DnsServerSigningKey class

Represents a signing key for zone signing and key signing on a DNS server.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

[ClassVersion("1.0.0"), dynamic, provider("DnsServerPSProvider"), AMENDMENT]
class DnsServerSigningKey
{
  String   ZoneName;
  String   KeyId;
  String   KeyType;
  String   CurrentState;
  String   KeyStorageProvider;
  boolean  StoreKeysInAD;
  String   CryptoAlgorithm;
  Uint32   KeyLength;
  datetime DnsKeySignatureValidityPeriod;
  datetime DSSignatureValidityPeriod;
  datetime ZoneSignatureValidityPeriod;
  datetime InitialRolloverOffset;
  datetime RolloverPeriod;
  String   RolloverType;
  String   NextRolloverAction;
  datetime LastRolloverTime;
  datetime NextRolloverTime;
  String   CurrentRolloverStatus;
  String   ActiveKey;
  String   StandbyKey;
  String   NextKey;
};

Members

The DnsServerSigningKey class has these types of members:

Properties

The DnsServerSigningKey class has these properties.

ActiveKey
Data type: String
Access type: Read/write

A pointer string for the active key.

CryptoAlgorithm
Data type: String
Access type: Read/write

The type of DNSSEC signature generation algorithm used by the key.

The possible values are.

RsaSha1 ("RsaSha1")

RsaSha1NSec3 ("RsaSha1NSec3")

RsaSha256 ("RsaSha256")

RsaSha512 ("RsaSha512")

ECDsaP256Sha256 ("ECDsaP256Sha256")

ECDsaP384Sha384 ("ECDsaP384Sha384")

CurrentRolloverStatus
Data type: String
Access type: Read-only

The state of the key.

The possible values are.

NotRolling ("NotRolling")

Queued ("Queued")

RollStarted ("RollStarted")

ZskWaitingForDnsKeyTtl ("ZskWaitingForDnsKeyTtl")

ZskWaitingForMaxZoneTtlKskWaitingForDSUpdate ("ZskWaitingForMaxZoneTtlKskWaitingForDSUpdate")

KskWaitingForDSTtl ("KskWaitingForDSTtl")

KskWaitingForDnsKeyTtl ("KskWaitingForDnsKeyTtl")

WaitingForRFC5011RemoveHoldDown ("WaitingForRFC5011RemoveHoldDown")

RollError ("RollError")

CurrentState
Data type: String
Access type: Read-only

The state of the key.

The possible values are.

Active ("Active")

Retired ("Retired")

DnsKeySignatureValidityPeriod
Data type: datetime
Access type: Read/write

The duration in which the signatures that cover DNSKEY record sets are valid.

DSSignatureValidityPeriod
Data type: datetime
Access type: Read/write

The duration in which the signatures that cover DS record sets are valid.

InitialRolloverOffset
Data type: datetime
Access type: Read/write

The duration for which the first scheduled key rollover is delayed. This allows key rollovers to be staggered.

KeyId
Data type: String
Access type: Read-only

The unique identifier of the key.

KeyLength
Data type: Uint32
Access type: Read/write

The length, in bits, of the key. The length ranges from 1024 to 4096, in 64 bit increments.

KeyStorageProvider
Data type: String
Access type: Read/write

The Key Storage Provider (KSP) used to generate keys.

KeyType
Data type: String
Access type: Read/write

The type of the key.

The possible values are.

ZoneSigningKey ("ZoneSigningKey")

KeySigningKey ("KeySigningKey")

LastRolloverTime
Data type: datetime
Access type: Read-only

The time at which the last rollover event was performed.

NextKey
Data type: String
Access type: Read/write

A pointer string for the next key. This key will be used during the next key rollover event.

NextRolloverAction
Data type: String
Access type: Read/write

The action to take for the next key rollover event.

The possible values are.

Normal ("Normal")

RevokeStandby ("RevokeStandby")

Retire ("Retire")

NextRolloverTime
Data type: datetime
Access type: Read-only

The time at which the next rollover action must take place.

RolloverPeriod
Data type: datetime
Access type: Read/write

The duration between scheduled key rollovers.

RolloverType
Data type: String
Access type: Read-only

The key rollover type.

The possible values are.

DoubleSignature ("DoubleSignature")

Prepublish ("Prepublish")

StandbyKey
Data type: String
Access type: Read/write

A pointer string for the standby key.

StoreKeysInAD
Data type: boolean
Access type: Read/write

true if the key is stored in a zone object in Active Directory; otherwise, false.

ZoneName
Data type: String
Access type: Read-only

The name of the zone to which the key is assigned.

ZoneSignatureValidityPeriod
Data type: datetime
Access type: Read/write

The duration in which the signatures that cover all other record sets are valid.

Requirements

Minimum supported client

None supported

Minimum supported server

Windows Server 2012

Namespace

Root\Microsoft\Windows\Dns

MOF

DnsServerPSProvider.mof

DLL

DnsServerPSProvider.dll

See also

DnsServerPSProvider Provider

 

 

Show: