共用方式為

2.2.6.2.9 DNS_RPC_ZONE_DNSSEC_SETTINGS

  • 發行項

The DNS_RPC_ZONE_DNSSEC_SETTINGS structure SHOULD<50>  represent the DNSSEC properties of a zone.

 typedef struct _DnssrvRpcZoneDnssecSettings  {
   DWORD dwRpcStructureVersion;
   DWORD dwReserved0;
   DWORD fIsSigned;
   DWORD fSignWithNSEC3;
   DWORD fNSEC3OptOut;
   DWORD dwMaintainTrustAnchor;
   DWORD fParentHasSecureDelegation;
   DWORD dwDSRecordAlgorithms;
   DWORD fRFC5011KeyRollovers;
   BYTE bNSEC3HashAlgorithm;
   BYTE bNSEC3RandomSaltLength;
   WORD wNSEC3IterationCount;
   LPWSTR pwszNSEC3UserSalt;
   DWORD dwDNSKEYRecordSetTtl;
   DWORD dwDSRecordSetTtl;
   DWORD dwSignatureInceptionOffset;
   DWORD dwSecureDelegationPollingPeriod;
   DWORD dwPropagationTime;
   DWORD cbNSEC3CurrentSaltLength;
   PBYTE pbNSEC3CurrentSalt;
   GUID CurrentRollingSKDGuid;
   DWORD dwBufferLength;
   PBYTE pBuffer;
   DWORD dwCount;
   PDNS_RPC_ZONE_SKD pZoneSkdArray[1];
 } DNS_RPC_ZONE_DNSSEC_SETTINGS,
  *PDNS_RPC_ZONE_DNSSEC_SETTINGS;

dwRpcStructureVersion: The structure version number; this MUST be set to 0x00000001.

dwReserved0: MUST be set to zero when sent and MUST be ignored on receipt.

fIsSigned: States whether or not the zone is signed.

fSignWithNSEC3: States whether the zone has NSEC3 Authenticated Denial of Existence support.

fNSEC3OptOut: States whether the zone has unsecure delegations.

dwMaintainTrustAnchor: States whether Trust Anchors are maintained for this zone.

fParentHasSecureDelegation: Delegation Status (Secure\UnSecure) for this zone from the parent.

dwDSRecordAlgorithms: Algorithms used for generating a hash of the DNSKEY record.

fRFC5011KeyRollovers: 5011 rollover status (Enabled\Disabled) for this zone.

bNSEC3HashAlgorithm: Algorithm used for generating NSEC3 hash (see [RFC5155] section 5).

bNSEC3RandomSaltLength: Length of Salt used in generating NSEC3 records for this zone (see [RFC5155] section 5).

wNSEC3IterationCount: Iteration count for generating NSEC3 records for this zone (see [RFC5155] section 5).

pwszNSEC3UserSalt: User defined salt used for generating NSEC3 records for this zone (see [RFC5155] section 5).

dwDNSKEYRecordSetTtl: Time-to-live (TTL) for the DNSKEY resource record.

dwDSRecordSetTtl: TTL for the DS Resource Record.

dwSignatureInceptionOffset: Time in seconds for Inception of Signatures for RRSIGs as defined in [RFC4034] section 3.1.5.

dwSecureDelegationPollingPeriod: The interval, in seconds, to refresh the set of delegation signer (DS) records in a secure delegation.

dwPropagationTime: The time, in seconds, that it takes for zone data changes to propagate to other copies of the zone.

cbNSEC3CurrentSaltLength: Length of the Current User salt for building an NSEC3 chain of zone records.

pbNSEC3CurrentSalt: Pointer to the pwszNSEC3UserSalt for building an NSEC3 chain of zone records.

CurrentRollingSKDGuid: Unique identifier of a rolling SKD of a zone, if any.

pdwBufferLength: A pointer to an integer that on success contains the length of the buffer pointed to by ppBuffer.

ppBuffer: A pointer to a pointer that points to a buffer containing the enumerated records. The buffer is a series of structures beginning with a DNS_RPC_NODE structure (section 2.2.2.2.3). The records for the node will be represented by a series of DNS_RPC_RECORD structures (section 2.2.2.2.5). The number of DNS_RPC_RECORD structures following a DNS_RPC_NODE structure is given by the wRecordCount member of DNS_RPC_NODE.

dwCount: The number of signing key descriptors present in the array of signing key descriptors pointed to by SkdArray.

pZoneSkdArray: A list of SKDs for a zone. This is the array of the DNS_RPC_ZONE_SKD structure.