Home
  •  

Test Configured Root Hints Health

Microsoft.Windows.DNSServer.2016.Task.HealthCheck.ConfiguredRootHints (Task)

Checks that all the RootHints from given servers are responsive. Specify server names overriding Parameter1. Not supported on Nano.

Element properties:

TargetMicrosoft.Windows.DNSServer.2016.Healthcheck.TaskTarget
AccessibilityInternal
CategoryCustom
EnabledTrue
RemotableFalse
Timeout300

Member Modules:

ID Module Type TypeId RunAs 
PA ProbeAction Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA Microsoft.Windows.DNSServer.2016.ActionAccount

Source Code:

<Task ID="Microsoft.Windows.DNSServer.2016.Task.HealthCheck.ConfiguredRootHints" Accessibility="Internal" Target="Microsoft.Windows.DNSServer.2016.Healthcheck.TaskTarget" Enabled="true" Timeout="300" Remotable="true">

  <Category>Custom</Category>

  <ProbeAction ID="PA" TypeID="Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA" RunAs="Microsoft.Windows.DNSServer.2016.ActionAccount">

    <ScriptName>Microsoft.Windows.Server.10.0.HealthCheck.ConfiguredRootHints.Task.Script.ps1</ScriptName>

    <ScriptBody><Script>

                        

                            param ([String] $PrincipalName, [String] $Parameter1, [String] $Parameter2, [String] $Parameter3)

                            $SCRIPT_NAME = "HealthCheckConfiguredRootHintsServer10.0"

                            					   Function Import-TaskCmdLets()

					   {

                           try

						   {

							   $dnsmodule = Get-Module -Name "DnsServer"

							   if ($null -eq $dnsmodule)

							   {

									Import-Module DnsServer

							   }

						   }

						   catch [System.IO.FileNotFoundException]

						       {

								  $ErrorMessage = "Dns cmdlets doesn't exist."

								  Write-Host $ErrorMessage

								  exit 

							   }

						   catch

						   {

                                 $ErrorMessage = $_.Exception.Message

							     Write-Host "Cannot import DNS Server cmdlets"

                                 Write-Host $ErrorMessage

							     exit

						   }

					   }



					   Import-TaskCmdLets

$global:stringOutput = "Messages: "

$global:htmlReport = ""



try 

{

    Enum RetStatus

    {

		Success

		Failure

		RpcServerIsUnavailable

		AccessIsDenied

		ZoneDoesNotExist

		OperationIsNotSupported

		RecordDoesNotExist

		NotApplicable

		ResolveDnsNameServerNotFound

		ResolveDnsNameResolutionFailed

		ResolveDnsNameTimeoutPeriodExpired

    }





	Enum ValidationType

	{

		Domain

		Zone

		ZoneAging

		ZoneDelegation

		Forwarder

		RootHints

	}

}

catch

    {



	}



$script:resultView =@{ 

    "List" = "List" 

    ;"Table" = "Table" 

} 



Function LogComment

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [string]$message,



    [int]$level = $script:logLevel.Verbose 

) 



    #$stringBuilder.AppendLine($message);

    $global:stringOutput += "`r`n" + $message

} 



Function ExecuteCmdLet 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [string]$cmdLetName, 

    [HashTable]$params = @{}    

) 

    $cmdString=$cmdLetName; 

    $displayString=$cmdLetName; 

    $script:cmdLetReturnedStatus = [RetStatus]::Success; 

    if ($null -ne $params) { 

        foreach($key in $params.keys) { 

            if ($script:switchParamVal -eq $params[$key]) { 

                $cmdString +=" -$key ";   

                $displayString +=" -$key "; 

            } else { 

                $cmdString += " -$key `$params[`"$key`"]"; 

                $displayString += " -$key $($params[$key])"; 

            } 

        } 

    }     

    $cmdString += " -ErrorAction Stop 2&gt; `$null"; 

    $displayString += " -ErrorAction Stop 2&gt; `$null"; 

    LogComment $displayString $script:logLevel.Host; 

    $retObj = $null; 

    try { 

        $retObj = Invoke-Expression $cmdString; 

    } catch [Exception] { 

        if (Get-Member -InputObject $_.Exception -Name "Errordata") 

        { 

            # Handling DNS server module specific exceptions. 

            if (5 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: Access is denied, considering it as current login creds don't have server read access.")  $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::AccessIsDenied; 

            } elseif (1722 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: The RPC server is unavailable, considering it as server is down.") ` 

                    $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::RpcServerIsUnavailable; 

            } elseif (9601 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: DNS zone does not exist, considering it as given server isn't hosting input zone.")  $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::ZoneDoesNotExist; 

