DnsServerSetting: Allow MaximumUdpPacketSize to be read/write property (#308)

Author: Borgquite

CHANGELOG.md

@@ -5,6 +5,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- DnsServerSetting
+  - Set-TargetResource was not correctly retrieving current settings from remote computers.
+  - Updated comment based help for various settings to include allowed values in decimal.
+
+### Changed
+
+- DnsServerSetting
+  - Allow MaximumUdpPacketSize to be read/write. Fixes [issue #307](https://github.com/dsccommunity/DnsServerDsc/issues/307).
+  - Add input validation to RemoteIPv4RankBoost, RemoteIPv6RankBoost, MaximumRodcRsoQueueLength,
+    MaximumRodcRsoAttemptsPerCycle, TcpReceivePacketSize, MaximumUdpPacketSize.
+
 ## [3.0.1] - 2025-08-28
 
 ### Changed

source/DSCResources/DSC_DnsServerSetting/DSC_DnsServerSetting.psm1

@@ -33,7 +33,7 @@ class DSC_DnsServerSetting : OMI_BaseResource
     [Write, Description("Specifies whether the DNS server will forward updates received for secondary zones to the primary DNS server for the zone.")] Boolean EnableUpdateForwarding;
     [Write, Description("Specifies whether the DNS server will perform NetBIOS name resolution in order to map IP addresses to machine names while processing queries in zones where WINS-R information has been configured.")] Boolean EnableWinsR;
     [Write, Description("Specifies whether the DNS server will delete DNS glue records found outside a delegated subzone when reading records from persistent storage.")] Boolean DeleteOutsideGlue;
-    [Write, Description("Specifies whether the DNS server will indicate to the remote DNS servers that it supports multiple DNS records in each zone transfer response message by appending the characters MS at the end of zone transfer requests. The value SHOULD be limited to `0x00000000` and `0x0000000`, but it MAY be any value.")] Boolean AppendMsZoneTransferTag;
+    [Write, Description("Specifies whether the DNS server will indicate to the remote DNS servers that it supports multiple DNS records in each zone transfer response message by appending the characters MS at the end of zone transfer requests. The value SHOULD be limited to 0 and 1 (0x00000000 and 0x0000001), but it MAY be any value.")] Boolean AppendMsZoneTransferTag;
     [Write, Description("Specifies whether the DNS server will allow zone transfers for zones that are stored in the directory server when the directory server does not support write operations.")] Boolean AllowReadOnlyZoneTransfer;
     [Write, Description("Specifies whether the DNS server will attempt to suppress large volumes of DNS error responses sent to remote IP addresses that may be attempting to attack the DNS server.")] Boolean EnableSendErrorSuppression;
     [Write, Description("Specifies whether the DNS server will ignore CNAME conflicts during DNS update processing.")] Boolean SilentlyIgnoreCnameUpdateConflicts;
@@ -44,29 +44,30 @@ class DSC_DnsServerSetting : OMI_BaseResource
     [Write, Description("Specifies whether to ignore the server level policies on the DNS server. `$true` to ignore the server level policies on the DNS server; otherwise, `$false`.")] Boolean IgnoreServerLevelPolicies;
     [Write, Description("Specifies whether to ignore all policies on the DNS server. `$true` to ignore all policies on the DNS server; otherwise, `$false`.")] Boolean IgnoreAllPolicies;
     [Write, Description("Specifies what version information the DNS server will respond with when a DNS query with class set to CHAOS and type set to TXT is received.")] UInt32 EnableVersionQuery;
-    [Write, Description("Specifies possible settings for automatic delegation creation for new zones on the DNS server. The value SHOULD be limited to the range from `0x00000000` to `0x00000002`, inclusive, but it MAY be any value.")] UInt32 AutoCreateDelegation;
-    [Write, Description("Specifies the value to add to all IPv4 addresses for remote DNS servers when selecting between IPv4 and IPv6 remote DNS server addresses. The value MUST be limited to the range from `0x00000000` to `0x0000000A`, inclusive.")] UInt32 RemoteIPv4RankBoost;
-    [Write, Description("Specifies the value to add to all IPv6 addresses for remote DNS servers when selecting between IPv4 and IPv6 remote DNS server addresses. The value MUST be limited to the range from `0x00000000` to `0x0000000A`, inclusive.")] UInt32 RemoteIPv6RankBoost;
-    [Write, Description("Specifies the maximum number of single object replication operations that may be queued at any given time by the DNS server. The value MUST be limited to the range from `0x00000000` to `0x000F4240`, inclusive. If the value is `0x00000000` the DNS server MUST NOT enforce an upper bound on the number of single object replication operations queued at any given time.")] UInt32 MaximumRodcRsoQueueLength;
-    [Write, Description("Specifies the maximum number of queued single object replication operations that should be attempted during each five minute interval of DNS server operation. The value MUST be limited to the range from `0x00000001` to `0x000F4240`, inclusive.")] UInt32 MaximumRodcRsoAttemptsPerCycle;
-    [Write, Description("Specifies the maximum number of resource records that the DNS server will accept in a single DNS update request. The value SHOULD be limited to the range from `0x0000000A` to `0x00000078`, inclusive, but it MAY be any value.")] UInt32 MaxResourceRecordsInNonSecureUpdate;
