Home
  •  

Microsoft Windows Server 2016 e 1709+ - Falha de Assinatura de DS de DNS

Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.DSSignFailure (Rule)

Regra de geração de alerta para Assinatura de DS de DNSSEC

Knowledge Base article:

Resumo

O Servidor DNS não conseguiu assinar os registos DS novos da Zona subordinada.

Causas

O Servidor DNS não conseguiu assinar os registos DS novos da Zona subordinada. Os registos DS novos não serão incorporados na Zona e a consulta de Zona subordinada desta Zona foi abortada. Esta operação será tentada novamente no próximo ciclo de consulta subordinado do Servidor DNS.

Resoluções

Verifique as definições de DNSSEC da Zona.

Element properties:

TargetMicrosoft.Windows.DNSServer.2016.Zone
CategoryAlert
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
Windows DNS 2016 e 1709+ - Falha de Assinatura de DS

ID do Evento: {0}
Origem do Evento: {1}
Registo de Eventos: {2}
Descrição do Evento: {3}
Event LogDNS Server

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.DSSignFailure" Enabled="true" Target="Microsoft.Windows.DNSServer.2016.Zone" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>DNS Server</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">7659</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Params/Param[2]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">$Target/Property[Type="Microsoft.Windows.DNSServer.2016.Zone"]/ZoneName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.DSSignFailure.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDisplayNumber$</AlertParameter1>

        <AlertParameter2>$Data/EventSourceName$</AlertParameter2>

        <AlertParameter3>$Data/Channel$</AlertParameter3>

        <AlertParameter4>$Data/EventDescription$</AlertParameter4>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/LoggingComputer$</SuppressionValue>

        <SuppressionValue>$Data/Params/Param[2]$</SuppressionValue>

      </Suppression>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6/>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>