From ece095c17ada9fcc6946503d776838f08b7ac8bc Mon Sep 17 00:00:00 2001 From: Ryan Bolger Date: Thu, 4 Apr 2019 13:37:44 -0700 Subject: [PATCH] added ZoneScope support to Windows plugin (#134) --- Posh-ACME/DnsPlugins/Windows.ps1 | 36 ++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/Posh-ACME/DnsPlugins/Windows.ps1 b/Posh-ACME/DnsPlugins/Windows.ps1 index 3acf96b2..eccf081c 100644 --- a/Posh-ACME/DnsPlugins/Windows.ps1 +++ b/Posh-ACME/DnsPlugins/Windows.ps1 @@ -12,6 +12,7 @@ function Add-DnsTxtWindows { [Parameter(Position=3)] [pscredential]$WinCred, [switch]$WinUseSSL, + [string]$WinZoneScope, [Parameter(ValueFromRemainingArguments)] $ExtraParams ) @@ -30,12 +31,22 @@ function Add-DnsTxtWindows { # separate the portion of the name that doesn't contain the zone name $recShort = $RecordName.Replace(".$ZoneName",'') - $recs = @($zone | Get-DnsServerResourceRecord -Name $recShort -RRType Txt @dnsParams -EA SilentlyContinue) + # check for zone scope usage + $zoneScope = @{} + if (-not [String]::IsNullOrWhiteSpace($WinZoneScope)) { + if ('ZoneScope' -notin (Get-Command Get-DnsServerResourceRecord).Parameters.Keys) { + throw "ZoneScope is not supported in the version of the DnsServer module currently installed." + } else { + $zoneScope.ZoneScope = $WinZoneScope + } + } + + $recs = @($zone | Get-DnsServerResourceRecord -Name $recShort -RRType Txt @dnsParams @zoneScope -EA SilentlyContinue) if ($recs.Count -eq 0 -or $TxtValue -notin $recs.RecordData.DescriptiveText) { # create new Write-Verbose "Adding a TXT record for $RecordName with value $TxtValue" - $zone | Add-DnsServerResourceRecord -Txt -Name $recShort -DescriptiveText $TxtValue -TimeToLive 00:00:10 @dnsParams + $zone | Add-DnsServerResourceRecord -Txt -Name $recShort -DescriptiveText $TxtValue -TimeToLive 00:00:10 @dnsParams @zoneScope } else { # nothing to do Write-Debug "Record $RecordName already contains $TxtValue. Nothing to do." @@ -63,6 +74,9 @@ function Add-DnsTxtWindows { .PARAMETER WinUseSSL Forces the PowerShell remoting session to run over HTTPS. Requires the server have a valid certificate that is installed and trusted by the client or added to the client's TrustedHosts list. This is primarily used when connecting to a non-domain joined DNS server. + .PARAMETER WinZoneScope + The name of the zone scope to modify. This is generally only necessary in split-brain DNS configurations where the default scope is not external facing. + .PARAMETER ExtraParams This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports. @@ -90,6 +104,7 @@ function Remove-DnsTxtWindows { [Parameter(Position=3)] [pscredential]$WinCred, [switch]$WinUseSSL, + [string]$WinZoneScope, [Parameter(ValueFromRemainingArguments)] $ExtraParams ) @@ -108,13 +123,23 @@ function Remove-DnsTxtWindows { # separate the portion of the name that doesn't contain the zone name $recShort = $RecordName.Replace(".$ZoneName",'') - $recs = @($zone | Get-DnsServerResourceRecord -Name $recShort -RRType Txt @dnsParams -EA SilentlyContinue) + # check for zone scope usage + $zoneScope = @{} + if (-not [String]::IsNullOrWhiteSpace($WinZoneScope)) { + if ('ZoneScope' -notin (Get-Command Get-DnsServerResourceRecord).Parameters.Keys) { + throw "ZoneScope is not supported in the version of the DnsServer module currently installed." + } else { + $zoneScope.ZoneScope = $WinZoneScope + } + } + + $recs = @($zone | Get-DnsServerResourceRecord -Name $recShort -RRType Txt @dnsParams @zoneScope -EA SilentlyContinue) if ($recs.Count -gt 0 -and $TxtValue -in $recs.RecordData.DescriptiveText) { # remove the record that has the right value $toDelete = $recs | Where-Object { $_.RecordData.DescriptiveText -eq $TxtValue } Write-Verbose "Deleting $RecordName with value $TxtValue" - $zone | Remove-DnsServerResourceRecord -InputObject $toDelete -Force @dnsParams + $zone | Remove-DnsServerResourceRecord -InputObject $toDelete -Force @dnsParams @zoneScope } else { # nothing to do Write-Debug "Record $RecordName with value $TxtValue doesn't exist. Nothing to do." @@ -142,6 +167,9 @@ function Remove-DnsTxtWindows { .PARAMETER WinUseSSL Forces the PowerShell remoting session to run over HTTPS. Requires the server have a valid certificate that is installed and trusted by the client or added to the client's TrustedHosts list. This is primarily used when connecting to a non-domain joined DNS server. + .PARAMETER WinZoneScope + The name of the zone scope to modify. This is generally only necessary in split-brain DNS configurations where the default scope is not external facing. + .PARAMETER ExtraParams This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.