2.2.2.4 DNSSEC Query IPsec Encryption
Key: Software\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig\{Rule GUID} or System\CurrentControlSet\services\Dnscache\Parameters\DnsPolicyConfig\{Rule GUID}<7>
Value: "DNSSECQueryIPSECEncryption"
Type: REG_DWORD
Size: 32 bits.
Data: This field is a 32-bit value, which MUST contain one of the following values.
Value |
Meaning |
---|---|
0x00000000 |
No encryption (integrity only) necessary when IPsec protection is used for DNSSEC queries. |
0x00000001 |
Low security encryption, which includes DES or AES with key size of 128, 192, or 256 bits, is to be used when IPsec protection is used for DNSSEC queries. |
0x00000002 |
Medium security encryption, which includes AES with key size of 128, 192, or 256 bits, is to be used when IPsec protection is used for DNSSEC queries. |
0x00000003 |
High security encryption, which includes AES with key size of 192 or 256 bits, is to be used when IPsec protection is used for DNSSEC queries. |