+    [Write, Description("Specifies possible settings for automatic delegation creation for new zones on the DNS server. The value SHOULD be limited to the range from 0 to 2 (0x00000000 to 0x00000002), inclusive, but it MAY be any value.")] UInt32 AutoCreateDelegation;
+    [Write, Description("Specifies the value to add to all IPv4 addresses for remote DNS servers when selecting between IPv4 and IPv6 remote DNS server addresses. The value MUST be limited to the range from 0 to 10 (0x00000000 to 0x0000000A), inclusive.")] UInt32 RemoteIPv4RankBoost;
+    [Write, Description("Specifies the value to add to all IPv6 addresses for remote DNS servers when selecting between IPv4 and IPv6 remote DNS server addresses. The value MUST be limited to the range from 0 to 10 (0x00000000 to 0x0000000A), inclusive.")] UInt32 RemoteIPv6RankBoost;
+    [Write, Description("Specifies the maximum number of single object replication operations that may be queued at any given time by the DNS server. The value MUST be limited to the range from 0 to 1000000 (0x00000000 to 0x000F4240), inclusive. If the value is 0x00000000 the DNS server MUST NOT enforce an upper bound on the number of single object replication operations queued at any given time.")] UInt32 MaximumRodcRsoQueueLength;
+    [Write, Description("Specifies the maximum number of queued single object replication operations that should be attempted during each five minute interval of DNS server operation. The value MUST be limited to the range from 1 to 1000000 (0x00000001 to 0x000F4240), inclusive.")] UInt32 MaximumRodcRsoAttemptsPerCycle;
+    [Write, Description("Specifies the maximum number of resource records that the DNS server will accept in a single DNS update request. The value SHOULD be limited to the range from 10 to 120 (0x0000000A to 0x00000078), inclusive, but it MAY be any value.")] UInt32 MaxResourceRecordsInNonSecureUpdate;
     [Write, Description("Specifies the value which specifies the network mask the DNS server will use to sort IPv4 addresses. A value of `0xFFFFFFFF` indicates that the DNS server MUST use traditional IPv4 network mask for the address. Any other value is a network mask, in host byte order that the DNS server MUST use to retrieve network masks from IP addresses for sorting purposes.")] UInt32 LocalNetPriorityMask;
-    [Write, Description("Specifies the maximum TCP packet size, in bytes, that the DNS server can accept. The value MUST be limited to the range from `0x00004000` to `0x00010000`, inclusive.")] UInt32 TcpReceivePacketSize;
+    [Write, Description("Specifies the maximum TCP packet size, in bytes, that the DNS server can accept. The value MUST be limited to the range from 16384 to 65536 (0x00004000 to 0x00010000), inclusive.")] UInt32 TcpReceivePacketSize;
     [Write, Description("Specifies the mask value indicating whether data consistency checking should be performed once, each time the service starts. If the check fails, the server posts an event log warning. If the least significant bit (regardless of other bits) of this value is one, the DNS server will verify for each active and update-allowing primary zone, that the IP address records are present in the zone for the zone's SOA record's master server. If the least significant bit (regardless of other bits) of this value is zero, no data consistency checking will be performed.")] UInt32 SelfTest;
-    [Write, Description("Specifies the multiple used to determine how long the DNS server should refuse zone transfer requests after a successful zone transfer has been completed. The total time for which a zone will refuse another zone transfer request at the end of a successful zone transfer is computed as this value multiplied by the number of seconds required for the zone transfer that just completed. The server SHOULD refuse zone transfer requests for no more than ten minutes. The value SHOULD be limited to the range from `0x00000000` to `0x00000064`, inclusive, but it MAY be any value.")] UInt32 XfrThrottleMultiplier;
+    [Write, Description("Specifies the multiple used to determine how long the DNS server should refuse zone transfer requests after a successful zone transfer has been completed. The total time for which a zone will refuse another zone transfer request at the end of a successful zone transfer is computed as this value multiplied by the number of seconds required for the zone transfer that just completed. The server SHOULD refuse zone transfer requests for no more than ten minutes. The value SHOULD be limited to the range from 0 to 100 (0x00000000 to 0x00000064), inclusive, but it MAY be any value.")] UInt32 XfrThrottleMultiplier;
     [Write, Description("Specifies the number of UDP sockets per address family that the DNS server will use for sending remote queries.")] UInt32 SocketPoolSize;
     [Write, Description("Specifies the minimum time interval, in seconds, starting when the server begins waiting for the query to arrive on the network, after which the server MAY log a debug message indicating that the server is to stop running. If the value is zero or is less than the value of **QuietRecvLogInterval*, then the value of **QuietRecvLogInterval** MUST be used. If the value is greater than or equal to the value of **QuietRecvLogInterval**, then the literal value of **QuietRecvFaultInterval** MUST be used. Used to debug reception of UDP traffic for a recursive query.")] UInt32 QuietRecvFaultInterval;
