DnsServerDnsSecZoneSetting class
Represents Domain Name System Security Extensions (DNSSEC) settings for a DNS zone.
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.
[ClassVersion("1.0.0"), dynamic, provider("DnsServerPSProvider"), AMENDMENT]
class DnsServerDnsSecZoneSetting
{
String ZoneName;
String DenialOfExistence;
String NSec3HashAlgorithm;
Uint16 NSec3Iterations;
boolean NSec3OptOut;
Uint8 NSec3RandomSaltLength;
String NSec3UserSalt;
String DistributeTrustAnchor[];
boolean EnableRfc5011KeyRollover;
String DSRecordGenerationAlgorithm[];
datetime DSRecordSetTtl;
datetime DnsKeyRecordSetTtl;
datetime SignatureInceptionOffset;
datetime SecureDelegationPollingPeriod;
datetime PropagationTime;
boolean ParentHasSecureDelegation;
boolean IsKeyMasterServer;
String KeyMasterServer;
String KeyMasterStatus;
boolean IsSigned;
String NSec3CurrentSalt;
String CurrentRollingSkdGuid;
};
The DnsServerDnsSecZoneSetting class has these types of members:
The DnsServerDnsSecZoneSetting class has these properties.
-
CurrentRollingSkdGuid
-
-
Data type: String
-
Access type: Read-only
The GUID of the currently rolling SKD.
Windows Server 2012: This property is supported beginning with Windows Server 2012 R2.
-
-
DenialOfExistence
-
-
Data type: String
-
Access type: Read/write
The setting used by the DNS server to provide signed proof of an unregistered name in the DNS database.
The possible values are.
-
-
NSEC ("NSEC")
-
NSEC3 ("NSEC3")
DistributeTrustAnchor
-
Data type: String array
-
Access type: Read/write
An array that contains the types of trust anchors to publish when the DNS zone is signed.
The possible values are.
None ("None")
DnsKey ("DnsKey")
DnsKeyRecordSetTtl
-
Data type: datetime
-
Access type: Read/write
The time-to-live (TTL) value assigned to DNSKEY records when the DNS zone is signed.
DSRecordGenerationAlgorithm
-
Data type: String array
-
Access type: Read/write
An array that contains strings that indicate the algorithms to use to write the dsset file when the DNS zone is signed.
The possible values are.
None ("None")
Sha1 ("Sha1")
Sha256 ("Sha256")
Sha384 ("Sha384")
DSRecordSetTtl
-
Data type: datetime
-
Access type: Read/write
The time-to-live (TTL) value assigned to DS records when the DNS zone is signed.
EnableRfc5011KeyRollover
-
Data type: boolean
-
Access type: Read/write
Indicates whether to maintain the DNS zone using key rollover procedures defined in RFC 5011.
IsKeyMasterServer
-
Data type: boolean
-
Access type: Read-only
If the current server is the key master server for the current zone.
IsSigned
-
Data type: boolean
-
Access type: Read-only
True if the current zone is signed; otherwise, false.
Windows Server 2012: This property is supported beginning with Windows Server 2012 R2.
KeyMasterServer
-
Data type: String
-
Access type: Read/write
The name of keymaster server for this zone.
KeyMasterStatus
-
Data type: String
-
Access type: Read-only
The status of the key master server for this zone.
The possible values are.
Online ("Online")
Offline ("Offline")
NSec3CurrentSalt
-
Data type: String
-
Access type: Read-only
The current NSEC3 salt string used to sign the DNS zone.
Windows Server 2012: This property is supported beginning with Windows Server 2012 R2.
NSec3HashAlgorithm
-
Data type: String
-
Access type: Read/write
The NSEC3 salt string to use to sign the DNS zone.
The possible values are.
Sha1 ("Sha1")
Sha256 ("Sha256")
Sha384 ("Sha384")
NSec3Iterations
-
Data type: Uint16
-
Access type: Read/write
The number of NSEC3 hash iterations to perform when the DNS zone is signed.
NSec3OptOut
-
Data type: boolean
-
Access type: Read/write
True to sign the DNS zone using NSEC opt-out; otherwise, false.
NSec3RandomSaltLength
-
Data type: Uint8
-
Access type: Read/write
The length, in bytes, of the random salt used when the DNS zone is signed.
NSec3UserSalt
-
Data type: String
-
Access type: Read/write
The user-specified NSEC3 salt string to use when the DNS zone is signed.
ParentHasSecureDelegation
-
Data type: boolean
-
Access type: Read/write
True if the parental delegation to the DNS zone is secure; otherwise, false.
PropagationTime
-
Data type: datetime
-
Access type: Read/write
The expected time, in seconds, required to propagate zone changes through Active Directory.
SecureDelegationPollingPeriod
-
Data type: datetime
-
Access type: Read/write
The duration, in seconds, between polling attempts for child zone key rollovers.
SignatureInceptionOffset
-
Data type: datetime
-
Access type: Read/write
Indicates in seconds, how far in the past DNSSEC signature validity periods should begin when signing the DNS zone.
ZoneName
-
Data type: String
-
Access type: Read-only
The name of the zone.
Minimum supported client |
None supported |
Minimum supported server |
Windows Server 2012 |
Namespace |
Root\Microsoft\Windows\Dns |
MOF |
|
DLL |
|