            } elseif (9611 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: Invalid DNS zone type, considering it as we can't perform current operation on input zone.")  $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::OperationIsNotSupported; 

            } elseif (9714 -eq $_.Exception.Errordata.error_Code) { 

                LogComment $("Caught error: DNS name does not exist, considering it as input record doesn't exist.") ` 

                    $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::RecordDoesNotExist; 

            } else { 

                LogComment $("Caught error while executing '" + $displayString + "' with errorcode: " + $_.Exception.Errordata.error_Code) $script:logLevel.Error; 

                $script:cmdLetReturnedStatus = $([String]$_.Exception.Errordata.error_Code + ":" + $_.Exception.Errordata.error_WindowsErrorMessage); 

                #throw;                            

            } 

        } elseif (Get-Member -InputObject $_ -Name "FullyQualifiedErrorId") 

        { 

            # Handling Resolve-DnsName specific errors. 

            if ($_.FullyQualifiedErrorId.Contains("DNS_ERROR_RCODE_NAME_ERROR")) { 

                LogComment $("Caught error: ResolveDnsNameResolutionFailed in Resolve-DnsName.") $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::ResolveDnsNameResolutionFailed; 

            } elseif ($_.FullyQualifiedErrorId.Contains("System.Net.Sockets.SocketException")) { 

                LogComment $("Caught error: ResolveDnsNameServerNotFound in Resolve-DnsName.") $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::ResolveDnsNameServerNotFound; 

            } elseif ($_.FullyQualifiedErrorId.Contains("ERROR_TIMEOUT")) { 

                LogComment $("Caught error: ResolveDnsNameTimeoutPeriodExpired in Resolve-DnsName.") $script:logLevel.Warning; 

                $script:cmdLetReturnedStatus = [RetStatus]::ResolveDnsNameServerNotFound; 

            } else { 

                LogComment $("Caught error while executing '" + $displayString + "' `n" + $_.Exception) $script:logLevel.Error;   

                $script:cmdLetReturnedStatus = $([String]$_.FullyQualifiedErrorId + ":" + $_.Exception); 

                throw;   

            } 

        } else 

        { 

            LogComment $("Caught error while executing '" + $displayString + "' `n" + $_.Exception) $script:logLevel.Error;   

            $script:cmdLetReturnedStatus = $($_.Exception); 

            throw;                               

        } 

    } 

    if ($null -eq $retObj) { 

        LogComment "CmdLet returned with NULL..." $script:logLevel.Host;         

    } 

    return $retObj 

} 



Function Insert-ResultInObject 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [Object]$inputObj,  

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [String]$resultName, 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [String]$resultVal 

)         

    if (Get-Member -InputObject $inputObj -Name $resultName) { 

        $inputObj.$resultName = $resultVal;         

    } else { 

        $inputObj | Add-Member -memberType NoteProperty -name $resultName -value $resultVal;         

    }     

    return $inputObj; 

} 



Function Generate-Report 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [Object]$inputObj,  

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    [String]$contextName, 

    [String]$viewAs = $script:resultView.Table 

)     

 

    $head = @' 

    &lt;!--mce:0--&gt; 

'@ 

 

    $header = "&lt;H1&gt;DNS Health Report for " + $contextName + "&lt;/H1&gt;"; 

    $ouputFile = $contextName + ".html"; 

    $inputObj = $inputObj | ? {$null -ne ($_ | gm -m properties)}; 

    $report = $inputObj | ConvertTo-Html -Head $head -Body $header -As $viewAs 

         

    # Do the colour coding of Success &amp; Failure, basically a hack in HTML. 

    $success2Search = "&lt;td&gt;" + [RetStatus]::Success + "&lt;/td&gt;"; 

    $success2Replace = "&lt;td style=`"color:green;font-weight:bold;`"&gt;" + [RetStatus]::Success + "&lt;/td&gt;"; 

    $failure2Search = "&lt;td&gt;" + [RetStatus]::Failure + "&lt;/td&gt;"; 

    $failure2Replace = "&lt;td style=`"color:red;font-weight:bold;`"&gt;" + [RetStatus]::Failure + "&lt;/td&gt;"; 



    $report = $report -creplace $success2Search, $success2Replace; 

    $report = $report -creplace $failure2Search, $failure2Replace; 



    $global:htmlReport += $report

} 



# 

# Tests whether given DNS Server is able to resolve input DNS Name. 

# 

Function Test-DnsServerForInputDnsName 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $dnsName, 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $dnsServer, 

    $rrType = "All" 

)     

    $result = [RetStatus]::Failure;  

