Add-DnsServerZoneTransferPolicy
Add-DnsServerZoneTransferPolicy
Adds a zone transfer policy to a DNS server.
構文
Parameter Set: InputObject
Add-DnsServerZoneTransferPolicy [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-PassThru] [-ThrottleLimit <Int32> ] [-ZoneName <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]
Parameter Set: Server
Add-DnsServerZoneTransferPolicy [-Name] <String> [[-Action] <String> {DENY | IGNORE} ] [[-Condition] <String> {AND | OR} ] [-CimSession <CimSession[]> ] [-ClientSubnet <String> ] [-ComputerName <String> ] [-Disable] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-InternetProtocol <String> ] [-PassThru] [-ProcessingOrder <UInt32> ] [-ServerInterfaceIP <String> ] [-ThrottleLimit <Int32> ] [-TimeOfDay <String> ] [-TransportProtocol <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]
Parameter Set: Zone
Add-DnsServerZoneTransferPolicy [-Name] <String> [-ZoneName] <String> [[-Action] <String> {DENY | IGNORE} ] [[-Condition] <String> {AND | OR} ] [-CimSession <CimSession[]> ] [-ClientSubnet <String> ] [-ComputerName <String> ] [-Disable] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-InternetProtocol <String> ] [-PassThru] [-ProcessingOrder <UInt32> ] [-ServerInterfaceIP <String> ] [-ThrottleLimit <Int32> ] [-TimeOfDay <String> ] [-TransportProtocol <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]
詳細説明
The Add-DnsServerZoneTransferPolicy cmdlet adds a zone transfer policy to a Domain Name System (DNS) server. A policy determines zone transfers based on criteria that you specify in the policy.
A policy consists of criteria and action.
The criteria are a logical combination of client subnet, server interface IP address, fully qualified domain name (FQDN), Internet Protocol (IPv4/IPv6), transport protocol (UDP/TCP), time of day, and query type.
Specify criteria in the following format:
operator, value01, value02, . . . , operator, value03, value04, . . .
The operator is either EQ or NE. You can specify no more than one of each operator in a criterion.
The policy treats values that follow the EQ operator as multiple assertions which are logically combined (OR'd). The policy treats values that follow the NE operator as multiple assertions which are logically differenced (AND'd).
This cmdlet combines multiple criteria by using the value of the Condition parameter as the logical operator. This parameter takes one of the following values:
-- OR. The policy evaluates criteria as multiple assertions which are logically combined (OR'd).
-- AND. The policy evaluates criteria as multiple assertions which are logically differenced (AND'd).
If a query meets the criteria of a policy, the action is the response that the policy requires. You can specify DENY or IGNORE.
You can create policies for zone transfer at either the server level or the zone level. Server level policies apply on every zone transfer query that occurs on the DNS server. Zone level policies apply only on the queries on a zone hosted on the DNS server. The most common use for zone level policies is to implement blocked or safe lists.
Zone level policies apply to the zone in which you create them. You cannot create a zone level policy without a zone. If you remove a zone, that removal deletes the associated zone level policies.
パラメーター
-Action<String>
Specifies the action to take if a zone transfer matches this policy. このパラメーターに指定できる値は、次のとおりです。
-- DENY. Respond with SERV_FAIL.
-- IGNORE. Do not respond.
Aliases |
none |
必須/オプション |
false |
位置 |
4 |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-CimSession<CimSession[]>
リモート セッションまたはリモート コンピューターでコマンドレットを実行します。コンピューター名またはセッション オブジェクト (New-CimSession コマンドレットや Get-CimSession コマンドレットの出力など) を入力します。既定値は、ローカル コンピューター上の現在のセッションです。
Aliases |
Session |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-ClientSubnet<String>
Specifies the client subnet criterion. For more information, see Add-DnsServerClientSubnet. Specify a criterion in the following format:
operator, value01, value02, . . . , operator, value03, value04, . . .
The operator is either EQ or NE. You can specify no more than one of each operator in a criterion.
The policy treats values that follow the EQ operator as multiple assertions which are logically combined (OR'd). The policy treats values that follow the NE operator as multiple assertions which are logically differenced (AND'd). The criterion is satisfied if the subnet of the zone transfer matches one of the EQ values and does not match any of the NE values.
Example criterion: "EQ,NorthAmerica,Asia,NE,Europe"
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-ComputerName<String>
Specifies a remote DNS server. You can specify an IP address or any value that resolves to an IP address, such as an FQDN, host name, or NETBIOS name.
Aliases |
Cn |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-Condition<String>
Specifies how the policy treats multiple criteria. このパラメーターに指定できる値は、次のとおりです。
-- OR. The policy evaluates criteria as multiple assertions which are logically combined (OR'd).
-- AND. The policy evaluates criteria as multiple assertions which are logically differenced (AND'd).
The default value is AND.
Aliases |
none |
必須/オプション |
false |
位置 |
5 |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-Disable
Indicates that this cmdlet disables the policy. If you do not specify this parameter, the cmdlet creates the policy and enables it.
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-InformationAction<System.Management.Automation.ActionPreference>
Aliases |
infa |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-InformationVariable<System.String>
Aliases |
iv |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-InternetProtocol<String>
Specifies the Internet Protocol criterion. Valid values are: IPv4 and IPv6. Specify a criterion in the following format:
operator, value01, value02, . . . , operator, value03, value04, . . .
The operator is either EQ or NE. You can specify no more than one of each operator in a criterion.
The policy treats values that follow the EQ operator as multiple assertions which are logically combined (OR'd). The policy treats values that follow the NE operator as multiple assertions which are logically differenced (AND'd). The criterion is satisfied if the IP address of the zone transfer matches one of the EQ values and does not match any of the NE values.
