Home
  •  

Validate Signed Zones

Microsoft.Windows.DNSServer.2016.Task.Validate.DNSSEC (Task)

Validate the DNSSEC setting if the setup is configured for DNSSEC validations for given servers. Specify server names overriding Parameter1. Not supported on Nano.

Element properties:

TargetMicrosoft.Windows.DNSServer.2016.Healthcheck.TaskTarget
AccessibilityInternal
CategoryCustom
EnabledTrue
RemotableFalse
Timeout300

Member Modules:

ID Module Type TypeId RunAs 
PA ProbeAction Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA Microsoft.Windows.DNSServer.2016.ActionAccount

Source Code:

<Task ID="Microsoft.Windows.DNSServer.2016.Task.Validate.DNSSEC" Accessibility="Internal" Target="Microsoft.Windows.DNSServer.2016.Healthcheck.TaskTarget" Enabled="true" Timeout="300" Remotable="true">

  <Category>Custom</Category>

  <ProbeAction ID="PA" TypeID="Microsoft.Windows.DNSServer.2016.ParametrizedPowershellProbe.PA" RunAs="Microsoft.Windows.DNSServer.2016.ActionAccount">

    <ScriptName>Microsoft.Windows.Server.DNS.Validate.DNSSEC.PA.ps1</ScriptName>

    <ScriptBody><Script>

                        

                            param ([String] $PrincipalName, [String] $Parameter1, [String] $Parameter2, [String] $Parameter3)

                            $SCRIPT_NAME = "DNSSECSettingsValidationProbe"

                            $ErrorActionPreference = "Stop"



# Event type constants

$EVENT_TYPE_LOG = 0

$EVENT_TYPE_ERROR = 1

$EVENT_TYPE_WARNING = 2

$EVENT_TYPE_INFORMATION = 4



# Typed property bag constants

$PROPERTY_TYPE_ALERT = 0

$PROPERTY_TYPE_EVENT = 1

$PROPERTY_TYPE_PERFORMANCE = 2

$PROPERTY_TYPE_STATE = 3



# State type constants

$STATE_SUCCESS = "Success"

$STATE_WARNING = "Warning"

$STATE_ERROR = "Error"



$momAPI = new-object -comObject MOM.ScriptAPI



$DNS_NOT_RUNNING_EVENT_ID = 7654

$DNS_NOT_RUNNING_SCRIPT_MESSAGE = "DNS Server Service is not running. Exiting."



$ErrorInfo     = 5704

$EventWarn     = 5702

$EventError    = 5702

$EventSuccess  = 5700





function FuncCheckService{

 param($ServiceName)

 try

 {

	$arrService = Get-Service -Name $ServiceName

	if ($arrService.Status -ne "running")

	{ 

		return $false

	}

	return $true

 } 

 catch

 {

    return $false

 }

 }



                       Function Set-Error($momAPI,[String]$ErrorMessage,$EventLevel,$EventType,[String]$ScriptName)

                       {

                           if ($null -eq $momAPI)

                           {

                             return

                           }



                           try

                           {

							   if ($null -ne $momAPI)

							   {

                                  $momAPI.LogScriptEvent($ScriptName,$EventLevel,$EventType,$ErrorMessage)

							   }

                           }

                           catch

                                {

                                }



                       }



					   Function Import-CmdLets ($momAPI,[string]$ScriptName)

					   {

                           try

						   {

							   $dnsmodule = Get-Module -Name "DnsServer"

							   if ($null -eq $dnsmodule)

							   {

									Import-Module DnsServer

							   }

						   }

						   catch [System.IO.FileNotFoundException]

						       {

								  $ErrorMessage = "Dns cmdlets doesn't exist."

								  Set-Error -momAPI $momAPI -ScriptName $ScriptName -EventLevel $EventError -EventType $EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage

                                  exit 

							   }

						   catch

						   {

                                 $ErrorMessage = Get-ErrorMessage -Exception $_.Exception -ScriptName $ScriptName

                                 Set-Error -momAPI $momAPI -ScriptName $ScriptName -EventLevel $EventError -EventType $EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage

							     exit

						   }

					   }



                       Function Get-ErrorMessage($Exception,[string]$ScriptName)

                       {

						 $ErrorMes = $Exception.Message

                         $ErrorMessage = @"

Module: $ScriptName



Error(s) was(were) occurred:

Error(s):

$ErrorMes



"@



                        return $ErrorMessage

                       }



					   Function Process-DiscoveryFailure

					   {

							$ErrorMessage = Get-ErrorMessage -Exception $_.Exception -ScriptName $Script:SCRIPT_NAME

							Set-Error -momApi $Script:momApi -ScriptName $Script:SCRIPT_NAME -EventLevel $Script:EventError -EventType $Script:EVENT_TYPE_ERROR -ErrorMessage $ErrorMessage



							$discoveryData = $Script:momApi.CreateDiscoveryData(0, $Script:ElementID, $Script:TargetID)

							$discoveryData.IsSnapshot = $false

							$discoveryData

					   }



					   Import-Cmdlets -momAPI $momAPI -ScriptName $SCRIPT_NAME 



if($Parameter1 -eq $null -or $Parameter1 -eq "")

{

	Write-Host "Parameter1 for task can not be empty! Please specify required value."

	Return

}



$TargetObjects = $Parameter1 -split ";" | Where-Object {$_}



if($TargetObjects -ne $null)

{

	if($TargetObjects.Count -eq $null) # if single object returned

	{

		$ObjCount = 1

	}

	else

	{

		$ObjCount = $TargetObjects.Count

	}



	for ($i=0; $i -lt $ObjCount; $i++)

	{

	    if($ObjCount -eq 1)

		{

		    $Obj = $TargetObjects

		}

		else

		{

			$Obj = $TargetObjects.Item($i)

		}



		$zoneName = $Obj + "."

        try {

        $zoneRecords = Resolve-DnsName -Server $PrincipalName -Name $zoneName -DnssecOk -ErrorAction Stop| Where-Object {$_.QueryType -eq "RRSIG"} -ErrorAction Stop

		

        if (($zoneRecords -eq $null)-or ($zoneRecords.Count -le 0))

        {

            #Write-Host "Signed zone $zoneName DNSSEC setings validation failed at server $PrincipalName"

			Write-Host "The DNS query for signed zone $Obj did not get a DNSSEC response from server $PrincipalName"

			

        }

		else

        {

			#Write-Host "Signed zone $zoneName DNSSEC setings validation succeeded at server $PrincipalName"

			Write-Host "The signed zone $Obj on server $PrincipalName contains a RRSIG record"

        }

		}

		catch [Management.Automation.CommandNotFoundException]

		{

			Write-Host $_.Exception.Message

		}

		catch

        {            

            Write-Host "An Error Has Occurred in Resolve-DnsName cmdlet. Server: $PrincipalName,  Zone: $Obj"

        }

	}

}

</Script></ScriptBody>

    <PrincipalName>$Target/Host/Host/Property[Type='Windows!Microsoft.Windows.Computer']/PrincipalName$</PrincipalName>

    <Parameter1/>

    <Parameter2/>

    <Parameter3/>

    <TimeoutSeconds>300</TimeoutSeconds>

  </ProbeAction>

</Task>