 

    try {     

        $retObj = ExecuteCmdLet "Resolve-DnsName" @{"Name" = $dnsName; "Type" = $rrType; "Server" = $dnsServer};  

        if ($null -eq $retObj) { 

            LogComment $("Resolve-DnsName for " + $dnsName + " failed on server " + $dnsServer + " with " + $script:cmdLetReturnedStatus) $script:logLevel.Error;  

            $result = $script:cmdLetReturnedStatus; 

        } else { 

            LogComment $("Name resolution of " + $dnsName + " passed on server " + $dnsServer);  

            $result = [RetStatus]::Success; 

        } 

         

    } catch { 

        LogComment $("Test-DnsServerForInputDnsName failed " + $_.Exception) $script:logLevel.Error; 

        $result = [RetStatus]::Failure; 

    }    

     

    return $result; 

} 

 

Function Test-DnsServerForInputZone 

{ 

param ( 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $zoneName, 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $dnsServer, 

    $remoteServer = "." 

)     

    $result = [RetStatus]::Failure;  

 

    try { 

     

        $dnsServerIP = $null; 

        if (![Net.IPaddress]::TryParse($dnsServer, [ref]$dnsServerIP)) { 

            try { 

                #Resolve and get first IP 

                $dnsServerIP = [System.Net.Dns]::GetHostAddresses($dnsServer).IPAddressToString.Split(" ")[0];                 

            } catch { 

                LogComment $("Exception while trying to get IP Address of  " + $dnsServer + "`n" + $_.Exception)  $script:logLevel.Error; 

                throw; 

            } 

        } 

         

        $retObj = ExecuteCmdLet "Test-DnsServer" @{"ComputerName" = $remoteServer; "ZoneName" = $zoneName; "IPAddress" = $dnsServerIP}; 

        if ($null -eq $retObj) {   

            LogComment $("Test-DnsServer failed for " + $zoneName + " on server " + $dnsServer) $script:logLevel.Warning;  

            $result = $script:cmdLetReturnedStatus; 

        } else { 

            if (($retObj.Result -eq "Success") -or ($retObj.Result -eq "NotAuthoritativeForZone")) { 

                LogComment $("Test-DnsServer passed for " + $zoneName + " on server " + $dnsServer + " with Result: " + $retObj.Result); 

                $result = [RetStatus]::Success; 

            } else { 

                LogComment $("Test-DnsServer failed for " + $zoneName + " on server " + $dnsServer + " with Result: " + $retObj.Result) $script:logLevel.Warning;  

                $result = $retObj.Result; 

            } 

        } 

    } catch { 

        LogComment $("Test-DnsServerForInputDnsName failed " + $_.Exception) $script:logLevel.Error; 

        $result = [RetStatus]::Failure; 

    }    

     

    return $result; 

} 



Function Test-DnsServerForInputContext 

{ 

param (

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $dnsServer, 

    [parameter(Mandatory=$true)] 

    [ValidateNotNullOrEmpty()] 

    $context, 

    $remoteServer = "." 

)     

    $result = [RetStatus]::Failure;   

 

    try { 

     

        $retObj = ExecuteCmdLet "Test-DnsServer" @{"ComputerName" = $remoteServer; "IPAddress" = $dnsServer; "Context" = $context}; 

        if ($null -eq $retObj) {   

            LogComment $("Test-DnsServer failed for DnsServer: " + $dnsServer + " with context: " + $context) $script:logLevel.Warning;  

            $result = $script:cmdLetReturnedStatus; 

        } else { 

            if ($retObj.Result -eq "Success") { 

                LogComment $("Test-DnsServer Passed for DnsServer: " + $dnsServer + " with context: " + $context + " and Result: " + $retObj.Result); 

                $result = [RetStatus]::Success; 

            } else { 

                LogComment $("Test-DnsServer Failed for DnsServer: " + $dnsServer + " with context: " + $context + " and Result: " + $retObj.Result) $script:logLevel.Warning;  

                $result = $retObj.Result; 

            } 

        } 

    } catch { 

        LogComment $("Test-DnsServerForInputContext failed " + $_.Exception) $script:logLevel.Error; 

        $result = [RetStatus]::Failure; 

    }    

     

    return $result; 

} 



Function Get-HashtableFromString

{

    param(

        [string] $serializedHashtable

    )



    [Hashtable] $ht = New-Object -TypeName Hashtable



    $kvStrings = $Parameter1 -split ";"



    foreach($kvStr in $kvStrings)

    {

        if($kvStr -ne $null -and $kvStr -ne "")

        {

            $arr = $kvStr -split ","

    

            $list = New-Object  -TypeName System.Collections.Generic.List[string]

            for($i=1;$i -lt $arr.Length; $i++)