Example criteria: "EQ,IPv4"
and "EQ,IPv6"
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-Name<String>
Specifies a name for the new policy.
Aliases |
none |
必須/オプション |
true |
位置 |
2 |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-PassThru
作業中の項目を表すオブジェクトを返します。既定では、このコマンドレットから出力は生成されません。
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-ProcessingOrder<UInt32>
Specifies the precedence of the policy. Higher integer values have lower precedence. By default, this cmdlet adds a new policy as the lowest precedence.
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-ServerInterfaceIP<String>
Specifies the IP address of the server interface on which the DNS server listens. Specify a criterion in the following format:
operator, value01, value02, . . . , operator, value03, value04, . . .
The operator is either EQ or NE. You can specify no more than one of each operator in the criterion.
The policy treats values the follow the EQ operator as multiple assertions which are logically combined (OR'd). The policy treats values that follow the NE operator as multiple assertions which are logically differenced (AND'd). The criterion is satisfied if the IP address of the interface matches one of the EQ values and does not match any of the NE values.
Example criteria: "EQ,10.0.0.1"
and "NE,192.168.1.1"
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-ThrottleLimit<Int32>
コマンドレットを実行する際に確立できる同時実行操作の最大数を指定します。このパラメーターを省略するか、値 0
を入力した場合、コンピューター上で実行されている CIM コマンドレットの数に基づいて、コマンドレットに最適なスロットル制限が Windows PowerShell® によって計算されます。スロットル制限は、セッションやコンピューターではなく、現在のコマンドレットにのみ適用されます。
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-TimeOfDay<String>
Specifies the time of day criterion. Specify a criterion in the following format:
operator, value01, value02, . . . , operator, value03, value04, . . .
The operator is either EQ or NE. You can specify no more than one of each operator in the criterion.
The policy treats values the follow the EQ operator as multiple assertions which are logically combined (OR'd). The policy treats values that follow the NE operator as multiple assertions which are logically differenced (AND'd). The criterion is satisfied if the time of day of the zone transfer matches one of the EQ values and does not match any of the NE values.
Example criterion: "EQ,10:00-12:00,22:00-23:00"
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-TransportProtocol<String>
Specifies the transport protocol criterion. Valid values are: TCP and UDP. Specify a criterion in the following format:
operator, value01, value02, . . . , operator, value03, value04, . . .
The operator is either EQ or NE. You can specify no more than one of each operator in the string.
The policy treats values the follow the EQ operator as multiple assertions which are logically combined (OR'd). The policy treats values that follow the NE operator as multiple assertions which are logically differenced (AND'd). The criterion is satisfied if the transport protocol of the zone transfer matches one of the EQ values and does not match any of the NE values.
Example criterion: "EQ,TCP,NE,UDP"
Aliases |
none |
必須/オプション |
false |
位置 |
named |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-ZoneName<String>
Specifies the name of a DNS zone on which this cmdlet creates a zone level policy. The zone must exist on the DNS server.
Aliases |
none |
必須/オプション |
true |
位置 |
3 |
既定値 |
none |
パイプライン入力の受け入れ |
true(ByPropertyName) |
ワイルドカード文字の受け入れ |
false |
-Confirm
コマンドレットを実行する前に確認メッセージを表示します。
必須/オプション |
false |
位置 |
named |
既定値 |
false |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
-WhatIf
コマンドレットが実行された場合に何が起きるのかを示します。コマンドレットは実行されません。
必須/オプション |
false |
位置 |
named |
既定値 |
false |
パイプライン入力の受け入れ |
false |
ワイルドカード文字の受け入れ |
false |
<CommonParameters>
このコマンドレットは共通のパラメーターをサポートしています(-Verbose、-Debug、-ErrorAction、-ErrorVariable、-OutBuffer、および -OutVariable)。詳細については、TechNet の「 「about_CommonParameters」 (https://go.microsoft.com/fwlink/p/?LinkID=113216) を参照してください。
<WorkflowParameters>
入力
入力型は、コマンドレットにパイプできるオブジェクトの型です。
出力
出力型は、コマンドレットが出力するオブジェクトの型です。
- Microsoft.Management.Infrastructure.CimInstance#DnsServerPolicy
使用例
Example 1: Create a server level zone transfer policy
The first command creates a client subnet named AllowedSubnet by using the Add-DnsServerClientSubnet cmdlet. That subnet includes the specified IP subnet.
The second command creates a zone transfer policy that disallows all customers that do not belong to the AllowedSubnet subnet. This policy is a server level policy, and, so, it applies on all the zones on the server.
PS C:\> Add-DnsServerClientSubnet -Name "AllowedSubnet" -IPv4Subnet 172.21.33.0/24 -PassThru
PS C:\> Add-DnsServerZoneTransferPolicy -Name "NorthAmericaPolicy" -Action IGNORE -ClientSubnet "ne,AllowedSubnet" -PassThru | Format-List *
Example 2: Disallow zone transfers by server interface
This command creates a zone transfer policy that disallows all zone transfer queries that do not arrive on server interface 10.0.0.33.
PS C:\> Add-DnsServerZoneTransferPolicy -Name "InternalTransfers" -Action IGNORE -ServerInterfaceIP "ne,10.0.0.33" -PassThru
Example 3: Create a zone level zone transfer policy
This command creates a zone level zone transfer policy for contoso.com.
PS C:\> Add-DnsServerZoneTransferPolicy -Name "InternalTransfers" -Action IGNORE -ServerInterfaceIP "ne,10.0.0.33" -PassThru -ZoneName "contoso.com" | Format-List *
関連項目
Get-DnsServerZoneTransferPolicy
Remove-DnsServerZoneTransferPolicy