DnsServerDnsSecZoneSetting class

Represents Domain Name System Security Extensions (DNSSEC) settings for a DNS zone.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

[ClassVersion("1.0.0"), dynamic, provider("DnsServerPSProvider"), AMENDMENT]
class DnsServerDnsSecZoneSetting
{
  String   ZoneName;
  String   DenialOfExistence;
  String   NSec3HashAlgorithm;
  Uint16   NSec3Iterations;
  boolean  NSec3OptOut;
  Uint8    NSec3RandomSaltLength;
  String   NSec3UserSalt;
  String   DistributeTrustAnchor[];
  boolean  EnableRfc5011KeyRollover;
  String   DSRecordGenerationAlgorithm[];
  datetime DSRecordSetTtl;
  datetime DnsKeyRecordSetTtl;
  datetime SignatureInceptionOffset;
  datetime SecureDelegationPollingPeriod;
  datetime PropagationTime;
  boolean  ParentHasSecureDelegation;
  boolean  IsKeyMasterServer;
  String   KeyMasterServer;
  String   KeyMasterStatus;
  boolean  IsSigned;
  String   NSec3CurrentSalt;
  String   CurrentRollingSkdGuid;
};

Members

The DnsServerDnsSecZoneSetting class has these types of members:

Properties

The DnsServerDnsSecZoneSetting class has these properties.

CurrentRollingSkdGuid
Data type: String
Access type: Read-only

The GUID of the currently rolling SKD.

Windows Server 2012:  This property is supported beginning with Windows Server 2012 R2.

DenialOfExistence
Data type: String
Access type: Read/write

The setting used by the DNS server to provide signed proof of an unregistered name in the DNS database.

The possible values are.

NSEC ("NSEC")

NSEC3 ("NSEC3")

DistributeTrustAnchor
Data type: String array
Access type: Read/write

An array that contains the types of trust anchors to publish when the DNS zone is signed.

The possible values are.

None ("None")

DnsKey ("DnsKey")

DnsKeyRecordSetTtl
Data type: datetime
Access type: Read/write

The time-to-live (TTL) value assigned to DNSKEY records when the DNS zone is signed.

DSRecordGenerationAlgorithm
Data type: String array
Access type: Read/write

An array that contains strings that indicate the algorithms to use to write the dsset file when the DNS zone is signed.

The possible values are.

None ("None")

Sha1 ("Sha1")

Sha256 ("Sha256")

Sha384 ("Sha384")

DSRecordSetTtl
Data type: datetime
Access type: Read/write

The time-to-live (TTL) value assigned to DS records when the DNS zone is signed.

EnableRfc5011KeyRollover
Data type: boolean
Access type: Read/write

Indicates whether to maintain the DNS zone using key rollover procedures defined in RFC 5011.

IsKeyMasterServer
Data type: boolean
Access type: Read-only

If the current server is the key master server for the current zone.

IsSigned
Data type: boolean
Access type: Read-only

True if the current zone is signed; otherwise, false.

Windows Server 2012:  This property is supported beginning with Windows Server 2012 R2.

KeyMasterServer
Data type: String
Access type: Read/write

The name of keymaster server for this zone.

KeyMasterStatus
Data type: String
Access type: Read-only

The status of the key master server for this zone.

The possible values are.

Online ("Online")

Offline ("Offline")

NSec3CurrentSalt
Data type: String
Access type: Read-only

The current NSEC3 salt string used to sign the DNS zone.

Windows Server 2012:  This property is supported beginning with Windows Server 2012 R2.

NSec3HashAlgorithm
Data type: String
Access type: Read/write

The NSEC3 salt string to use to sign the DNS zone.

The possible values are.

Sha1 ("Sha1")

Sha256 ("Sha256")

Sha384 ("Sha384")

NSec3Iterations
Data type: Uint16
Access type: Read/write

The number of NSEC3 hash iterations to perform when the DNS zone is signed.

NSec3OptOut
Data type: boolean
Access type: Read/write

True to sign the DNS zone using NSEC opt-out; otherwise, false.

NSec3RandomSaltLength
Data type: Uint8
Access type: Read/write

The length, in bytes, of the random salt used when the DNS zone is signed.

NSec3UserSalt
Data type: String
Access type: Read/write

The user-specified NSEC3 salt string to use when the DNS zone is signed.

ParentHasSecureDelegation
Data type: boolean
Access type: Read/write

True if the parental delegation to the DNS zone is secure; otherwise, false.

PropagationTime
Data type: datetime
Access type: Read/write

The expected time, in seconds, required to propagate zone changes through Active Directory.

SecureDelegationPollingPeriod
Data type: datetime
Access type: Read/write

The duration, in seconds, between polling attempts for child zone key rollovers.

SignatureInceptionOffset
Data type: datetime
Access type: Read/write

Indicates in seconds, how far in the past DNSSEC signature validity periods should begin when signing the DNS zone.

ZoneName
Data type: String
Access type: Read-only

The name of the zone.

Requirements

Minimum supported client

None supported

Minimum supported server

Windows Server 2012

Namespace

Root\Microsoft\Windows\Dns

MOF

DnsServerPSProvider.mof

DLL

DnsServerPSProvider.dll

See also

DnsServerPSProvider Provider

 

 

Show: