigned.Or.NSEC3.CD ConditionDetection System.ExpressionFilter Default

Overrideable Parameters:

IDParameterTypeSelectorDisplay NameDescription
IntervalSecondsint$Config/IntervalSeconds$Intervallum hossza (mp)
SyncTimestring$Config/SyncTime$Szinkronizálási idő
TimeoutSecondsint$Config/TimeoutSeconds$Időkorlát (s)

Source Code:

<UnitMonitorType ID="Microsoft.Windows.DNSServer.2016.DNSSEC.DenialOfExistence.MonitorType" Accessibility="Internal">

  <MonitorTypeStates>

    <MonitorTypeState ID="Unsigned.Or.NSEC3" NoDetection="false"/>

    <MonitorTypeState ID="NSEC" NoDetection="false"/>

  </MonitorTypeStates>

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="ZoneName" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="ComputerName" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="IntervalSeconds" type="xsd:integer"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="0" name="SyncTime" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="TimeoutSeconds" type="xsd:integer"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int"/>

    <OverrideableParameter ID="SyncTime" Selector="$Config/SyncTime$" ParameterType="string"/>

    <OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int"/>

  </OverrideableParameters>

  <MonitorImplementation>

    <MemberModules>

      <DataSource ID="DS" TypeID="Microsoft.Windows.DNSServer.2016.DNSSEC.DenialOfExistence.DS">

        <ZoneName>$Config/ZoneName$</ZoneName>

        <ComputerName>$Config/ComputerName$</ComputerName>

        <IntervalSeconds>$Config/IntervalSeconds$</IntervalSeconds>

        <SyncTime>$Config/SyncTime$</SyncTime>

        <TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>

      </DataSource>

      <ConditionDetection ID="Unsigned.Or.NSEC3.CD" TypeID="System!System.ExpressionFilter">

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="String">Property[@Name='IsSigned']</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="String">False</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <And>

                <Expression>

                  <SimpleExpression>

                    <ValueExpression>

                      <XPathQuery Type="String">Property[@Name='IsSigned']</XPathQuery>

                    </ValueExpression>

                    <Operator>Equal</Operator>

                    <ValueExpression>

                      <Value Type="String">True</Value>

                    </ValueExpression>

                  </SimpleExpression>

                </Expression>

                <Expression>

                  <SimpleExpression>

                    <ValueExpression>

                      <XPathQuery Type="String">Property[@Name='DenialOfExistence']</XPathQuery>

                    </ValueExpression>

                    <Operator>Equal</Operator>

                    <ValueExpression>

                      <Value Type="String">NSec3</Value>

                    </ValueExpression>

                  </SimpleExpression>

                </Expression>

              </And>

            </Expression>

          </Or>

        </Expression>

      </ConditionDetection>

      <ConditionDetection ID="NSEC.CD" TypeID="System!System.ExpressionFilter">

        <Expression>

          <And>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="String">Property[@Name='IsSigned']</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="String">True</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="String">Property[@Name='DenialOfExistence']</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="String">NSec</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </And>

        </Expression>

      </ConditionDetection>

    </MemberModules>

    <RegularDetections>

      <RegularDetection MonitorTypeStateID="Unsigned.Or.NSEC3">

        <Node ID="Unsigned.Or.NSEC3.CD">

          <Node ID="DS"/>

        </Node>

      </RegularDetection>

      <RegularDetection MonitorTypeStateID="NSEC">

        <Node ID="NSEC.CD">

          <Node ID="DS"/>

        </Node>

      </RegularDetection>

    </RegularDetections>

  </MonitorImplementation>

</UnitMonitorType>