Export (0) Print
Expand All
Collapse the table of content
Expand the table of content
Expand Minimize

Get-DnsServerDnsSecZoneSetting

Windows Server Technical Preview and Windows 10

Updated: May 4, 2015

Get-DnsServerDnsSecZoneSetting

Gets DNSSEC settings for a zone.

Syntax

Parameter Set: DnsSecSetting
Get-DnsServerDnsSecZoneSetting [-ZoneName] <String[]> [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-ThrottleLimit <Int32> ] [ <CommonParameters>] [ <WorkflowParameters>]

Parameter Set: SigningMetadata
Get-DnsServerDnsSecZoneSetting [-ZoneName] <String[]> -SigningMetadata [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-IncludeKSKMetadata] [-InformationAction <System.Management.Automation.ActionPreference> {SilentlyContinue | Stop | Continue | Inquire | Ignore | Suspend} ] [-InformationVariable <System.String> ] [-ThrottleLimit <Int32> ] [ <CommonParameters>] [ <WorkflowParameters>]




Detailed Description

The Get-DnsServerDnsSecZoneSetting cmdlet gets the Domain Name System Security Extensions (DNSSEC) settings for a zone on a Domain Name System (DNS) server.

If you specify the SigningMetaData parameter, the cmdlet outputs a signing metadata object that contains all the configuration information about the zone signing. You can use this object to import the configuration for zone signing to another server by using the Set-DnsServerDnsSecZoneSetting cmdlet.

Parameters

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.


Aliases

Session

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ComputerName<String>

Specifies a DNS server. If you do not specify this parameter, the command runs on the local system. You can specify an IP address or any value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name.


Aliases

Cn

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-IncludeKSKMetadata

Indicates that the cmdlet includes KSK metadata in the output object. You can import the output object that contains the KSK metadata on another server. If the server that imports the input object requires the Key Master role, the server can seize the Key Master role. If the output object does not contain the KSK metadata, the server that imports the output object cannot seize the key Master Role while retaining the existing keys, and you must resign the whole zone with new keys.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-InformationAction<System.Management.Automation.ActionPreference>

Aliases

infa

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-InformationVariable<System.String>

Aliases

iv

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SigningMetadata

Indicates that the cmdlet includes all signing metadata in the output object.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ZoneName<String[]>

Specifies an array of names of DNS zones.


Aliases

none

Required?

true

Position?

2

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see    about_CommonParameters.

<WorkflowParameters>

This cmdlet supports the following workflow common parameters: -PSParameterCollection, -PSComputerName, -PSCredential, -PSConnectionRetryCount, -PSConnectionRetryIntervalSec, -PSRunningTimeoutSec, -PSElapsedTimeoutSec, -PSPersist, -PSAuthentication, -PSAuthenticationLevel, -PSApplicationName, -PSPort, -PSUseSSL, -PSConfigurationName, -PSConnectionURI, -PSAllowRedirection, -PSSessionOption, -PSCertificateThumbprint, -PSPrivateMetadata, -AsJob, -JobName, and –InputObject. For more information, see    about_WorkflowCommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.Management.Infrastructure.CimInstance#DnsServerDnsSecZoneSetting[]

    The DnsServerDnsSecZoneSetting object contains the following fields:

    -- DenialOfExistence
    -- DistributeTrustAnchor
    -- DnsKeyRecordSetTtl
    -- DSRecordGenerationAlgorithm
    -- DSRecordSetTtl
    -- EnableRfc5011KeyRollover
    -- IsKeyMasterServer
    -- KeyMasterServer
    -- KeyMasterStatus
    -- NSec3HashAlgorithm
    -- NSec3Iterations
    -- NSec3OptOut
    -- NSec3RandomSaltLength
    -- NSec3UserSalt
    -- ParentHasSecureDelegation
    -- PropagationTime
    -- SecureDelegationPollingPeriod
    -- SignatureInceptionOffset
    -- ZoneName

    If you specify the SigningMetadata parameter, the object returned is of type DnsServerZoneSigningMetadata
    {
    DnsServerDnsSecZoneSetting DnsSecZoneSetting
    DnsServerSigningKeyExtendedInformation [] KeyExtendedInformation
    DnsServerResourceRecord[] DnsSecRecords
    }
    DnsServerDnsSecZoneSetting
    {
    -- String ZoneName
    -- Bool DenialOfExistence
    -- Bool NSec3HashAlgorithm
    -- Integer NSec3Iterations
    -- Bool NSec3OptOut
    -- Integer NSec3RandomSaltLength
    -- String NSec3UserSalt
    -- String[] DistributeTrustAnchor
    -- Bool EnableRfc5011KeyRollover
    -- String[] DSRecordGenerationAlgorithm
    -- Bool ParentHasSecureDelegation
    -- DateTime DsRecordSetTtl
    -- DateTime DnsKeyRecordSetTtl
    -- DateTime SignatureInceptionOffset
    -- DateTime SecureDelegationPollingPeriod
    -- DateTime PropogationTime
    -- Bool IsKeyMasterServer
    -- String KeyMasterServer
    -- String KeyMasterStatus
    -- Bool IsSigned
    -- String NSec3CurrentSalt
    -- String CurrentRollingSkdGuid
    }
    DnsServerSigningKeyOpState
    {
    -- Integer CurrentRolloverState
    -- Bool ManualTrigger
    -- Integer PreRollEventFired
    -- TimeSpan NextKeyGenerationTime
    -- DnsServerResourceRecordDnsKey[] RevokedOrSwappedDnsKeys
    -- DnsServerResourceRecordDnsKey[] FinalDnsKeys
    -- Integer ActiveKeyScope
    -- Integer StandbyKeyScope
    -- Integer NextKeyScope
    }
    DnsServerSigningKeyExtendedInformation
    {
    -- DnsServerSigningKey SigningKey
    -- DnsServerSigningKeyOpState SigningKeyOpState
    }


Examples

Example 1: Get DNSSEC settings

This command gets the DNS Security Extensions for the zone named western.contoso.com.


PS C:\> Get-DnsServerDnsSecZoneSetting -ZoneName "western.contoso.com"

Example 2: Get DNSSEC setting with signing metadata

This command gets the DNS Security Extensions signing metadata for the zone named western.contoso.com. The metadata returned can be imported on a non-key master server to begin signing with enhanced key management for file-backed zones.


PS C:\> Get-DnsServerDnsSecZoneSetting -SigningMetadata -ZoneName western.contoso.com

Example 3: Get DNSSEC settings with signing metadata and key signing key information

This command gets the DNS Security Extensions signing metadata and key signing key information for the zone named western.contoso.com. The metadata returned can be imported on a non-key master server to begin signing with enhanced key management for file-backed zones.


PS C:\> Get-DnsServerDnsSecZoneSetting -SigningMetadata -ZoneName "western.contoso.com" -IncludeKSKMetadata

Related topics

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2015 Microsoft