2.2.5.1.6 ZONE_SKD_ROLLOVER_ACTION
The ZONE_SKD_ROLLOVER_ACTION enumeration is a 32-bit integer value that specifies possible key rollover actions for a signing key descriptor. An implementation SHOULD<37> support all values.
|
Constant/value |
Description |
|---|---|
|
DNS_ROLLOVER_ACTION_DEFAULT 0x00000000 |
The server MUST never send this value. The client MUST send this value to indicate that no change to the current key rollover behavior is desired. |
|
DNS_ROLLOVER_ACTION_NORMAL 0x00000001 |
The server will perform a normal key rollover the next time the keys for this signing key descriptor are rolled over. |
|
DNS_ROLLOVER_ACTION_REVOKE_STANDBY 0x00000002 |
The server will revoke the standby key for this signing key descriptor as defined by [RFC5011] the next time the keys for this signing key descriptor are rolled over. This rollover action applies only to signing key descriptors representing key signing keys (those whose fIsKSK property as described in section 2.2.6.2.1 is set to 0x00000001). |
|
DNS_ROLLOVER_ACTION_RETIRE 0x00000003 |
The server will retire this signing key descriptor and remove all signatures associated with it the next time the keys for this signing key descriptor are rolled over. |