     [Write, Description("Specifies the minimum time interval, in seconds, starting when the server begins waiting for the query to arrive on the network, or when the server logs an eponymous debug message for the query, after which the server MUST log a debug message indicating that the server is still waiting to receive network traffic. If the value is zero, logging associated with the two **QuietRecv** properties MUST be disabled, and the **QuietRecvFaultInterval** property MUST be ignored. If the value is non-zero, logging associated with the two **QuietRecv** properties MUST be enabled, and the **QuietRecvFaultInterval** property MUST NOT be ignored. Used to debug reception of UDP traffic for a recursive query.")] UInt32 QuietRecvLogInterval;
-    [Write, Description("Specifies the conditions under which the DNS server should immediately commit uncommitted zone serial numbers to persistent storage. The value SHOULD be limited to the range from `0x00000000` to `0x00000004`, inclusive, but it MAY be any value.")] UInt32 SyncDsZoneSerial;
+    [Write, Description("Specifies the conditions under which the DNS server should immediately commit uncommitted zone serial numbers to persistent storage. The value SHOULD be limited to the range from 0 to 4 (0x00000000 to 0x00000004), inclusive, but it MAY be any value.")] UInt32 SyncDsZoneSerial;
     [Write, Description("Specifies the extension mechanism for the DNS (ENDS0) scope setting on the DNS server.")] UInt32 ScopeOptionValue;
     [Write, Description("Specifies the virtualization instance option to be sent in ENDS0.")] UInt32 VirtualizationInstanceOptionValue;
     [Write, Description("Specifies the path of a custom plug-in. When DllPath specifies the fully qualified path name of a valid DNS server plug-in, the DNS server calls functions in the plug-in to resolve name queries that are outside the scope of all locally hosted zones. If a queried name is out of the scope of the plug-in, the DNS server performs name resolution using forwarding or recursion, as configured. If DllPath is not specified, the DNS server ceases to use a custom plug-in if a custom plug-in was previously configured.")] String ServerLevelPluginDll;
     [Write, Description("Specifies the URL of the root trust anchor on the DNS server.")] String RootTrustAnchorsURL;
     [Write, Description("Specifies the port ranges that should be excluded.")] String SocketPoolExcludedPortRanges[];
-    [Write, Description("Specifies the time span that must elapse before the DNS server will re-query DNS servers of the parent zone when a lame delegation is encountered. The value SHOULD be limited to the range from `0x00000000` to `0x00278D00` 30 days, inclusive, but it MAY be any value.")] String LameDelegationTTL;
+    [Write, Description("Specifies the time span that must elapse before the DNS server will re-query DNS servers of the parent zone when a lame delegation is encountered. The value SHOULD be limited to the range from 0 to 2592000 (0x00000000 to 0x00278D00, 30 days), inclusive, but it MAY be any value.")] String LameDelegationTTL;
     [Write, Description("Specifies the maximum period between zone scans to update DnsSec signatures for resource records.")] String MaximumSignatureScanPeriod;
     [Write, Description("Specifies the maximum value for the active refresh interval for a trust anchor. Must not be higher than 15 days.")] String MaximumTrustAnchorActiveRefreshInterval;
     [Write, Description("Specifies the zone write back interval for file backed zones.")] String ZoneWritebackInterval;
+    [Write, Description("Specifies the maximum UDP packet size, in bytes, that the DNS server can accept. The value MUST be limited to the range from 512 to 16384 (0x00000200 to 0x00004000), inclusive. If the value is updated, the DNS Server service will be restarted. This value can only be set if the DnsServer parameter is set to 'localhost'.")] UInt32 MaximumUdpPacketSize;
     [Read, Description("Returns `$true` if the DNS server has Active Directory integrated DNS enabled; otherwise, `$false`.")] Boolean DsAvailable;
     [Read, Description("Returns the major version of the OS of the DNS server.")] UInt32 MajorVersion;
     [Read, Description("Returns the minor version of the OS of the DNS server.")] UInt32 MinorVersion;
@@ -75,5 +76,4 @@ class DSC_DnsServerSetting : OMI_BaseResource
     [Read, Description("Returns all of the IP addresses managed by the DNS server.")] String AllIPAddress[];
     [Read, Description("Returns the application directory partition for the forest the DNS server belongs to. Applicable only for active directory integrated DNS server.")] String ForestDirectoryPartitionBaseName;
     [Read, Description("Returns the application directory partition for the domain the DNS server belongs to. Applicable only for active directory integrated DNS server.")] String DomainDirectoryPartitionBaseName;
-    [Read, Description("Returns the maximum UDP packet size, in bytes, that the DNS server can accept.")] UInt32 MaximumUdpPacketSize;
 };

