DnsServerDnsSecZoneSetting class

Represents Domain Name System Security Extensions (DNSSEC) settings for a DNS zone.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

[ClassVersion("1.0.0"), dynamic, provider("DnsServerPSProvider"), AMENDMENT]
class DnsServerDnsSecZoneSetting
{
  String   ZoneName;
  String   DenialOfExistence;
  String   NSec3HashAlgorithm;
  Uint16   NSec3Iterations;
  boolean  NSec3OptOut;
  Uint8    NSec3RandomSaltLength;
  String   NSec3UserSalt;
  String   DistributeTrustAnchor[];
  boolean  EnableRfc5011KeyRollover;
  String   DSRecordGenerationAlgorithm[];
  datetime DSRecordSetTtl;
  datetime DnsKeyRecordSetTtl;
  datetime SignatureInceptionOffset;
  datetime SecureDelegationPollingPeriod;
  datetime PropagationTime;
  boolean  ParentHasSecureDelegation;
  boolean  IsKeyMasterServer;
  String   KeyMasterServer;
  String   KeyMasterStatus;
  boolean  IsSigned;
  String   NSec3CurrentSalt;
  String   CurrentRollingSkdGuid;
};

Members

The DnsServerDnsSecZoneSetting class has these types of members:

Properties

The DnsServerDnsSecZoneSetting class has these properties.

CurrentRollingSkdGuid

Data type: String

Access type: Read-only

The GUID of the currently rolling SKD.

Windows Server 2012: This property is supported beginning with Windows Server 2012 R2.

DenialOfExistence

Data type: String

Access type: Read/write

The setting used by the DNS server to provide signed proof of an unregistered name in the DNS database.

The possible values are.

NSEC ("NSEC")

NSEC3 ("NSEC3")

DistributeTrustAnchor

Data type: String array

Access type: Read/write

An array that contains the types of trust anchors to publish when the DNS zone is signed.

The possible values are.

None ("None")

DnsKey ("DnsKey")

DnsKeyRecordSetTtl

Data type: datetime

Access type: Read/write

The time-to-live (TTL) value assigned to DNSKEY records when the DNS zone is signed.

DSRecordGenerationAlgorithm

Data type: String array

Access type: Read/write

An array that contains strings that indicate the algorithms to use to write the dsset file when the DNS zone is signed.

The possible values are.

None ("None")

Sha1 ("Sha1")

Sha256 ("Sha256")

Sha384 ("Sha384")

DSRecordSetTtl

Data type: datetime

Access type: Read/write

The time-to-live (TTL) value assigned to DS records when the DNS zone is signed.

EnableRfc5011KeyRollover

Data type: boolean

Access type: Read/write

Indicates whether to maintain the DNS zone using key rollover procedures defined in RFC 5011.

IsKeyMasterServer

Data type: boolean

Access type: Read-only

If the current server is the key master server for the current zone.

IsSigned

Data type: boolean

Access type: Read-only

True if the current zone is signed; otherwise, false.

Windows Server 2012: This property is supported beginning with Windows Server 2012 R2.

KeyMasterServer

Data type: String

Access type: Read/write

The name of keymaster server for this zone.

KeyMasterStatus

Data type: String

Access type: Read-only

The status of the key master server for this zone.

The possible values are.

Online ("Online")

Offline ("Offline")

NSec3CurrentSalt

Data type: String

Access type: Read-only

The current NSEC3 salt string used to sign the DNS zone.

Windows Server 2012: This property is supported beginning with Windows Server 2012 R2.

NSec3HashAlgorithm

Data type: String

Access type: Read/write

The NSEC3 salt string to use to sign the DNS zone.

The possible values are.

Sha1 ("Sha1")

Sha256 ("Sha256")

Sha384 ("Sha384")

NSec3Iterations

Data type: Uint16

Access type: Read/write

The number of NSEC3 hash iterations to perform when the DNS zone is signed.

NSec3OptOut

Data type: boolean

Access type: Read/write

True to sign the DNS zone using NSEC opt-out; otherwise, false.

NSec3RandomSaltLength

Data type: Uint8

Access type: Read/write

The length, in bytes, of the random salt used when the DNS zone is signed.

NSec3UserSalt

Data type: String

Access type: Read/write

The user-specified NSEC3 salt string to use when the DNS zone is signed.

ParentHasSecureDelegation

Data type: boolean

Access type: Read/write

True if the parental delegation to the DNS zone is secure; otherwise, false.

PropagationTime

Data type: datetime

Access type: Read/write

The expected time, in seconds, required to propagate zone changes through Active Directory.

SecureDelegationPollingPeriod

Data type: datetime

Access type: Read/write

The duration, in seconds, between polling attempts for child zone key rollovers.

SignatureInceptionOffset

Data type: datetime

Access type: Read/write

Indicates in seconds, how far in the past DNSSEC signature validity periods should begin when signing the DNS zone.

ZoneName

Data type: String

Access type: Read-only

The name of the zone.

Requirements

Minimum supported client
None supported
Minimum supported server
Windows Server 2012
Namespace
Root\Microsoft\Windows\Dns
MOF
DnsServerPSProvider.mof
DLL
DnsServerPSProvider.dll

See also

DnsServerPSProvider Provider