Add-DnsServerSigningKey

Adds a KSK or ZSK to a signed zone.

Syntax

Add-DnsServerSigningKey
   [-ZoneName] <String>
   [[-Type] <String>]
   [[-CryptoAlgorithm] <String>]
   [-ComputerName <String>]
   [[-KeyLength] <UInt32>]
   [-InitialRolloverOffset <TimeSpan>]
   [-DnsKeySignatureValidityPeriod <TimeSpan>]
   [-DSSignatureValidityPeriod <TimeSpan>]
   [-ZoneSignatureValidityPeriod <TimeSpan>]
   [-RolloverPeriod <TimeSpan>]
   [-ActiveKey <String>]
   [-StandbyKey <String>]
   [-NextKey <String>]
   [-KeyStorageProvider <String>]
   [-StoreKeysInAD <Boolean>]
   [-PassThru]
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Add-DnsServerSigningKey cmdlet adds a Key Signing Key (KSK) or Zone Signing Key (ZSK) key to a Domain Name System (DNS) signed zone.

Examples

Example 1: Add a KSK to a DNS zone

PS C:\> Add-DnsServerSigningKey -ZoneName "corp.contoso.com" -Type "KeySigningKey" -CryptoAlgorithm "RsaSha1NSec3" -KeyLength 2048 -PassThru -Verbose

This command adds a KSK to the DNS signed-zone corp.contoso.com.

Parameters

-ActiveKey

Specifies a signing key pointer string for the KSK's active key.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AsJob

ps_cimcommon_asjob

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSessionhttp://go.microsoft.com/fwlink/p/?LinkId=227967 or Get-CimSessionhttp://go.microsoft.com/fwlink/p/?LinkId=227966 cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ComputerName

Specifies a remote DNS server. You can specify an IP address or any value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name.

Type:String
Aliases:Cn
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CryptoAlgorithm

Specifies a cryptographic algorithm to use for key generation.

Type:String
Accepted values:RsaSha1, RsaSha256, RsaSha512, RsaSha1NSec3, ECDsaP256Sha256, ECDsaP384Sha384
Position:3
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DnsKeySignatureValidityPeriod

Specifies the amount of time that signatures that cover DNSKEY record sets are valid.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DSSignatureValidityPeriod

Specifies the amount of time that signatures that cover DS record sets are valid.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-InitialRolloverOffset

Specifies the amount of time to delay the first scheduled key rollover. You can use InitialRolloverOffset to stagger key rollovers.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-KeyLength

Specifies the bit length of a key.

Type:UInt32
Position:4
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-KeyStorageProvider

Specifies the Key Storage Provider that the DNS server uses to generate keys.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-NextKey

Specifies a signing key pointer string for the next key. The DNS server uses this key during the next key rollover event.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RolloverPeriod

Specifies the amount of time between scheduled key rollovers.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-StandbyKey

Specifies a signing key pointer string for the KSK's standby key.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-StoreKeysInAD

Stores the keys in Active Directory Domain Services (AD DS). This setting applies only to Active Directory-integrated zones when the vendor of KeyStorageProvider is Microsoft.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Type

Specifies whether a key is a KSK or a ZSK.

Type:String
Aliases:KeyType
Accepted values:KeySigningKey, ZoneSigningKey
Position:2
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ZoneName

Specifies the name of the zone in which DNS Security Extensions (DNSSEC) operations are performed.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ZoneSignatureValidityPeriod

Specifies the amount of time that signatures that cover all other record sets are valid.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

Outputs

CimInstance