source/DSCResources/DSC_DnsServerSetting/DSC_DnsServerSetting.schema.mof

@@ -11,6 +11,10 @@ at the target node and the necessary network traffic is permitted (_WsMan_
 protocol). It is possible to run the resource with specific credentials using the
 built-in parameter **PsDscRunAsCredential**.
 
+The parameter **MaximumUdpPacketSize** can only be set when **DnsServer**
+is set to `'localhost'`, and after it is changed the DNS Server service will be
+restarted to make the setting effective - this may cause a short about of downtime.
+
 Please see [DnsServerSetting class](https://docs.microsoft.com/en-us/previous-versions/windows/desktop/dnsserverpsprov/dnsserversetting)
 for more information around the properties this resource supports.
 

source/DSCResources/DSC_DnsServerSetting/README.md

@@ -6,4 +6,7 @@ ConvertFrom-StringData @'
     PropertyInDesiredState       = The property '{0}' is already in desired state. (DSS0004)
     SettingsInDesiredState       = The DNS Server settings are in desired state. (DSS0005)
     UnableToParseTimeSpan        = Could not parse the value '{0}' of the property '{1}'. (DSS0006)
+    RegistryPathDoesNotExist     = The registry path '{0}' does not exist. (DSS0007)
+    MaximumUdpPacketSizeRemote   = Setting MaximumUdpPacketSize on a remote server ('{0}') is not supported. Please apply this change manually. (DSS0008)
+    RestartingDNSServer          = Restarting the DNS Server service to apply the '{0}' parameter change. (DSS0009)
 '@

source/DSCResources/DSC_DnsServerSetting/en-US/DSC_DnsServerSetting.strings.psd1

@@ -114,6 +114,7 @@ Configuration DnsServerSetting_CurrentNode_Config
             MaximumSignatureScanPeriod              = '2.00:00:00'
             MaximumTrustAnchorActiveRefreshInterval = '15.00:00:00'
             ZoneWritebackInterval                   = '00:01:00'
+            MaximumUdpPacketSize                    = 1224
         }
     }
 }

source/Examples/Resources/DnsServerSetting/1-DnsServerSetting_CurrentNode_Config.ps1

@@ -114,6 +114,7 @@ Configuration DnsServerSetting_RemoteNode_Config
             MaximumSignatureScanPeriod              = '2.00:00:00'
             MaximumTrustAnchorActiveRefreshInterval = '15.00:00:00'
             ZoneWritebackInterval                   = '00:01:00'
+            MaximumUdpPacketSize                    = 1224
         }
     }
 }