            {

                if($arr[$i] -ne $null -and $arr[$i] -ne "") { $list.Add($arr[$i]) }

            }

            $ht.Add($arr[0],$list)

        }

    }



    return $ht

}



Function Get-StringFromHashtable

{

    param(

        [Hashtable] $ht

    )



    [string]$result = ""



    foreach($kv in $ht.GetEnumerator())

    {

        $result += ";"+ $kv.Key

        if($kv.Value -ne $null)

        {

            foreach($value in $kv.Value)

            {

                $result += "," + $value

            }

        }

    }



    return $result

}

if($Parameter1 -eq $null -or $Parameter1 -eq "")

{

	Write-Host "Parameter1 for task can not be empty! Please specify required value."

	Return

}



$dnsServerList = $Parameter1 -split ";" | Where-Object {$_}



$statusArray = @(); 

     

foreach($dnsServer in $dnsServerList) { 

     

    $status = New-Object PSObject; 

    $status | Add-Member -memberType NoteProperty -name "DNSServer" -value $dnsServer;    

    try { 

        $retObj = ExecuteCmdLet "Get-DnsServerRootHint" @{"ComputerName" = $dnsServer}; 

        if ($null -ne $retObj) { 

            LogComment $("Performing RootHints health check for DnsServer: " + $dnsServer); 

            foreach($rH in $retObj) {          

                $result = [RetStatus]::Success; 

                $resultStream = $null; 

                $rHName = $rH.NameServer.RecordData.NameServer; 

                LogComment $("Validating RootHints: " + $rHName + " for DnsServer: " + $dnsServer); 

                [Array]$rr_ip = $rH.IPAddress 

                foreach ($ipRec in $rr_ip) { 

                    $ipAddr = @(); 

                    if ($ipRec.RecordType -eq "A") { 

                        $ipAddr = $ipRec.RecordData.IPv4Address 

                    } else { 

                        $ipAddr = $ipRec.RecordData.IPv6Address 

                    }   

                    foreach ($ip in $ipAddr) { 

                        $retVal = Test-DnsServerForInputContext $ip "RootHints" $dnsServer; 

                        $resultStream = $resultStream + $ip.IPAddressToString + ":" + $retVal + "`n"; 

                        if ([RetStatus]::Success -eq $retVal) { 

                            LogComment $("Validated RootHints: " + $ip + " of DNS Server: " + $dnsServer); 

                            LogComment $("Validated RootHints: " + $ip + " of DNS Server: " + $dnsServer) ` 

                                $script:logLevel.Host;                 

                        } else { 

                            $result = [RetStatus]::Failure; 

                            LogComment $("Validation of RootHints: " + $ip + " of DNS Server: " + $dnsServer + " failed.") ` 

                                $script:logLevel.Error; 

                        } 

                    }                         

                } 

                if ([RetStatus]::Success -eq $result) { 

                    $status = Insert-ResultInObject $status $rHName $result; 

                } else { 

                    $status = Insert-ResultInObject $status $rHName $resultStream; 

                    LogComment $("Validation output:" + $resultStream) $script:logLevel.Error; 

                } 

            } 

        } else { 

            if ([RetStatus]::Success -ne $script:cmdLetReturnedStatus) { 

                LogComment $("Unable to get RootHints list for DnsServer: " + $dnsServer) ` 

                    $script:logLevel.Error;    

                $status = Insert-ResultInObject $status "Get-DnsServerRootHint" $script:cmdLetReturnedStatus; 

            } else { 

                LogComment $("There's no RootHints configured on DnsServer: " + $dnsServer); 

                $status = Insert-ResultInObject $status "NoRootHintConfigured" $script:cmdLetReturnedStatus; 

            } 

        } 

    } catch { 

        LogComment $("Test-ConfiguredRootHintsHealth failed on DNSServer: " + $dnsServer + " `n " + $_.Exception) ` 

            $script:logLevel.Error; 

        $result = [RetStatus]::Failure; 

        $status = Insert-ResultInObject $status "RootHintsHealthCheckFailed" $result; 

    } 

    $statusArray += $status; 

} 

     

Generate-Report $statusArray $MyInvocation.MyCommand $script:resultView.List; 

 

$global:htmlReport 



</Script></ScriptBody>

    <PrincipalName>$Target/Host/Host/Property[Type='Windows!Microsoft.Windows.Computer']/PrincipalName$</PrincipalName>

    <Parameter1/>

    <Parameter2/>

    <Parameter3/>

    <TimeoutSeconds>3600</TimeoutSeconds>

  </ProbeAction>

</Task>